Comment 7 for bug 1444656

Update to libgnutls26-2.12.23-12ubuntu2.5 broke ldapsearch and Apache Directory Studio for me in particular. Whatever the previous version was worked fine. Now, when trying to connect via TLS or SSL to our ldap server, I get the following with gnutls-cli:

# gnutls-cli --print-cert -p 636 192.168.125.187
Connecting to '192.168.125.187:636'...
*** Fatal error: A TLS packet with unexpected length was received.
*** Handshake has failed
GnuTLS error: A TLS packet with unexpected length was received.

But, works fine with openssl:

# openssl s_client -connect 192.168.125.187:636 -CApath /etc/ssl/certs/
CONNECTED(00000003)
depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
verify return:1
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
verify return:1
depth=1 C = US, ST = MI, L = Ann Arbor, O = Internet2, OU = InCommon, CN = InCommon RSA Server CA
verify return:1
depth=0 C = US, postalCode = MyZip, ST = GA, L = MyTown, street = MyStreetAddress, O = MyOrg, CN = 192.168.125.187
verify return:1
---
Certificate chain
 0 s:/C=US/postalCode=MyZip/ST=MyState/L=MyTown/street=MyStreetAddress/O=MyOrg/CN=192.168.125.187
   i:/C=US/ST=MI/L=Ann Arbor/O=Internet2/OU=InCommon/CN=InCommon RSA Server CA
 1 s:/C=US/ST=MI/L=Ann Arbor/O=Internet2/OU=InCommon/CN=InCommon RSA Server CA
   i:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
 2 s:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHIDCCBgigAwIBAgIQeJi0ZL9m+H676krkb1nDDDANBgkqhkiG9w0BAQsFADB2
MQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUkxEjAQBgNVBAcTCUFubiBBcmJvcjES
MBAGA1UEChMJSW50ZXJuZXQyMREwDwYDVQQLEwhJbkNvbW1vbjEfMB0GA1UEAxMW
SW5Db21tb24gUlNBIFNlcnZlciBDQTAeFw0xNTAyMDMwMDAwMDBaFw0xODAyMDIy
MzU5NTlaMIGaMQswCQYDVQQGEwJVUzEOMAwGA1UEERMFMzAzMjIxCzAJBgNVBAgT
AkdBMRAwDgYDVQQHEwdBdGxhbnRhMR0wGwYDVQQJExQxNzg0IE4gRGVjYXR1ciBS
ZCBORTEZMBcGA1UEChMQRW1vcnkgVW5pdmVyc2l0eTEiMCAGA1UEAxMZbGRzYXV0
aC5zZXJ2aWNlLmVtb3J5LmVkdTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM1fBQTBn8MuVC07NkkR5nvQppHUOk7l8KOu0MFCnyTaQFE0lOC7k4cGcsHS
0LmKFPwDaMUsGs23ER5+TfBa9JRLfKVbgvF7Uqt3X9CwGnTJvLjest59mWd4oGZm
vKBPcV3WwkAGgC2UJKUcYrQXLp5yTAjlBhgmoz5ZKa2fIRS1jPWDI5Pn9yzssw5j
OIwuoHo68jocpz8sSIN3gQ6gIM+5rIs1rgJ/SVS40sRrtBAneP3Qnr6MF3DQrSYP
8TbkCAEjf4xYqVa5f3Oy8NdC2v4Jk7VVTDoiNDpEzFbLzoCI0NpYvZKWPx3l3xr/
