touch-packages team mailing list archive

Thread
Date

[Bug 1534230] Re: LDAP TLS connection stopped working

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>
Date: Thu, 14 Jan 2016 22:23:58 -0000
Reply-to: Bug 1534230 <1534230@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Yep, unfortunately those are signed with md5, so it's normal that gnutls
will no longer connect.

You need to request those certs be changed, and use the older version of
gnutls26 in the meantime.

Since this is expected behaviour, I am closing this bug. Thanks!

** Changed in: gnutls26 (Ubuntu)
       Status: Incomplete => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gnutls26 in Ubuntu.
https://bugs.launchpad.net/bugs/1534230

Title:
  LDAP TLS connection stopped working

Status in gnutls26 package in Ubuntu:
  Invalid

Bug description:
  My LDAP authentication stopped working with the error: "The signature
  algorithm is not supported"

  This is GNUTLS Error code: -106
  GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM

  LDAP search reproduces it:

  $ ldapsearch -H ldaps://xxx.xxx.gov/ -b "OU=xxx" -x -d1
  ldap_url_parse_ext(ldaps://xxx.xxx.gov/)
  ldap_create
  ldap_url_parse_ext(ldaps://xxx.xxx.gov:636/??base)
  ldap_sasl_bind
  ldap_send_initial_request
  ldap_new_connection 1 1 0
  ldap_int_open_connection
  ldap_connect_to_host: TCP xxx.xxx.gov:636
  ldap_new_socket: 3
  ldap_prepare_socket: 3
  ldap_connect_to_host: Trying 128.219.164.41:636
  ldap_pvt_connect: fd: 3 tm: -1 async: 0
  TLS: can't connect: The signature algorithm is not supported..
  ldap_err2string
  ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

  It looks like the SHA1 support was removed from gnutls26...

  Other packages:
  ldap-utils:
  Version: 2.4.31-1+nmu2ubuntu8.2

  libsasl2-2:
  Version: 2.1.25.dfsg1-17build1

  libldap-2.4-2:
  Version: 2.4.31-1+nmu2ubuntu8.2

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: libgnutls26 2.12.23-12ubuntu2.4
  ProcVersionSignature: Ubuntu 3.13.0-75.119-generic 3.13.11-ckt32
  Uname: Linux 3.13.0-75-generic x86_64
  NonfreeKernelModules: fglrx
  ApportVersion: 2.14.1-0ubuntu3.19
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Thu Jan 14 11:38:36 2016
  InstallationDate: Installed on 2014-10-08 (462 days ago)
  InstallationMedia: Ubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.2)
  SourcePackage: gnutls26
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1534230/+subscriptions

References

[Bug 1534230] [NEW] LDAP TLS connection stopped working
From: ricleal@xxxxxxxxx, 2016-01-14