Bug#835342: curl or git clone commands throws "gnutls_handshake() failed" on https targets

marcelomendes at gmail.com marcelomendes at gmail.com
Fri Aug 26 14:30:51 UTC 2016

2016-08-25 13:25 GMT-04:00 Andreas Metzler <ametzler at bebt.de>:
> On 2016-08-24 "marcelomendes at gmail.com" <marcelomendes at gmail.com> wrote:
>> Package: libgnutls30
>> Version: 3.5.3-2
>> Severity: important
>> Tags: upstream
>> Dear Maintainer,
>> Trying to git clone a github repo using libgnutls30 3.5.3-2 throw the
>> following error:
>> fatal: unable to access 'https://github.com/xxx/yyy/': gnutls_handshake()
>> failed: Public key signature verification has failed.
>> Same happens for curl:
>> curl https://duckduckgo.com
>> curl: (35) gnutls_handshake() failed: Public key signature verification has
>> failed.
> Hello,
> Are you able to reproduce either of these errors with gnutls-cli?

First, let me say I'm behind a proxy server.

Both versions of gnutls-bin (3.5.3-3 and the old 3.5.2-3) have the
same behavior:

gnutls-cli -V --port 443 duckduckgo.com
Processed 173 CA certificate(s).
Resolving 'duckduckgo.com:443'...
Connecting to ''...
Connecting to ''...
Connecting to ''...

and stay there for some quit some time until I ctrl+c

But, with the old version of libgnutls30 (3.5.2-3) got from here:
commands like git clone/pull works and curl -I https://... works too.

I tried from my vps and this issue doesn't happen with either version,
thats a weird thing :)

Out of curiosity, the commands worked from inside a ubuntu-xenial
vagrant box (virtualbox vms) with older versions of libgnutls30

>> Downgrading to libgnutls30 3.5.2-2 solves the issue
>> PS.: For some reason I can't find this version on the debian repository
>> anymore, but I did on another machine previously and it worked as stated above:
> The Debian mirrors only carry packages which are part of release
> (stable, unstable, testing, etc.). 3.5.2-2 is not. Old versions can be
> found on http://snapshot.debian.org/
> cu Andreas
> --
> `What a good friend you are to him, Dr. Maturin. His other friends are
> so grateful to you.'
> `I sew his ears on from time to time, sure'

"Free Software is not the only way, but it's a correct way."
Marcelo Mendes
mmendes @ IRC [OFTC-Freenode]
Gtalk: marcelomendes at gmail dot com

More information about the Pkg-gnutls-maint mailing list