Bug#297174: exim4+libgnutls11: TLS error (gnutls_handshake)

Andreas Metzler Andreas Metzler <ametzler@downhill.at.eu.org>, 297174@bugs.debian.org
Sun, 6 Mar 2005 16:55:54 +0100


On 2005-02-27 Michael Biebl <biebl@teco.edu> wrote:
[...]
> If I now try to connect/authenticate with a MUA like Thunderbird I get
> an error on every second connection attempt. The corresponding log
> entries looks like this:
> 2005-02-27 18:26:42 TLS error on connection from
> dialin-212-144-131-181.arcor-ip.net [212.144.131.181]
> (gnutls_handshake): A TLS fatal alert has been received.
[...]
> As a workaround I recompiled exim4 and linked it against libgnutls10 and
> the errors were gone.
[...]
> What can I do to solve this problme? Linking against the old gnutls lib
> doesn't seem to be a good solution for me.

Hello,
Yes, especially as libgnutls10 will probably soon be removed.

> If you think this is a bug in libgnutls11 feel free to reassign the bug.

I am quite mystified by this. - Can you test with debugging enabled?

/etc/init.d/exim4 stop
exim4 -bd -d+tls 2>&1 | tee /tmp/exim4.debug.tls

Does openssl's s_client also show the error?
# run a separate testing daemon on loopback interface on port 666
# quit with <Ctrl>-C later.
exim4 -bd -d+tls -oX 127.0.0.1.666 -tls-on-connect

# test with openssl
openssl s_client -connect localhost:666
# exit with "quit".
       thanks, cu andreas
-- 
"See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"
                                           http://downhill.aus.cc/