LDAPS doesn't work anymore since update 1.25.x...

[Aurely9n]

Description

Hi,

I'm struggling with the new versions of GITEA and LDAPS configuration.
I managed update gitea from 1.24.7 to 1.25.0 (or newly 1.25.1) and both of new versions can't work with LDAPS activate.
Here is the only error i get in my log :

../ldap/source_search.go:269:realSearchEntry() [E] LDAP Connect error, [ldap_server]:LDAP Result Code 200 "Network Error": read tcp [my_gitea_server_host]:[my_gitea_server_port]->[ldap_server]:636: read: connection reset by peer

I haven't change anything on my gitea server nor ldap server. I updated only my binary from 1.24.7 to 1.25.x and restart the service (as usual).

Restore to previous version (1.24.x) work like a charm. But it is impossible to login with ldaps under 1.25.x version. Switch to LDAP only (port 389) work with all versions (1.24.x, 1.25.x)

Here is the base settings :

• Security protocol : LDAPS
• port: 636
• Don't verify TLS : checked

Gitea Version

1.25.x (LDAPS ko)

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

1.24.7 (working)

Operating System

Debian 12

How are you running Gitea?

I'm running the binary version of gitea with HAPROXY on front from remote server.

Database

None

[wxiaoguang]

I also use Gitea with LDAPS, not able to reproduce.

According to the error "read: connection reset by peer", it seems to be a network problems, or incorrect configuration (mistmatched protocol)

Can you provide more details? For example: what the protocol (tcpdump) on the port 636?

[wxiaoguang]

Restore to previous version (1.24.x) work like a charm. But it is impossible to login with ldaps under 1.25.x version. Switch to LDAP only (port 389) work with all versions (1.24.x, 1.25.x)

Can you check whether your TLS cert is valid? Or affected by Golang's bug like crypto/x509: TLS validation fails for FQDNs with trailing dot [1.25 backport] #75861 ?