Bug#835342: curl or git clone commands throws "gnutls_handshake() failed" on https targets
marcelomendes at gmail.com
marcelomendes at gmail.com
Fri Aug 26 14:30:51 UTC 2016
2016-08-25 13:25 GMT-04:00 Andreas Metzler <ametzler at bebt.de>:
> On 2016-08-24 "marcelomendes at gmail.com" <marcelomendes at gmail.com> wrote:
>> Package: libgnutls30
>> Version: 3.5.3-2
>> Severity: important
>> Tags: upstream
>
>> Dear Maintainer,
>
>> Trying to git clone a github repo using libgnutls30 3.5.3-2 throw the
>> following error:
>
>> fatal: unable to access 'https://github.com/xxx/yyy/': gnutls_handshake()
>> failed: Public key signature verification has failed.
>
>> Same happens for curl:
>
>> curl https://duckduckgo.com
>> curl: (35) gnutls_handshake() failed: Public key signature verification has
>> failed.
>
> Hello,
> Are you able to reproduce either of these errors with gnutls-cli?
First, let me say I'm behind a proxy server.
Both versions of gnutls-bin (3.5.3-3 and the old 3.5.2-3) have the
same behavior:
gnutls-cli -V --port 443 duckduckgo.com
Processed 173 CA certificate(s).
Resolving 'duckduckgo.com:443'...
Connecting to '107.21.1.61:443'...
Connecting to '184.72.106.52:443'...
Connecting to '184.72.115.86:443'...
and stay there for some quit some time until I ctrl+c
But, with the old version of libgnutls30 (3.5.2-3) got from here:
http://snapshot.debian.org/package/gnutls28/3.5.2-3/#libgnutls30_3.5.2-3
commands like git clone/pull works and curl -I https://... works too.
I tried from my vps and this issue doesn't happen with either version,
thats a weird thing :)
Out of curiosity, the commands worked from inside a ubuntu-xenial
vagrant box (virtualbox vms) with older versions of libgnutls30
(3.4.x)
>> Downgrading to libgnutls30 3.5.2-2 solves the issue
>
>> PS.: For some reason I can't find this version on the debian repository
>> anymore, but I did on another machine previously and it worked as stated above:
>
> The Debian mirrors only carry packages which are part of release
> (stable, unstable, testing, etc.). 3.5.2-2 is not. Old versions can be
> found on http://snapshot.debian.org/
>
> cu Andreas
> --
> `What a good friend you are to him, Dr. Maturin. His other friends are
> so grateful to you.'
> `I sew his ears on from time to time, sure'
--
"Free Software is not the only way, but it's a correct way."
Marcelo Mendes
http://underlabs.org
mmendes @ IRC [OFTC-Freenode]
Gtalk: marcelomendes at gmail dot com
More information about the Pkg-gnutls-maint
mailing list