[Pkg-gnutls-maint] Bug#466477: Bug#466477: Bug#466477: Bug#466477: Bug#466477: libgnutls26: Failure to talk with IBM ldap/http servers
Simon Josefsson
simon at josefsson.org
Tue Apr 29 08:26:43 UTC 2008
Simon Josefsson <simon at josefsson.org> writes:
>> Where do I go form here? You (or anybody else) is welcome to use my
>> server (mail3.mclemente.net) for testing. Let me know what I have to do
>> to help resolve my issue. In my spare time, I will try and downgrade
>> some packages to see what happens.
>
> I could reproduce the problem: it is the same as we have seen in a few
> other recent cases: the server sends a huge list of known CA's, and
> GnuTLS can't handle the packet sizes.
>
> We are investigating that problem.
Hi Marc. The upstream fix for this problem is in:
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=46958a67b93bbb739bbc9a74ccb7e4dbd380ad76
An alternative fix that doesn't require modifications to gnutls is to
have exim and any other application set value themselves:
gnutls_handshake_set_max_packet_length (session, 64*1024);
FYI, the total packet size to do a TLS handshake with your server was
19kb. That's quite large, and if you care, investigating why that
happens would be useful.
I'll backport the change from 16kb to 48kb to the v2.2 branch. We will
do a new stable release soon.
Note that this problem is different from the original report in this
bug, #466477. This bug should probably be cloned, and your problem
closed with this fix, and we could let the original report wait for more
data. Or possibly, since this problem is reported in #478191 too, just
close that bug with this patch, and let this bug remain for the original
problem only.
If you want a minimal patch to increase the limit, try:
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 9194a4f..c19aa5a 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -55,7 +55,7 @@
/* The size of a handshake message should not
* be larger than this value.
*/
-#define MAX_HANDSHAKE_PACKET_SIZE 16*1024
+#define MAX_HANDSHAKE_PACKET_SIZE 48*1024
#define TLS_RANDOM_SIZE 32
#define TLS_MAX_SESSION_ID_SIZE 32
/Simon
More information about the Pkg-gnutls-maint
mailing list