Bug#835342: curl or git clone commands throws "gnutls_handshake() failed" on https targets

[Andreas Metzler]

On 2016-09-19 "marcelomendes at gmail.com" <marcelomendes at gmail.com> wrote:
> 2016-09-17 12:15 GMT-04:00 Andreas Metzler <ametzler at bebt.de>:
[...]
> > | Then click capture -> Stop, In "apply display filter", type ssl, then
> > | File -> Export specified packets and send the saved pcap file.

> This link has two files:

> pcap_gnutls.pcapng (Fail, libgnutls30:amd64  3.5.4-2)
> pcap_gnutls_v352.pcapng (Working version, libgnutls30:amd64  3.5.2-3)

> https://drive.google.com/drive/folders/0B3_AQUiHn1qMcEVjdVpNeHBJUHc

Hello Marcelo,

this seems to be hard to debug/reproduce, Nikos (upstream) writes:

=======================================================================
I do not see anything wrong in the capture. I even created a small
program to replay the connection locally (I have a debian installation
on x86_64 with the same packages available), and the connection
continued past the failure point on that system.

I'm searching in the dark here, but the following info could help:
1. run gnutls-cli www.server-that-fails -d 9
2. run valgrind gnutls-cli www.server-that-fails
3. compile the attached program as "gcc -O2 -g sim.c -lgmp -lhogweed &&
./a.out", and also run valgrind ./a.out

[...]
One 4th item suggested by Niels Moeller:
4. run ldd /usr/bin/gnutls-cli # (that way we can see whether the
client is linked to the expected nettle library)
=======================================================================

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sim.c
Type: text/x-csrc
Size: 1459 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20160920/01dfab52/attachment.c>