[gnutls-devel] Problem with proxied connections on 3.5.3

[Andreas Metzler]

Hello,

this is https://bugs.debian.org/835342 reported by
marcelomendes at gmail.com:
--------------------------------
>> Trying to git clone a github repo using libgnutls30 3.5.3-2 throw the
>> following error:
>
>> fatal: unable to access 'https://github.com/xxx/yyy/': gnutls_handshake()
>> failed: Public key signature verification has failed.
>
>> Same happens for curl:
>
>> curl https://duckduckgo.com
>> curl: (35) gnutls_handshake() failed: Public key signature verification has
>> failed.

> Are you able to reproduce either of these errors with gnutls-cli?

First, let me say I'm behind a proxy server.

Both versions of gnutls-bin (3.5.3-3 and the old 3.5.2-3) have the
same behavior:

gnutls-cli -V --port 443 duckduckgo.com
Processed 173 CA certificate(s).
Resolving 'duckduckgo.com:443'...
Connecting to '107.21.1.61:443'...
Connecting to '184.72.106.52:443'...
Connecting to '184.72.115.86:443'...

and stay there for some quit some time until I ctrl+c

But, with the old version of libgnutls30 (3.5.2-3) got from here:
http://snapshot.debian.org/package/gnutls28/3.5.2-3/#libgnutls30_3.5.2-3
commands like git clone/pull works and curl -I https://... works too.

I tried from my vps and this issue doesn't happen with either version,
thats a weird thing :)

Out of curiosity, the commands worked from inside a ubuntu-xenial
vagrant box (virtualbox vms) with older versions of libgnutls30
(3.4.x)
--------------------------------
cu Andreas

-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'