[gnutls-devel] Problem with proxied connections on 3.5.3

Nikos Mavrogiannopoulos nmav at gnutls.org
Sun Aug 28 00:04:20 CEST 2016

On Fri, Aug 26, 2016 at 7:18 PM, Andreas Metzler <ametzler at bebt.de> wrote:
> Hello,
> this is https://bugs.debian.org/835342 reported by
> marcelomendes at gmail.com:
> --------------------------------
>>> Trying to git clone a github repo using libgnutls30 3.5.3-2 throw the
>>> following error:
>>> fatal: unable to access 'https://github.com/xxx/yyy/': gnutls_handshake()
>>> failed: Public key signature verification has failed.
>>> Same happens for curl:
>>> curl https://duckduckgo.com
>>> curl: (35) gnutls_handshake() failed: Public key signature verification has
>>> failed.
>> Are you able to reproduce either of these errors with gnutls-cli?
> First, let me say I'm behind a proxy server.
> Both versions of gnutls-bin (3.5.3-3 and the old 3.5.2-3) have the
> same behavior:
> gnutls-cli -V --port 443 duckduckgo.com
> Processed 173 CA certificate(s).
> Resolving 'duckduckgo.com:443'...
> Connecting to ''...
> Connecting to ''...
> Connecting to ''...
> and stay there for some quit some time until I ctrl+c
> But, with the old version of libgnutls30 (3.5.2-3) got from here:
> http://snapshot.debian.org/package/gnutls28/3.5.2-3/#libgnutls30_3.5.2-3
> commands like git clone/pull works and curl -I https://... works too.

Something is wrong there. I don't see any changes in gnutls code that
could result to it. Could the user bisect since 3.5.2 and try to
figure out the change that causes that issue? Is there a reproducer?


More information about the Gnutls-devel mailing list