jZoYM+Mi+rviCqW8M88KpxBoTf0CAwEAAaOCA4MwggN/MB8GA1UdIwQYMBaAFB4F
o3ePbJbiW4dLprSGrHEADOc4MB0GA1UdDgQWBBSJE3N+JO9Yhb3bxPnUC90OhJy0
xjAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwZwYDVR0gBGAwXjBSBgwrBgEEAa4jAQQDAQEwQjBABggr
BgEFBQcCARY0aHR0cHM6Ly93d3cuaW5jb21tb24ub3JnL2NlcnQvcmVwb3NpdG9y
eS9jcHNfc3NsLnBkZjAIBgZngQwBAgIwRAYDVR0fBD0wOzA5oDegNYYzaHR0cDov
L2NybC5pbmNvbW1vbi1yc2Eub3JnL0luQ29tbW9uUlNBU2VydmVyQ0EuY3JsMHUG
CCsGAQUFBwEBBGkwZzA+BggrBgEFBQcwAoYyaHR0cDovL2NydC51c2VydHJ1c3Qu
Y29tL0luQ29tbW9uUlNBU2VydmVyQ0FfMi5jcnQwJQYIKwYBBQUHMAGGGWh0dHA6
Ly9vY3NwLnVzZXJ0cnVzdC5jb20wggHYBgNVHREEggHPMIIBy4IZbGRzYXV0aC5z
ZXJ2aWNlLmVtb3J5LmVkdYIZbGRzYXV0aHByb2QxLmNjLmVtb3J5LmVkdYIZbGRz
YXV0aHByb2QxLmV1LmVtb3J5LmVkdYIZbGRzYXV0aHByb2QyLmNjLmVtb3J5LmVk
dYIZbGRzYXV0aHByb2QyLmV1LmVtb3J5LmVkdYIZbGRzYXV0aHByb2QzLmNjLmVt
b3J5LmVkdYIZbGRzYXV0aHByb2QzLmV1LmVtb3J5LmVkdYIZbGRzYXV0aHByb2Q0
LmNjLmVtb3J5LmVkdYIZbGRzYXV0aHByb2Q0LmV1LmVtb3J5LmVkdYIZbGRzYXV0
aHByb2Q1LmNjLmVtb3J5LmVkdYIZbGRzYXV0aHByb2Q1LmV1LmVtb3J5LmVkdYIZ
bGRzYXV0aHByb2Q2LmNjLmVtb3J5LmVkdYIZbGRzYXV0aHByb2Q2LmV1LmVtb3J5
LmVkdYIZbGRzYXV0aHByb2Q3LmNjLmVtb3J5LmVkdYIZbGRzYXV0aHByb2Q3LmV1
LmVtb3J5LmVkdYIZbGRzYXV0aHByb2Q4LmNjLmVtb3J5LmVkdYIZbGRzYXV0aHBy
b2Q4LmV1LmVtb3J5LmVkdTANBgkqhkiG9w0BAQsFAAOCAQEAYP3rmVUa7lz+aT1Z
qYNw+08WiM6zLJDTlDAH6bfMOifqOg42rNL4QiiAaldCSkvCjqS5nUwOyLjy3Mr1
1/77dJsuDxtUE7brhLyCRrktsQ4aytTrbTowPhJzOFKZaYZ0Bq/Im31N2IluGVRu
C1sqHsSCsYhv/qcxJkwXDA4/luH21Uc55RJvr2AcZ09qddo1UOMVpSfAM6fBooB+
0T0bOFoYXXpc7dGS6Ffwos2T9+LkFlPCBHWD7vPoLzywSbDK2mJVCWjELowVwX50
pKsD/8qFB22FZe3arjFRb17hkJERDyFrcrbUv84WAeM9gisskoloMORNWMc6BOFZ
+DSClw==
-----END CERTIFICATE-----
subject=/C=US/postalCode=MyZip/ST=MyState/L=MyTown/street=MyStreetAddress/O=MyOrg/CN=192.168.125.187
issuer=/C=US/ST=MI/L=Ann Arbor/O=Internet2/OU=InCommon/CN=InCommon RSA Server CA
---
No client certificate CA names sent
---
SSL handshake has read 5340 bytes and written 489 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol : TLSv1.2
    Cipher : ECDHE-RSA-AES256-SHA384
    Session-ID: 9D3700003CBC5A44A8B0869C88E432ABD6DFAAEF4EC8268126E4DC6E8398E93B
    Session-ID-ctx:
    Master-Key: 34CD7A397FB10369831C94F74B048DF1CDE325B4207F15D0354F2487E2E7B697E477ACCA7D0214F98207820A1A4E5D30
    Key-Arg : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1457420252
    Timeout : 300 (sec)
    Verify return code: 0 (ok)
---