Your message dated Wed, 16 Nov 2022 01:20:11 +0000 with message-id <E1ov763-0016tp-7a@fasolo.debian.org> and subject line Bug#1024140: Removed package(s) from unstable has caused the Debian Bug report #403212, regarding Trouble with SSL and certificates to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 403212: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=403212 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: Trouble with SSL and certificates
- From: Marco Gaiarin <gaio@sv.lnf.it>
- Date: Fri, 15 Dec 2006 12:55:52 +0100
- Message-id: <20061215115551.GE4119@sv.lnf.it>
Package: libnss-ldap Version: 238-1 Seems i finally track down a trouble that i've on using libnss-ldap/libpam-ldap on sarge. Server are debian sarge, clients debian sarge or ubuntu (same problem spotted). Clients connect to (really, two replicated, but does not matter...) a openldap server via SSL, using an hand-made ROOTCA certificate. In client i've setup on /etc/ldap/ldap.conf (openldap libs configuration file) a simple: TLS_CACERTDIR /etc/ssl/certs and copied the hand-made root CA to /etc/ssl/certs, doing a c_rehash. If /etc/ssl/certs contains only mine rootca, or some few (2-3) one, seems that there's no trouble at all. But if i install the package ca-certificates, populating /etc/ssl/certs with many certificates, the system simply 'hung' at 100% cpu load for every simple account or password access, eg a simple 'getent passwd' choke completely the system for 4-5 minutes, and a Intel Pentium D!!! Booting (or shutting down) the box in this setup could take half an hour!!! Seems that libnss-ldap/libpam-ldap or openldap lib spend a heavy bounch of CPU cycle 'enumerating' (in some way) the certificates. Clearly if i set in /etc/ldap/ldap.conf: TLS_CACERT /etc/ssl/certs/MyROOTCA.pem (eg, i force the certificate to use) problem desappear, but this is far than optimal, because in general openldap library domain could be that i need access some other servers, with a proper CA certs... The strange thing, and so the bugreport, is that if i explicitly set the certificate of the CA in libnss-ldap.conf/pam_ldap.conf with: tls_cacertfile /etc/ssl/certs/MyROOTCA.pem this value are totaly ignored, so i cannot define 'general' certificate dirs for openldap library (with CACERTDIR in ldap.conf) and specific certificate for libnss/libpam-ldap (in libnss-ldap.conf/pam_ldap.conf). libnss-ldap/libpam-ldap are not 'strangely' configured, only debconf and then manually edited to remove host instance and enable uri instance as: uri ldaps://server1.dom.name/ ldaps://server2.dom.name/ i've tried with only one server, nothing changed. It is some month, if not years, that i 'turn around' this bugs, i hope only i'm not missing something... -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.sv.lnf.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)sv.lnf.it tel +39-0434-842711 fax +39-0434-842797
--- End Message ---
--- Begin Message ---
- To: 118607-done@bugs.debian.org,122794-done@bugs.debian.org,143496-done@bugs.debian.org,206948-done@bugs.debian.org,218958-done@bugs.debian.org,267548-done@bugs.debian.org,273059-done@bugs.debian.org,281146-done@bugs.debian.org,332601-done@bugs.debian.org,375069-done@bugs.debian.org,376277-done@bugs.debian.org,380078-done@bugs.debian.org,387467-done@bugs.debian.org,391785-done@bugs.debian.org,393513-done@bugs.debian.org,396171-done@bugs.debian.org,403212-done@bugs.debian.org,408450-done@bugs.debian.org,409342-done@bugs.debian.org,415576-done@bugs.debian.org,416664-done@bugs.debian.org,419519-done@bugs.debian.org,429819-done@bugs.debian.org,432537-done@bugs.debian.org,441458-done@bugs.debian.org,454556-done@bugs.debian.org,455907-done@bugs.debian.org,457200-done@bugs.debian.org,458138-done@bugs.debian.org,465185-done@bugs.debian.org,468409-done@bugs.debian.org,470288-done@bugs.debian.org,490869-done@bugs.debian.org,495761-done@bugs.debian.org,499798-done@bugs.debian.org,500479-done@bu gs.debian.org,505129-done@bugs.debian.org,513301-done@bugs.debian.org,536729-done@bugs.debian.org,543519-done@bugs.debian.org,553339-done@bugs.debian.org,567904-done@bugs.debian.org,572524-done@bugs.debian.org,586688-done@bugs.debian.org,628814-done@bugs.debian.org,732077-done@bugs.debian.org,748341-done@bugs.debian.org,783159-done@bugs.debian.org,1017430-done@bugs.debian.org,699114-done@bugs.debian.org,
- Cc: libnss-ldap@packages.debian.org
- Subject: Bug#1024140: Removed package(s) from unstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Wed, 16 Nov 2022 01:20:11 +0000
- Message-id: <E1ov763-0016tp-7a@fasolo.debian.org>
Version: 265-6+rm Dear submitter, as the package libnss-ldap has just been removed from the Debian archive unstable we hereby close the associated bug reports. We are sorry that we couldn't deal with your issue properly. For details on the removal, please see https://bugs.debian.org/1024140 The version of this package that was in Debian prior to this removal can still be found using http://snapshot.debian.org/. Please note that the changes have been done on the master archive and will not propagate to any mirrors until the next dinstall run at the earliest. This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org. Debian distribution maintenance software pp. Scott Kitterman (the ftpmaster behind the curtain)
--- End Message ---