Bug#835342: curl or git clone commands throws "gnutls_handshake() failed" on https targets

marcelomendes at gmail.com marcelomendes at gmail.com
Fri Sep 16 16:41:13 UTC 2016 

2016-09-13 13:50 GMT-04:00 Andreas Metzler <ametzler at bebt.de>:
> On 2016-09-13 "marcelomendes at gmail.com" <marcelomendes at gmail.com> wrote:
>> 2016-09-03 1:51 GMT-04:00 Andreas Metzler <ametzler at bebt.de>:
> {git bisect]
>> > Any specific difficulties I could help you with there?
>
>> Never used git bisect before, so I don't know how much time until I
>> figure out how it works and give you proper feedback.
>
> In essence you tell git that revision  #50 worked and #100 didn't. Then
> git checks out #75 for you to test. Depending on whether #75 was already
> broken it then moves on to let you check either #62 or #87, continously
> narrowing down the suspect subset and after ten tries or so you know
> which commit broke.
>
>> Today 13/09 I noticed a new version of gnutls-bin and libgnutls30 (3.5.4-2)
>
>> Tried to do a "vagrant box update" to update my boxes and got the same
>> little error, now from vagrant:
> [...]
>> sudo dpkg -i libgnutls30_3.5.2-3_amd64.deb gnutls-bin_3.5.2-3_amd64.deb
> [...]
>> And everything works as expected with vagrant, git, curl, etc.
>
> In short you need this:
>
...
> cu Andreas
> --
> `What a good friend you are to him, Dr. Maturin. His other friends are
> so grateful to you.'
> `I sew his ears on from time to time, sure'

Hey there,
After struggling a bit with the process of "bisecting", I think I got
something :).
You can view git bisect log here http://pastebin.com/sj1ZbbqA

c801a15bca9ea8f3f7abd4be48bebd36c54eeba2 is the first bad commit
commit c801a15bca9ea8f3f7abd4be48bebd36c54eeba2
Author: Nikos Mavrogiannopoulos <nmav at redhat.com>
Date:   Mon Aug 1 10:48:46 2016 +0200

    nettle: use rsa_*_key_prepare

    Previously we calculated the size of the key directly, but
    by using the rsa_*_key_prepare we benefit from any checks that
    may be introduced in the future. Specifically any checks for invalid
    public keys (e.g., keys that may crash the underlying gmp functions).

:040000 040000 29a2377df28240d7688082ac12318baacdd1bb7c
23aa890386085677a878268578e9a2c27d396c80 Mlib



It seems the commit "b0d560b" reverts  "c801a15", and commit 186dc9c
breaks it again.

I hope that helps.


-- 
"Free Software is not the only way, but it's a correct way."
Marcelo Mendes
http://underlabs.org
mmendes @ IRC [OFTC-Freenode]
Gtalk: marcelomendes at gmail dot com

More information about the Pkg-gnutls-maint mailing list