Bug#663127: gnutls26: Regression between 2.11.6 and 2.12.0

Simon Josefsson simon at josefsson.org
Thu Mar 8 22:31:51 UTC 2012


Timo Aaltonen <tjaalton at ubuntu.com> writes:

> On 08.03.2012 20:06, Timo Aaltonen wrote:
>> which doesn't say much. I couldn't test 2.11.7 since snapshot.d.o
>> doesn't have packages for amd64 (FTBFS?), and bisecting without
>> packages is rather hard I guess... Can't test 3.0.x either, since
>> openldap doesn't build against libgnutls28.
>
> Ok I was able to build 2.11.7 after all (disabled tests), and I can
> confirm that it's a working version as well, so this broke some time
> between that and 2.12.0.. trying to bisect more.

Thanks.  What do you know about the server you are testing against?
Many LDAP servers seems to have non-standards conforming SSL support.
There is one change between 2.11.7 and 2.12.0 ("Corrected default
behavior in record version of Client Hellos.") that I suspect.  Try
adding the "SSL3_RECORD_VERSION" or "LATEST_RECORD_VERSION" priority
string to your client and see if it makes a difference.  If this makes a
difference, the problem is with the server.

/Simon





More information about the Pkg-gnutls-maint mailing list