Bug#752272: gnutls-bin: Self-signed ca can't create trusted client certs

Jo Drexl jo.drexl at poly-tick.de
Sun Jun 22 00:09:44 UTC 2014 

Package: gnutls-bin
Version: 3.2.15-1~bpo70+1
Severity: important

Dear Maintainer,
*** Please consider answering these questions, where appropriate ***

   * What led up to the situation?
Wishing for a stable and secure remote qemu/kvm-VM, managed by virt-manager and libvirt
   * What exactly did you do (or not do) that was effective (or
     ineffective)?
Following this guide (http://libvirt.org/remote.html#Remote_certificates) with the wheezy standard gnutls-bin package, worked fine. Redid everything with the backports-package for ecc-dsa support (new CA) and ssl for webserver. Every certificate came out not trusted by certtool -e; this broke every tls connection to the server.
Redid everything with the backports-package on my notebook (where I now write from), outcome was identical. No trusted certificate structure can be obtained. So it's definitively the package.
Will downgrade again, hope that solves the problem for now. Will keep you posted.
   * What was the outcome of this action?
Either the certificate generating algorithm broke during the update, or the verification routine prints out false-negatives.
   * What outcome did you expect instead?
Working certificates ;)

*** End of the template - remove these lines ***


-- System Information:
Debian Release: 7.5
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages gnutls-bin depends on:
ii  libc6        2.13-38+deb7u1
ii  libgmp10     2:5.0.5+dfsg-2
ii  libgnutls28  3.2.15-1~bpo70+1
ii  libhogweed2  2.7.1-1~bpo70+1
ii  libidn11     1.25-2
ii  libnettle4   2.7.1-1~bpo70+1
ii  libp11-kit0  0.20.2-1~bpo70+1
ii  libtasn1-6   3.6-1~bpo70+1
ii  zlib1g       1:1.2.7.dfsg-13

gnutls-bin recommends no packages.

gnutls-bin suggests no packages.

-- no debconf information

More information about the Pkg-gnutls-maint mailing list