Bug#721321: [libgnutls26] Breaks SSL tracker support in Transmission

[Daniel Kahn Gillmor]

Control: reassign 721321 src:transmission
Control: affects -1 src:gnutls26 src:gnutls28

On 08/30/2013 04:31 AM, Andrea Lorenzetti wrote:
> * gnutls_handshake() failed: A TLS warning alert has been received.
> * Closing connection #1
> * Expire cleared
> * Connection #0 seems to be dead!
> * Closing connection #0
> * About to connect() to tracker2.***.com port 443 (#0)
> *   Trying *.*.*.*...
> * 0x7f70340d3e00 is at send pipe head!
> * STATE: CONNECT => WAITCONNECT handle 0x7f703403d610; (connection #0)
> * Connected to tracker2.***.com (*.*.*.*) port 443 (#1)
> * Connected to tracker2.***.com (*.*.*.*) port 443 (#1)
> * found 159 certificates in /etc/ssl/certs/ca-certificates.crt
> * STATE: WAITCONNECT => PROTOCONNECT handle 0x7f703403d610; (connection #0)
> * gnutls_handshake() failed: A TLS warning alert has been received.
> * Closing connection #0
> * Expire cleared

The problem here appears to be that transmission is treating a TLS
warning alert as fatal, even if it is not.

the warning is that the remote server claimed to not know the
SNI-provided name used upon connection:

0 dkg at alice:~$ gnutls-cli tracker2.tvtorrents.com
Processed 158 CA certificate(s).
Resolving 'tracker2.tvtorrents.com'...
Connecting to '77.53.144.154:443'...
*** Non fatal error: A TLS warning alert has been received.
*** Received alert [112]: The server name sent was not recognized
[...goes on to make a successful connection...]

I'm reassigning this bug the transmission package, which needs to handle
non-fatal alerts more cleanly.  If you think this is inappropriate, feel
free to reassign back to gnutls with more explanation.

Regards,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20130903/56c1c13e/attachment.sig>