Peter Marschall wrote:
Hi,
On Wednesday, 8. February 2012, Quanah Gibson-Mount wrote:
I would also generally advise using something more secure than GnuTLS, such as OpenSSL, to link OpenLDAP to.
Quanah, as you refer to GnuTLS being buggy, can you give a reference?
This is the most recent example I can recall, there are plenty of others.
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/423252
Stuff like this has bearing on the other recent email thread here
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514807
That bug has over 200 comments on it; this one is directly relevant to our topic:
http://groups.google.com/group/linux.debian.bugs.dist/msg/8fec96a62571d6e9?p...
We hit that here
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5991
and also ITS#5992
GnuTLS is not simply *buggy* - it is poorly designed, and the design choices they've made continue to (and will continue to) cause usability issues indefinitely.