Package: inspircd Version: 4.7.0+ds1 Severity: serious X-Debbugs-Cc: [email protected]
Dear Maintainer, After upgrading from Debian bookworm to trixie, existing InspIRCd server-to-server links using self-signed TLS certificates fail. The error reported claims the link definition is malformed, but the configuration is unchanged and valid. This is a regression that occurs only after upgrading from bookworm to trixie; the same configuration worked correctly on bookworm and still works after downgrading. To reproduce 1. Configure two InspIRCd servers on Debian bookworm with a working TLS server link using self-signed certificates. 2. Upgrade the system(s) to Debian trixie. 3. Restart inspircd. Server link fails. Error message reports that the link definition is malformed. No useful certificate or TLS verification error is logged. Server link should continue to work, or a clear error should indicate certificate verification failure. Self-signed certificates are the standard configuration for IRC server linking. This regression breaks normal multi-server IRC deployments and can lead to persistent netsplits after upgrade. The misleading error message nearly led me to leave the servers permanently unlinked. Upstream InspIRCd 4.9.0 changelog documents fixes for incorrect rejection of self-signed certificates and improved diagnostics when server linking fails due to certificate issues, suggesting Debian’s 4.7.0 package lacks a known upstream fix. Downgrading back to bookworm version of inspircd restores correct operation. No configuration changes were required. Regards, Juha Kallio -- System Information: Debian Release: 13.3 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'stable-security'), (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 'unstable'), (500, 'oldstable') Architecture: arm64 (aarch64) Kernel: Linux 6.1.0-27-arm64 (SMP w/2 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages inspircd depends on: ii gnutls-bin 3.8.9-3+deb13u1 ii init-system-helpers 1.69~deb13u1 ii libargon2-1 0~20190702+dfsg-4+b2 ii libc6 2.41-12+deb13u1 ii libgcc-s1 14.2.0-19 ii libgnutls30t64 [libgnutls30] 3.8.9-3+deb13u1 ii libhttp-parser2.9 2.9.4-5 ii libio-socket-ssl-perl 2.089-1 ii libldap-2.5-0 2.5.13+dfsg-5 ii libmariadb3 1:11.8.3-0+deb13u1 ii libmaxminddb0 1.12.2-1 ii libpcre2-8-0 10.46-1~deb13u1 ii libpq5 17.7-0+deb13u1 ii libre2-9 20220601+dfsg-1+b1 ii libsqlite3-0 3.46.1-7 ii libstdc++6 14.2.0-19 ii libtre5 0.8.0-7 ii perl 5.40.1-6 ii sysvinit-utils [lsb-base] 3.14-4 inspircd recommends no packages. Versions of packages inspircd suggests: pn default-mysql-server <none> pn ldap-server <none> pn postgresql <none> pn sqlite3 <none> -- Configuration Files: /etc/inspircd/inspircd.conf: <server name="redacted"> <module name="m_spanningtree.so"> <module name="m_sslinfo.so"> <module name="m_ssl_gnutls.so"> <bind address="127.0.0.1" port="6667"> <connect allow="127.0.0.1" port="6667"> <bind address="" port="6666" type="servers" ssl="gnutls"> <link name="redacted" ipaddr="redacted" port="6666" sendpass="redacted" recvpass="redacted" ssl="gnutls" fingerprint="redacted"> <pid file="/var/run/inspircd.pid"> <log method="file" type="* -USERINPUT -USEROUTPUT" level="default" target="/var/log/inspircd.log"> -- no debconf information
