Bug#926933: fetch-ldap-cert fails against LDAP cert on jessie tjener

To: submit@bugs.debian.org
Subject: Bug#926933: fetch-ldap-cert fails against LDAP cert on jessie tjener
From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date: Fri, 12 Apr 2019 11:52:25 +0000
Message-id: <[🔎] 20190412115225.Horde.jqVedgL9qcieQU2h44tIlbQ@mail.das-netzwerkteam.de>
Reply-to: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>, 926933@bugs.debian.org

Package: debian-edu-config
Version: 2.10.64
Severity: important

I just tested a Debian Edu 10 installation against a Debian Edu 8TJENER. The LDAP certificate on the jessie TJENER had been createdwrongly (subject: CN=localhost, issuer: CN=localhost).

The new gnutls-cli implemenation in fetch-ldap-cert now chokes on thatwith this error:

```

gnutls-cli --x509cafile /etc/ssl/certs/debian-edu-bundle.crt--save-cert=/etc/ssl/certs/debian-edu-server.crt.new ldap.intern


[...]

Status: The certificate is NOT trusted. The certificate issuer isunknown. The name in the certificate does not match the expected.

```

This probably needs to be addressed by documentation.

Mike
--

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

Attachment: pgpZpngmeeTW7.pgp
Description: Digitale PGP-Signatur

Reply to:

Follow-Ups:
- Bug#926933: fetch-ldap-cert fails against LDAP cert on jessie tjener
  - From: Wolfgang Schweer <w.schweer@gmx.de>

Prev by Date: Re: [RFR] Debian Edu / Skolelinux homepage
Next by Date: Re: Debian Edu Buster manual: another round of translation updates
Previous by thread: Re: [RFR] Debian Edu / Skolelinux homepage
Next by thread: Bug#926933: fetch-ldap-cert fails against LDAP cert on jessie tjener
Index(es):
- Date
- Thread