← Back to team overview

touch-packages team mailing list archive

[Bug 1534230] Re: LDAP TLS connection stopped working

 

Here you have. See below.

It doesn't look it's using MD5...


 $ openssl s_client -connect data.xxx.xxx:636
CONNECTED(00000003)
depth=1 CN = XXX XXXX, ST = Tennessee, C = US, emailAddress = traterjr@xxxxxxxx, O = XXX XXXX root Certification Authority
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
 0 s:/CN=data.xxx.xxx/ST=Tennessee/C=US/emailAddress=traterjr@xxxxxxxx/O=X X X/OU=XXX LDAP
   i:/CN=XXX XXXX/ST=Tennessee/C=US/emailAddress=traterjr@xxxxxxxx/O=XXX XXXX root Certification Authority
 1 s:/CN=XXX XXXX/ST=Tennessee/C=US/emailAddress=traterjr@xxxxxxxx/O=XXX XXXX root Certification Authority
   i:/CN=XXX XXXX/ST=Tennessee/C=US/emailAddress=traterjr@xxxxxxxx/O=XXX XXXX root Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
(.................)
-----END CERTIFICATE-----
subject=/CN=data.xxx.xxx/ST=Tennessee/C=US/emailAddress=traterjr@xxxxxxxx/O=Oak Ridge National Laboratory/OU=XXX XXXX
issuer=/CN=XXX XXXX/ST=Tennessee/C=US/emailAddress=traterjr@xxxxxxxx/O=XXX XXXX root Certification Authority
---
No client certificate CA names sent
---
SSL handshake has read 2119 bytes and written 445 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-SHA
    Session-ID: XXX
    Session-ID-ctx: 
    Master-Key: XXX
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1452801113
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
---

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gnutls26 in Ubuntu.
https://bugs.launchpad.net/bugs/1534230

Title:
  LDAP TLS connection stopped working

Status in gnutls26 package in Ubuntu:
  Incomplete

Bug description:
  My LDAP authentication stopped working with the error: "The signature
  algorithm is not supported"

  This is GNUTLS Error code: -106
  GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM

  LDAP search reproduces it:

  $ ldapsearch -H ldaps://xxx.xxx.gov/ -b "OU=xxx" -x -d1
  ldap_url_parse_ext(ldaps://xxx.xxx.gov/)
  ldap_create
  ldap_url_parse_ext(ldaps://xxx.xxx.gov:636/??base)
  ldap_sasl_bind
  ldap_send_initial_request
  ldap_new_connection 1 1 0
  ldap_int_open_connection
  ldap_connect_to_host: TCP xxx.xxx.gov:636
  ldap_new_socket: 3
  ldap_prepare_socket: 3
  ldap_connect_to_host: Trying 128.219.164.41:636
  ldap_pvt_connect: fd: 3 tm: -1 async: 0
  TLS: can't connect: The signature algorithm is not supported..
  ldap_err2string
  ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

  It looks like the SHA1 support was removed from gnutls26...

  Other packages:
  ldap-utils:
  Version: 2.4.31-1+nmu2ubuntu8.2

  libsasl2-2:
  Version: 2.1.25.dfsg1-17build1

  libldap-2.4-2:
  Version: 2.4.31-1+nmu2ubuntu8.2

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: libgnutls26 2.12.23-12ubuntu2.4
  ProcVersionSignature: Ubuntu 3.13.0-75.119-generic 3.13.11-ckt32
  Uname: Linux 3.13.0-75-generic x86_64
  NonfreeKernelModules: fglrx
  ApportVersion: 2.14.1-0ubuntu3.19
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Thu Jan 14 11:38:36 2016
  InstallationDate: Installed on 2014-10-08 (462 days ago)
  InstallationMedia: Ubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.2)
  SourcePackage: gnutls26
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1534230/+subscriptions


References