Bug#525962: libgnutls26 makes apt-transport-https fail with ssl key/cert client authentication
Marco Amadori
amadorim at vdavda.com
Tue Apr 28 07:50:29 UTC 2009
Package: libgnutls26
Severity: important
Version: 2.4.2-6+lenny1
Tags: lenny
When using apt-transport-https to fetch packages from a https web server
configured with required client authentication (apt options Acquire::
{CaInfo,SslCert,SslKey}), an apt-operation will fail with misleading message:
---- * ----
# apt-get update
[...]
Err https://debian.<privateurl> lenny/main Packages
Sub-process bzip2 returned an error code (2)
Fetched 140B in 0s (248B/s)
W: GPG error: https://debian.<privateurl> lenny Release: The following
signatures were invalid: NODATA 1 NODATA 2
W: Failed to fetch https://debian.<privateurl>/debian/dists/lenny/main/binary-
i386/Packages.bz2 Sub-process bzip2 returned an error code (2)
E: Some index files failed to download, they have been ignored, or old ones
used instead.
---- * ----
Upgrading to libgnutls26 to sid's 2.6.5-1 fixes the problem.
If I disable client authentication on the web server, leaving just https
server authentication (via the cacert), it works even with lenny's version.
This bug should be probably mentioned on apt-transport-https bug entries too
since the error reported is misleading and since testing curl via command line
with --cacert, --cert and --key just works (with the same .pem files specified
in apt.conf*.)
--
ESC:wq
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Pkg-gnutls-maint
mailing list