Package: apt-transport-https
Version: 0.7.25.3
Severity: grave
Justification: renders package unusable
*** Please type your report below this line ***
I have an apt https setup with client certs that has been working fine for
lenny. After upgrading to squeeze, it fails.
Has anything changed in the configuration? I'm not really able to find any
relevant documentation ...
I've created a test setup which is documented at:
http://apt-test.aviatis.com/
It runs apt-cacher (so you know what it will produce if it does ...). Clients
need to specify a client cert to get access.
Client config instructions are at that URL. Please e-mail me with any questions
or requests for changes in the setup.
Details:
----
Error message on client (that runs apt):
Err https://FOO foo/main Packages
SSL connection timeout
W: Failed to fetch https://FOO/FOO/dists/foo/main/binary-i386/Packages.gz SSL
connection timeout
----
SSL log on the server (that runs apt-cacher):
squeeze:
[14/Aug/2010:19:05:19 +0000] 192.168.1.5 SSLv3 - - -
compare with lenny:
[14/Aug/2010:10:11:06 +0000] 192.168.1.6 SSLv3 DHE-RSA-AES128-SHA FOO FOO.com
----
/etc/apt/apt.conf.d/client-cert:
Acquire {
https {
Verify-Peer "false";
CaPath "/etc/ssl/certs";
Verify-Host "false";
AllowRedirect "true";
SslCert "/etc/FOO/FOO.crt";
SslKey "/etc/FOO/FOO.key";
SslForceVersion "SSLv3"; // Somehow it does not work unless we do this
(this is a lenny comment, but changing it does not change matters in squeeze)
}
}
----
When I use the same client cert files with curl on squeeze, I can access the
file that apt fails to access.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
