Bug#525962: libgnutls26 makes apt-transport-https fail with ssl key/cert client authentication

Simon Josefsson simon at josefsson.org
Tue Apr 28 10:02:25 UTC 2009


Marco Amadori <amadorim at vdavda.com> writes:

> On Tuesday 28 April 2009, 10:08:26, you wrote:
>
>> Can you get apt-transport-https to generate debug logs?
>
> yes, I attached a log after adding 'Debug::Acquire::https "true";' to the apt-
> conf.d/<mystuff> file.
>
>> If there isn't
>> code in it already, you may need to add something like this:
>
> I cannot add this in a simple way, main method/https.cc just invokes
>
> "curl_global_init(CURL_GLOBAL_SSL) ;"
>
>> It is difficult to debug this further without the information printed by
>> the gnutls log.
>
> I hope tah the attached log could be enough.

Unfortunately it doesn't give that many details.  What kind of server is
it?

You said you could not reproduce it using curl, can you also try
gnutls-cli?  Use the same client certificate.  If you can reproduce the
problem there, pass -d 4711 to get more complete debug output.

Even if apt-transport-https uses curl, it should be possible to include
a call directly to GnuTLS in the code, like this:

#include <gnutls/gnutls.h>
...

static void
tls_log_func (int level, const char *str)
{
  fprintf (stderr, "|<%d>| %s", level, str);
}
...
gnutls_global_init ();
gnutls_global_set_log_function (tls_log_func);
gnutls_global_set_log_level (4711);

/Simon





More information about the Pkg-gnutls-maint mailing list