Update to libgnutls26-2.12.23-12ubuntu2.5 broke ldapsearch and Apache Directory Studio for me in particular. Whatever the previous version was worked fine. Now, when trying to connect via TLS or SSL to our ldap server, I get the following with gnutls-cli:
# gnutls-cli --print-cert -p 636 192.168.125.187 Connecting to '192.168.125.187:636'... *** Fatal error: A TLS packet with unexpected length was received. *** Handshake has failed GnuTLS error: A TLS packet with unexpected length was received. But, works fine with openssl: # openssl s_client -connect 192.168.125.187:636 -CApath /etc/ssl/certs/ CONNECTED(00000003) depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root verify return:1 depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority verify return:1 depth=1 C = US, ST = MI, L = Ann Arbor, O = Internet2, OU = InCommon, CN = InCommon RSA Server CA verify return:1 depth=0 C = US, postalCode = MyZip, ST = GA, L = MyTown, street = MyStreetAddress, O = MyOrg, CN = 192.168.125.187 verify return:1 --- Certificate chain 0 s:/C=US/postalCode=MyZip/ST=MyState/L=MyTown/street=MyStreetAddress/O=MyOrg/CN=192.168.125.187 i:/C=US/ST=MI/L=Ann Arbor/O=Internet2/OU=InCommon/CN=InCommon RSA Server CA 1 s:/C=US/ST=MI/L=Ann Arbor/O=Internet2/OU=InCommon/CN=InCommon RSA Server CA i:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority 2 s:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root --- Server certificate -----BEGIN CERTIFICATE----- MIIHIDCCBgigAwIBAgIQeJi0ZL9m+H676krkb1nDDDANBgkqhkiG9w0BAQsFADB2 MQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUkxEjAQBgNVBAcTCUFubiBBcmJvcjES MBAGA1UEChMJSW50ZXJuZXQyMREwDwYDVQQLEwhJbkNvbW1vbjEfMB0GA1UEAxMW SW5Db21tb24gUlNBIFNlcnZlciBDQTAeFw0xNTAyMDMwMDAwMDBaFw0xODAyMDIy MzU5NTlaMIGaMQswCQYDVQQGEwJVUzEOMAwGA1UEERMFMzAzMjIxCzAJBgNVBAgT AkdBMRAwDgYDVQQHEwdBdGxhbnRhMR0wGwYDVQQJExQxNzg0IE4gRGVjYXR1ciBS ZCBORTEZMBcGA1UEChMQRW1vcnkgVW5pdmVyc2l0eTEiMCAGA1UEAxMZbGRzYXV0 aC5zZXJ2aWNlLmVtb3J5LmVkdTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAM1fBQTBn8MuVC07NkkR5nvQppHUOk7l8KOu0MFCnyTaQFE0lOC7k4cGcsHS 0LmKFPwDaMUsGs23ER5+TfBa9JRLfKVbgvF7Uqt3X9CwGnTJvLjest59mWd4oGZm vKBPcV3WwkAGgC2UJKUcYrQXLp5yTAjlBhgmoz5ZKa2fIRS1jPWDI5Pn9yzssw5j OIwuoHo68jocpz8sSIN3gQ6gIM+5rIs1rgJ/SVS40sRrtBAneP3Qnr6MF3DQrSYP 8TbkCAEjf4xYqVa5f3Oy8NdC2v4Jk7VVTDoiNDpEzFbLzoCI0NpYvZKWPx3l3xr/ jZoYM+Mi+rviCqW8M88KpxBoTf0CAwEAAaOCA4MwggN/MB8GA1UdIwQYMBaAFB4F