Interoperability issues (Debian Bug #348046)

Marc Haber mh+gnutls-devel at zugschlus.de
Thu Jan 3 01:39:01 CET 2008


Hi,

Simon Josefsson has suggested to me (a member of the maintainer team
for Exim's packages for the Debian Operating System) that it might be
a good idea to move a technical debate from our blogs
(http://blog.zugschlus.de/archives/585-exim4-vs.-OpenSSL-vs.-GnuTLS.html,
http://blog.josefsson.org/2007/11/09/response-to-gnutls-in-exim-debate/)
to gnutls-devel as this list is a better medium for archived discussion.

I'll send a dedicated mail for each of Debian's bug reports, so that
the threads are not going to intermix.

Debian Bug #348046, http://bugs.debian.org/348046
=================================================

Simon writes:
> Bug #348046 is so complex that I cannot judge it. If the submitters
> are willing, it may be best to re-submit each problem separately. The
> problem with TheBat is interesting, but given the non-free status of
> TheBat and no other reports, it doesn???t seem serious. To reduce
> entropy consumption is something we should work on, but it is a
> ???wishlist??? kind of bug, and to some extent may have already been
> solved by removing the DH generation code which depleats the entropy
> pool quickly. The rest appears to be already solved or should be
> tagged as ???wontfix???.

To me, after cursory inspection, this looks like:
(A) Original bug submitter complaining about "A TLS packet with
    unexpected length was received" when the local Exim is a _client_
    (Message 5).
(B) jarek saying "me too", but saying that his local Exim says
    "A TLS packet with unexpected length was received" while his Exim
    is a _server_ (Message 45)
(C) Ian Zimmerman trying to debug issue (B) but having trouble with
    gnutls-cli (Message 58)
(D) gnutls-cli-debug not having an --starttls option (is this a bug in
    gnutls-cli-debug? What is gnutls-cli-debug's Differnence from
    gnutls-cli in the first place?)
(E) Marc F .Clemente saying "me too" to (B) (Message 110)
(F) Vincent Lefevre saying (Message 130), that outgoign messages also
    reduce entropy.
(G) Andrew McGlashan finding it impossible to connect to gnutls-serv
    with incredimail (giving debug output in Message 224).

Can you comment about (D) and (G)?

> Bug #348046
>  This is a long bug report by several submitters. The initial report
>  from Martin A. Brooks is stalled when he doesn???t respond to the
>  (appropriate and relevant) questions that Marc Haber asks. The
>  problem that Ian Zimmerman reports seems to be different, now GnuTLS
>  clients work fine but OpenSSL clients fail to connect to the
>  Exim4/GnuTLS server. The OpenSSL errors may suggest it only wants to
>  talk SSLv2 for some reason (local configuration?). Debugging the
>  OpenSSL problem further would be the appropriate response, and should
>  likely be treated as an OpenSSL bug (!) until more evidence can be
>  gathered. Later, Andrew McGlashan reports a problem where neither
>  GnuTLS and OpenSSL works against the ???Incredimail??? MUA.
>  Conclusion: The bug should really be forked into several problems,
>  one for the initial reports where the submitter stopped responding,
>  one for the OpenSSL problem, and one for the Incredimail problem (and
>  as Incredimail isn???t a Debian package, it???s not Debian???s problem).
>  Caveat: I may have missunderstood some parts of this bug report
>  because different problems are discussed at the same time. Once that
>  is done we can try to address each problem separetely.

Which issue is the OpenSSL thing?

I think this is a good case to show what happens when the error
messages are too simple. This bug report is a mess of different issues
since GnuTLS obviously returns the same, quite generic, error message
text for a number of different issues. People look into the BTS for
their error message and attach their issue to the existing bug report,
leading to the horrible mess this bug report is. I'd like to use this
opportunity to pledge for more distinctive error messages.

Greetings
Marc

--
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190





More information about the Gnutls-devel mailing list