* Uwe Jans (jans@hs-bremen.de) wrote: > > additional info: A TLS packet with unexpected length was received. > > I have the same Problem. But my Configuration worked on Debian-testing > und an Upgrade to Debian-unstable shows the same error-message. > > I think ist possible the libgnutls.so.10 Lib! [...] > Is there anybody with a working Debian Unstable SLAPD Version > slapd_2.1.26-1? There were some problems with the move from gnutls7 to gnutls10. We're aware of them and are working on them. The current status is that there's a patch in the BTS which fixes the problem (for one person anyway) but regenerates the dsa parameters for every connection (which takes a *long* time). We're working on a way to cache them for a period and then regenerate them. For those who are following the bigger GNU TLS question- I've spoken with the author of the GNU TLS patch for OpenLDAP and he's told me that he's willing to put it under a license compatible w/ what the OpenLDAP people want but wants to get it cleaned up and some of these problems fixed first. A big issue still looming, if anyone happens to have time to look into it, is getting SASL external TLS authentication to work w/ GNU TLS. There's concern that there may be alot of work required to do this writing ASN1 handling code. If anyone has any thoughts on it or interest in tackling this problem please contact me. Thanks, Stephen
Attachment:
signature.asc
Description: Digital signature