Dear Sebastian, Thanks for your quick reply!
Adding "-d -1", the output informs that "TLS: peer cert is untrusted or revoked (0x42)", even though the certificate is not self-signed and hasn't expired. We've since found out that installing libldap-common resolves our issue, as others (https://github.com/wheelybird/ldap-user-manager/issues/172 and https://github.com/docker-mailserver/docker-mailserver/issues/2340) found out. This package is installed by default on buster (even before installing any ldap-related packages), but not on bullseye. Perhaps it might make sense to add libldap-common as a dependency for other packages like libnss-ldap, pam_ldap or ldap-utils on bullseye? Either way, our issue is resolved, and I'll leave that decision to you. Kind regards, Jonathan -----Original Message----- From: Sebastian Andrzej Siewior <sebast...@breakpoint.cc> Sent: 04 January 2023 10:55 To: Jonathan <i...@sintjansbrug.nl>; 1027...@bugs.debian.org Subject: [ITB] Re: Bug#1027830: openssl: starttls fails on our LDAP server on bullseye, but it works on buster On 2023-01-03 20:21:57 [+0000], Jonathan wrote: > Package: openssl > * What led up to the situation? > > After trying to update to bullseye, connecting to our LDAP server no longer > works, both with pam_ldap package as well as using ldapsearch from ldap-utils. What happens with if you add "-d -1" to ldapsearch? Sebastian