[Pkg-openldap-devel] Bug#929907: libgnutls30: Connections to older GnUTLS servers break

[Andreas Metzler]

Control: severity -1 serious

On 2019-06-03 Dominik George <dominik.george at teckids.org> wrote:
> Package: libgnutls30
> Version: 3.6.7-3
> Severity: grave
> Justification: renders package unusable

> The update to 3.6.7-3 reproducibly breaks ldap-utils (or, maybe,the ldap
> client library) when connecting to a server with the previous 3.6.6-2
> version.  I am afraid it breaks more than that.  GnuTLS-secured connections
> are just closed with no visible reason.

> Seen on more than 12 systems, then went to a system that had not got the
> update yet.  An ldapsearch works with 3.6.6-2, and fails after updating to
> 3.6.7-3 with the connection just being closed after reading some data from
> the LDAP server setill on 3.6.6-2.  Upgrading GnuTLS to 3.6.7-3 on the
> server made the problem go away.

Hello,

Is this reproducile with gnutls-cli or is the respective server
publically accessible? 

> I am setting this critical as I cannot imagine it is expected that GnuTLS
> clients require the server to be the exact same version.

Downgrading to serious for the time being, critical means something
different. [1]

cu Andreas

[1] https://www.debian.org/Bugs/Developer.en.html#severities

-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'