[Pkg-giraffe-discuss] Bug#812969: libvmime: FTBFS: net_tls_TLSSession.cpp:120:38: error: 'gnutls_certificate_type_set_priority' was not declared in this scope

Carsten Schoenert c.schoenert at t-online.de
Tue Feb 2 06:27:39 UTC 2016


Hello Peter,

Am 02.02.2016 um 06:59 schrieb peter green:
> On 01/02/16 07:45, Carsten Schoenert wrote:
>> Can you give us a suggestion how to handle this issues? I've seen a
>> similar solution like mine on the samba package upstream [5]. The zarafa
>> suite isn't using this parts of the libvmime package as they connect
>> locally to localhost. But the we have to provide a secure libvmime
>> package.
>>    
> I'm not one of the gnutls maintainers but IMO you should only override 
> the defaults set by your tls library if you have good reason AND you are 
> prepared to maintain your modifications over the long term to take 
> account of changing best practice.

I fully agree with you!
But as written earlier, I'm also no security expert on cryptographic and
I haven't done any special code review on the gnutls part of libvmime
and I'm happy to get feedback from you and the GnuTLS Maintainers.

> The non-default settings in this package were clearly not being 
> maintained.

Hmm, I haven't taken a look in the current working parts of libvmime so
I can't say if it's not maintained, but consider, we are talking about
code and a release from 2010 and the code base we talking about is five
years old and there is nothing like security support by the vmime
developers!
It's some kind of ridiculous that upstream hasn't released a new version
since the 0.9.1 release related to what happens in the past two years.
But we (the Zarafa packaging Team) have a reverse dependency on that
library so we have to fix this issues.

I also fully agree with the rest of your email and I'm happy to let
libvmime use the default settings from the GnuTLS library. If this is
done by

  gnutls_set_default_priority()

as written by Andreas this is fine. We need finally a test scenario
there we can check the settings that are used if I use the libvmime
settings. Even better would be if upstream would releasing a upstream
version to get rid of special workarounds.

-- 
Regards
Carsten Schoenert



More information about the Pkg-giraffe-discuss mailing list