[gnutls-devel] isc dhcpd compiled with GNUTLS (Debian)

Mark Pavlichuk pav5088 at internode.on.net
Wed Feb 12 16:56:48 CET 2014

I am experiencing a bug (in isc-dhcp-server compiled with GNUTLS and
LDAP support on Debian) which prevents TLS encryption between dhcpd
and the LDAP server.  I tried the versions in Wheezy and Jessie
ie. 4.2.2 and 4.2.4. The problem is related to parsing the dhcpd.conf

Internet Systems Consortium DHCP Server 4.2.4
Copyright 2004-2012 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
/etc/dhcp/dhcpd.conf line 113: semicolon expected.
ldap-tls-crlfile "/etc/ssl/crl/ssl-cert-local-ca.crl"
... a snippet from my config follows:

ldap-server "fusion.strategicit.linuxoz.net";
ldap-port 389;
ldap-ssl start_tls;
ldap-tls-reqcert demand;
ldap-tls-ca-file "/etc/ssl/certs/ssl-cert-local-ca.pem";
ldap-tls-crlfile "/etc/ssl/crl/ssl-cert-local-ca.crl";
ldap-tls-cert "/etc/dhcp/pki/dhcpd.pem";
ldap-tls-key "/etc/dhcp/pki/dhcpd.key";

   As you can see the semicolon is there.  Not sure if this is related to
GNUTLS, but if it is I can provide additional debug output, access to
test VMs and other assistance (limited by the fact I'm no dev) if
required.  A report with more output can be found here:

Link to bug : https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=723773

Mark Pavlichuk

More information about the Gnutls-devel mailing list