Hi Aurelien, On Sun, Apr 20, 2025 at 1:13 PM Aurelien Jarno <aure...@debian.org> wrote: > The problem is easily reproducible and is caused by mbedtls 3.6.3-1, ad it > builds fine with mbedtls 3.6.2-3. Yes, this is known.
> WARNING: NNG-TLS-HANDSHAKE: TLS handshake failed: SSL - Attempt to verify a > certificate without an expected hostname. This is usually insecure. In TLS > clients, when a client authenticates a server through its certificate, the > client normally checks three WARNING: NNG-CONN-FAIL: Failed connecting > socket<2> to tls+tcp://127.0.0.1:42757: Cryptographic error > > My guess is that this is linked to the CVE-2025-27809 fix. Just found, it is [1]. I will do other tests if I can fix it without upstream involvement. Thanks for the confirmation, Laszlo/GCS [1] https://github.com/Mbed-TLS/mbedtls/commit/20c7748575320ff721d99ab64456532c0205c8d3
