[gnutls-devel] isc dhcpd compiled with GNUTLS (Debian)
Mark Pavlichuk
pav5088 at internode.on.net
Wed Feb 12 16:56:48 CET 2014
I am experiencing a bug (in isc-dhcp-server compiled with GNUTLS and
LDAP support on Debian) which prevents TLS encryption between dhcpd
and the LDAP server. I tried the versions in Wheezy and Jessie
ie. 4.2.2 and 4.2.4. The problem is related to parsing the dhcpd.conf
file:
Internet Systems Consortium DHCP Server 4.2.4
Copyright 2004-2012 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
/etc/dhcp/dhcpd.conf line 113: semicolon expected.
ldap-tls-crlfile "/etc/ssl/crl/ssl-cert-local-ca.crl"
^
...
... a snippet from my config follows:
ldap-server "fusion.strategicit.linuxoz.net";
ldap-port 389;
ldap-ssl start_tls;
ldap-tls-reqcert demand;
ldap-tls-ca-file "/etc/ssl/certs/ssl-cert-local-ca.pem";
ldap-tls-crlfile "/etc/ssl/crl/ssl-cert-local-ca.crl";
ldap-tls-cert "/etc/dhcp/pki/dhcpd.pem";
ldap-tls-key "/etc/dhcp/pki/dhcpd.key";
As you can see the semicolon is there. Not sure if this is related to
GNUTLS, but if it is I can provide additional debug output, access to
test VMs and other assistance (limited by the fact I'm no dev) if
required. A report with more output can be found here:
Link to bug : https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=723773
--
Mark Pavlichuk
More information about the Gnutls-devel
mailing list