[gnutls-devel] isc dhcpd compiled with GNUTLS (Debian)

Mark Pavlichuk pav5088 at internode.on.net
Tue Feb 18 15:49:44 CET 2014

On 13/02/14 18:05, Nikos Mavrogiannopoulos wrote:
> On Wed, Feb 12, 2014 at 4:56 PM, Mark Pavlichuk
> <pav5088 at internode.on.net> wrote:
>> I am experiencing a bug (in isc-dhcp-server compiled with GNUTLS and
>> LDAP support on Debian) which prevents TLS encryption between dhcpd
>> and the LDAP server.  I tried the versions in Wheezy and Jessie
>> ie. 4.2.2 and 4.2.4. The problem is related to parsing the dhcpd.conf
>> file:
>> Internet Systems Consortium DHCP Server 4.2.4
>> Copyright 2004-2012 Internet Systems Consortium.
>> All rights reserved.
>> For info, please visit https://www.isc.org/software/dhcp/
>> /etc/dhcp/dhcpd.conf line 113: semicolon expected.
>> ldap-tls-crlfile "/etc/ssl/crl/ssl-cert-local-ca.crl"
>>                    ^
> Hello Mark,
>   Gnutls doesn't parse files, it is simply the back-end for SSL or
> crypto. You'd better report the issue to the appropriate software that
> has the bug.
> regards,
> Nikos

   The problem seemed to be from mixing libraries (openssl /w GnuTLS) 
ie. the isc-dhcpd-ldap server code requires openssl, and the OpenLDAP 
libraries are compiled against GnuTLS.  I got further by using 
openssl-formatted config options, but then dhcpd crashed calling a 
GnuTLS function.  Detailed info is here: 
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=723773 .

   I don't know enough to rewrite isc-dhcpd-ldap for GnuTLS, but I see 
there's a GNU/openssl compatibility layer...  should I be using this?  
Is mixing libraries even a problem?  The reason I'm asking here is the 
code is rather unloved, and my bug report is three months old with no 
upstream response.

Mark Pavlichuk

More information about the Gnutls-devel mailing list