[gnutls-devel] gnutls ASSERT lines even when not using TLS on knot-resolver

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Jun 8 20:11:51 CEST 2017


Hi GnuTLS folks--

Over on:

https://gitlab.labs.nic.cz/knot/resolver/merge_requests/287#note_48109

Vladimír Čunát (cc'ed here) reports that the following log messages
appear even when knot-resolver isn't listening on TLS:

     [tls] gnutls: (3) ASSERT: pk.c[_wrap_nettle_pk_verify]:750
     [tls] gnutls: (3) ASSERT: pubkey.c[pubkey_verify_hashed_data]:1913

Presumably this has to do with the fact that knot-resolver is using
nettle to do DNSSEC verification, but i don't understand the linkage
between GnuTLS and nettle well enough to know why this would be
happening just because the gnutls logging function is set.

Any ideas about how to explain this?

Regards,

    --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: </pipermail/attachments/20170608/77f0bcdf/attachment-0001.sig>


More information about the Gnutls-devel mailing list