Bug#663127: gnutls26: Regression between 2.11.6 and 2.12.0
Timo Aaltonen
tjaalton at ubuntu.com
Thu Mar 8 23:47:38 UTC 2012
On 09.03.2012 00:31, Simon Josefsson wrote:
> Timo Aaltonen <tjaalton at ubuntu.com> writes:
>
>> On 08.03.2012 20:06, Timo Aaltonen wrote:
>>> which doesn't say much. I couldn't test 2.11.7 since snapshot.d.o
>>> doesn't have packages for amd64 (FTBFS?), and bisecting without
>>> packages is rather hard I guess... Can't test 3.0.x either, since
>>> openldap doesn't build against libgnutls28.
>>
>> Ok I was able to build 2.11.7 after all (disabled tests), and I can
>> confirm that it's a working version as well, so this broke some time
>> between that and 2.12.0.. trying to bisect more.
>
> Thanks. What do you know about the server you are testing against?
It's 389 Directory Server on Fedora.
> Many LDAP servers seems to have non-standards conforming SSL support.
> There is one change between 2.11.7 and 2.12.0 ("Corrected default
> behavior in record version of Client Hellos.") that I suspect. Try
> adding the "SSL3_RECORD_VERSION" or "LATEST_RECORD_VERSION" priority
> string to your client and see if it makes a difference. If this makes a
> difference, the problem is with the server.
Spot on, that commit changed it. What exactly is broken on the server?
Upstream would like to know :)
--
t
More information about the Pkg-gnutls-maint
mailing list