[Pkg-gnutls-maint] Multiple GnuTLS issues with exim4

[Marc Haber]

Hi,

exim4, Debian's default MTA, uses GnuTLS as encryption library.
Unfortunately, this causes quite some issues, and the Debian exim4
maintainers are at loss to fix these. In fact, we don't even know
whether the issues are solveable inside exim4, or must be addressed in
GnuTLS or some other library involved.

exim's GnuTLS code has been contributed upstream years ago, and the
contributor has vanished since then. Philip Hazel, the upstream
author, says that he does not know GnuTLS and has no time to make
himself acquainted with the library. Hence, there is no support to be
expected from upstream at the moment.

The list of exim bugs that might be connected to gnutls are usedtagged
gnutls (see
http://bugs.debian.org/cgi-bin/pkgreport.cgi?src=exim4;user=exim4@packages.debian.org;nam0=Status;pri0=pending:pending,forwarded,pending-fixed,fixed,done,absent;ttl0=Outstanding,Forwarded,Pending%20Upload,Fixed%20in%20NMU,Resolved,From%20other%20Branch,Unknown%20Pending%20Status;ord0=0,1,2,3,4,5,6;nam1=Tag;pri1=tag:wontfix,valid-bug,gnutls,pending-maintainer-discussion,pending,patch,moreinfo,unreproducible,patch-appreciated,send-patch,debconf-rework,config-ng,on-upstreams-wishlist,help,;ord1=14,13,2,1,3,5,6,7,8,9,4,10,11,12,0).

The most annoying bugs are GnuTLS taking way too much entropy on
initialization of an SSL session which is a source of constant grief
on headless systems, and strange misbehavior when both ldaps and smtp
over ssl are in use. The latter issue seems to show when both the LDAP
library and exim are linked to the same libgnutls.

Can you please comment on these issues?

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835