reassign 530510 libneon27-gnutls found 530510 0.28.4-1 thank you Ok, I hope it's all correct now. I'm terribly sorry for the noise!
Simon Josefsson schrieb: > Can you explain how these bug reports suggests there is a bug in the > GnuTLS packages? I'm staying with libneon27-gnutls now, unless you agree that it may be a gnutls bug. The core of the problem is described in 530510, let me rephrase: With libneon24-gnutls version 0.28.4-1 authentication with client certificates breaks on some servers. e.g. svn ls https://my-repo.dom/svn/project/ fails with svn: OPTIONS von »https://my-repo.dom/svn/project/«: SSL negotiation failed: SSL error: Key usage violation in certificate has been detected. (https://my-repo.dom/svn/project/) Downgrading to libneon24-gnutls 0.28.2-6.1+b1 seemed to fix the problem at first, but I discovered today that it fails against a different server. There is an old bug which would explain that behaviour with the old version of libneon-gnutls: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=474139 So I had to find a way to make both servers work. I was confused because the same fix seems to help against 480041 and the ubuntu bug https://bugs.launchpad.net/ubuntu/+source/subversion/+bug/294648, namely alias svn='LD_PRELOAD=/usr/lib/libneon.so.27 svn' But this seems to suggest to me that the problem only occurs when libneon is linked against gnutls, hence the reassignment. Unfortunately I can't provide client certificates for testing. Any idea how to make this bug reproducible? > To me, 480041 looks like a fairly common administrator problem. 530510 > looks like it contains all sorts of problems, many of them were reported > solved. I cannot find any succinct problem description describing a > GnuTLS issue, but due to the length of the bug I didn't read it all. 480041 describes a lot of different problems. I shouldn't have merged it with this bug. However the solution provided in the ubuntu bug linked from there works as a fix for the "Key usage violation" I see here. I assume you meant 530510 describes a common administrator problem? I can't see which you mean. > If you want us to fix this, we need a better description of the actual > problem. Sure. I hope this helps. If it doesn't, I'm thankful for hints. > I suspect some of the problem may have been triggered by the recent > OpenSSL security advisory that disables TLS renegotiation, which is > often used with client certificates. ---Zitatende--- I reported 530510 in May 2009, Bug 480041 refers to renegotiation, but it's much older than the OpenSSL security advisory you refer to, assuming you mean http://www.openssl.org/news/secadv_20091111.txt Kind regards Friedel -- Friedrich Delgado Friedrichs <frie...@nomaden.org> TauPan on Ircnet and Freenode ;) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
