Comment 19 for bug 305264

So, I'm a bit confused with the upstream discussion that happened around this bug and some proposed patches.

It seems that CAs self-signed with RSA-MD2 are "bad" and not supported, or something like that. I checked Ian's certificate chain and the last CA in the chain uses RSA-MD5 from what I could tell, so that doesn't seem to be the problem.

Maybe it's a specific bad interaction the openldap libraries have with this new gnutls version.

Ian, did the openldap server also get upgraded with this gnutls package?