[gnutls-devel] Problem with proxied connections on 3.5.3
Nikos Mavrogiannopoulos
nmav at gnutls.org
Sun Aug 28 00:04:20 CEST 2016
On Fri, Aug 26, 2016 at 7:18 PM, Andreas Metzler <ametzler at bebt.de> wrote:
> Hello,
>
> this is https://bugs.debian.org/835342 reported by
> marcelomendes at gmail.com:
> --------------------------------
>>> Trying to git clone a github repo using libgnutls30 3.5.3-2 throw the
>>> following error:
>>
>>> fatal: unable to access 'https://github.com/xxx/yyy/': gnutls_handshake()
>>> failed: Public key signature verification has failed.
>>
>>> Same happens for curl:
>>
>>> curl https://duckduckgo.com
>>> curl: (35) gnutls_handshake() failed: Public key signature verification has
>>> failed.
>> Are you able to reproduce either of these errors with gnutls-cli?
> First, let me say I'm behind a proxy server.
> Both versions of gnutls-bin (3.5.3-3 and the old 3.5.2-3) have the
> same behavior:
> gnutls-cli -V --port 443 duckduckgo.com
> Processed 173 CA certificate(s).
> Resolving 'duckduckgo.com:443'...
> Connecting to '107.21.1.61:443'...
> Connecting to '184.72.106.52:443'...
> Connecting to '184.72.115.86:443'...
> and stay there for some quit some time until I ctrl+c
> But, with the old version of libgnutls30 (3.5.2-3) got from here:
> http://snapshot.debian.org/package/gnutls28/3.5.2-3/#libgnutls30_3.5.2-3
> commands like git clone/pull works and curl -I https://... works too.
Something is wrong there. I don't see any changes in gnutls code that
could result to it. Could the user bisect since 3.5.2 and try to
figure out the change that causes that issue? Is there a reproducer?
regards,
Nikos
More information about the Gnutls-devel
mailing list