Public bug reported:

Binary package hint: libldap2

After upgrading from self created certificates to an official certificate 
(chained - root CA: GTE CyberTrust - signing CA: Cybertrust Edu)
our PHP Ldap apps did not work anymore, but ldapsearch and other ldap-utils had 
no problems with the new certificate.

php ldaps://.. binding failed - without ssl/tls all worked like before.

Turning on debugging reveals that there's a problem with verifying the
certificate - but what problem -- Unknown error ??

TLS certificate verification: depth: 0, err: 66, subject:  issuer: 
C=BE,O=Cybertrust,OU=Educational CA,CN=Cybertrust Educational CA,
[error] [client ] TLS certificate verification: Error, Unknown error, referer:
[error] [client ] TLS: can't connect., referer:

After some days trying to find the problem, I found a posting in an openldap 
maillist from someone with the same problem:
http://www.openldap.org/lists/openldap-bugs/200411/msg00001.html

The reason was the too old libldap version 2.1.30:
http://www.openldap.org/lists/openldap-bugs/200411/msg00015.html

So I created new dapper packages for openldap2.3-2.3.27 and enabled the
building of the libldap2.3-dev package.

I rebuilt apache2 and php5  against this libldap2.3-dev and the resulting 
php5-ldap package works again with ldaps and our
new certificate.

Is there any chance to get rid of this "prehistoric" 2.1.30 version and
build Ubuntu against a working supported version ?

Thanks,
Gerald

** Affects: openldap2 (Ubuntu)
     Importance: Untriaged
         Status: Unconfirmed

-- 
php5-ldap fails with official (chained) certificate
https://launchpad.net/bugs/58487

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to