o3ePbJbiW4dLprSGrHEADOc4MB0GA1UdDgQWBBSJE3N+JO9Yhb3bxPnUC90OhJy0 xjAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEF BQcDAQYIKwYBBQUHAwIwZwYDVR0gBGAwXjBSBgwrBgEEAa4jAQQDAQEwQjBABggr BgEFBQcCARY0aHR0cHM6Ly93d3cuaW5jb21tb24ub3JnL2NlcnQvcmVwb3NpdG9y eS9jcHNfc3NsLnBkZjAIBgZngQwBAgIwRAYDVR0fBD0wOzA5oDegNYYzaHR0cDov L2NybC5pbmNvbW1vbi1yc2Eub3JnL0luQ29tbW9uUlNBU2VydmVyQ0EuY3JsMHUG CCsGAQUFBwEBBGkwZzA+BggrBgEFBQcwAoYyaHR0cDovL2NydC51c2VydHJ1c3Qu Y29tL0luQ29tbW9uUlNBU2VydmVyQ0FfMi5jcnQwJQYIKwYBBQUHMAGGGWh0dHA6 Ly9vY3NwLnVzZXJ0cnVzdC5jb20wggHYBgNVHREEggHPMIIBy4IZbGRzYXV0aC5z ZXJ2aWNlLmVtb3J5LmVkdYIZbGRzYXV0aHByb2QxLmNjLmVtb3J5LmVkdYIZbGRz YXV0aHByb2QxLmV1LmVtb3J5LmVkdYIZbGRzYXV0aHByb2QyLmNjLmVtb3J5LmVk dYIZbGRzYXV0aHByb2QyLmV1LmVtb3J5LmVkdYIZbGRzYXV0aHByb2QzLmNjLmVt b3J5LmVkdYIZbGRzYXV0aHByb2QzLmV1LmVtb3J5LmVkdYIZbGRzYXV0aHByb2Q0 LmNjLmVtb3J5LmVkdYIZbGRzYXV0aHByb2Q0LmV1LmVtb3J5LmVkdYIZbGRzYXV0 aHByb2Q1LmNjLmVtb3J5LmVkdYIZbGRzYXV0aHByb2Q1LmV1LmVtb3J5LmVkdYIZ bGRzYXV0aHByb2Q2LmNjLmVtb3J5LmVkdYIZbGRzYXV0aHByb2Q2LmV1LmVtb3J5 LmVkdYIZbGRzYXV0aHByb2Q3LmNjLmVtb3J5LmVkdYIZbGRzYXV0aHByb2Q3LmV1 LmVtb3J5LmVkdYIZbGRzYXV0aHByb2Q4LmNjLmVtb3J5LmVkdYIZbGRzYXV0aHBy b2Q4LmV1LmVtb3J5LmVkdTANBgkqhkiG9w0BAQsFAAOCAQEAYP3rmVUa7lz+aT1Z qYNw+08WiM6zLJDTlDAH6bfMOifqOg42rNL4QiiAaldCSkvCjqS5nUwOyLjy3Mr1 1/77dJsuDxtUE7brhLyCRrktsQ4aytTrbTowPhJzOFKZaYZ0Bq/Im31N2IluGVRu C1sqHsSCsYhv/qcxJkwXDA4/luH21Uc55RJvr2AcZ09qddo1UOMVpSfAM6fBooB+ 0T0bOFoYXXpc7dGS6Ffwos2T9+LkFlPCBHWD7vPoLzywSbDK2mJVCWjELowVwX50 pKsD/8qFB22FZe3arjFRb17hkJERDyFrcrbUv84WAeM9gisskoloMORNWMc6BOFZ +DSClw== -----END CERTIFICATE----- subject=/C=US/postalCode=MyZip/ST=MyState/L=MyTown/street=MyStreetAddress/O=MyOrg/CN=192.168.125.187 issuer=/C=US/ST=MI/L=Ann Arbor/O=Internet2/OU=InCommon/CN=InCommon RSA Server CA --- No client certificate CA names sent --- SSL handshake has read 5340 bytes and written 489 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-SHA384 Session-ID: 9D3700003CBC5A44A8B0869C88E432ABD6DFAAEF4EC8268126E4DC6E8398E93B Session-ID-ctx: Master-Key: 34CD7A397FB10369831C94F74B048DF1CDE325B4207F15D0354F2487E2E7B697E477ACCA7D0214F98207820A1A4E5D30 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1457420252 Timeout : 300 (sec) Verify return code: 0 (ok) --- -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1444656 Title: GnuTLS TLS 1.2 handshake failure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1444656/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs