touch-packages team mailing list archive

Thread
Date

[Bug 242313] Re: TLS_CACERTDIR not supported in gnutls

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Ryan Tandy <242313@xxxxxxxxxxxxxxxxxx>
Date: Tue, 26 May 2015 03:36:40 -0000
Reply-to: Bug 242313 <242313@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

It looks like very recent GnuTLS releases (>= 3.3.6) may have finally
added the API needed to make this possible:

https://www.happyassassin.net/2015/01/12/a-note-about-ssltls-trusted-
certificate-stores-and-platforms/

http://gnutls.org/manual/html_node/X509-certificate-API.html#index-
gnutls_005fx509_005ftrust_005flist_005fadd_005ftrust_005fdir

No idea whether or not it's as simple as it looks, but I'll have a go at
it some time.

** Changed in: gnutls26 (Ubuntu)
       Status: Confirmed => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gnutls26 in Ubuntu.
https://bugs.launchpad.net/bugs/242313

Title:
  TLS_CACERTDIR not supported in gnutls

Status in gnutls26 package in Ubuntu:
  Invalid
Status in openldap package in Ubuntu:
  Triaged

Bug description:
  Binary package hint: libldap-2.4-2

  Description:    Ubuntu 8.04
  Release:        8.04

  libldap-2.4-2:
    Installed: 2.4.7-6ubuntu4.2
    Version table:
   *** 2.4.7-6ubuntu4.2 0
          100 /var/lib/dpkg/status
       2.4.7-6ubuntu3 0
          500 http://be.archive.ubuntu.com hardy/main Packages

  Switching to gnutls for openldap in Hardy introduced a regression by
  breaking the TLS_CACERTDIR option in /etc/ldap/ldap.conf. Unlike
  openssl, gnutls doesn't certficate directories natively.Upgrading a
  secured openldap setup using TLS_CACERTDIR from Gutsy to Hardy breaks
  connections to the openldap server.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/242313/+subscriptions