Hi László, On 2025-04-20 18:53, László Böszörményi (GCS) wrote: > Hi Aurelien, > > On Sun, Apr 20, 2025 at 1:13 PM Aurelien Jarno <aure...@debian.org> wrote: > > The problem is easily reproducible and is caused by mbedtls 3.6.3-1, ad it > > builds fine with mbedtls 3.6.2-3. > Yes, this is known. > > > WARNING: NNG-TLS-HANDSHAKE: TLS handshake failed: SSL - Attempt to verify > > a certificate without an expected hostname. This is usually insecure. In > > TLS clients, when a client authenticates a server through its certificate, > > the client normally checks three WARNING: NNG-CONN-FAIL: Failed > > connecting socket<2> to tls+tcp://127.0.0.1:42757: Cryptographic error > > > > My guess is that this is linked to the CVE-2025-27809 fix. > Just found, it is [1]. I will do other tests if I can fix it without > upstream involvement.
It seems to be already fixed upstream. The first hunk of this commit (the second applies to code added on versions following the one in debian) fixes the issue here: https://github.com/nanomsg/nng/commit/55925438bc8b8fd243ab995c48c8996ac49a6652 Regards Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://aurel32.net
