TJ stated in early 2013: "Additional research seems to indicate this is a known intentional gnutls behaviour (that has been modified in very recent gnutls that makes use of a recent libnettle - as mentioned above). The issue is, apparently, the random size padding of packets to prevent communications compromise for stream ciphers.
Unfortunately the changes required are far too invasive for an SRU so we'll have to make do with a work-around." Where do these changes need be implemented? In GNUTLS? Has anyone with sufficient understanding opened an informed report upstream at https://gitlab.com/gnutls/gnutls/issues that could be referenced here? If not, would someone be willing / capable to do that? Thanks! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to curl in Ubuntu. https://bugs.launchpad.net/bugs/1111882 Title: GnuTLS recv error (-9): A TLS packet with unexpected length was received Status in apt package in Ubuntu: Invalid Status in curl package in Ubuntu: Confirmed Status in git package in Ubuntu: Confirmed Status in gnutls26 package in Ubuntu: Confirmed Bug description: On Precise 12.04 whilst attempting: GIT_CURL_VERBOSE=1 git clone -v https://git01.codeplex.com/typescript the operation fails after the final git pack-file has been received and the already-created repository is deleted from the file system. ... > POST /typescript/git-upload-pack HTTP/1.1 User-Agent: git/1.8.1.2.433.g9808ce0.dirty Host: git01.codeplex.com Accept-Encoding: gzip Content-Type: application/x-git-upload-pack-request Accept: application/x-git-upload-pack-result Content-Length: 611 * upload completely sent off: 611out of 611 bytes < HTTP/1.1 200 OK < Cache-Control: no-cache, max-age=0, must-revalidate < Pragma: no-cache < Content-Type: application/x-git-upload-pack-result < Expires: Fri, 01 Jan 1980 00:00:00 GMT < Server: Microsoft-IIS/7.5 < X-Powered-By: ASP.NET < Date: Thu, 31 Jan 2013 21:43:55 GMT < Connection: close < remote: Counting objects: 149766, done. remote: Compressing objects: 100% (10580/10580), done. * GnuTLS recv error (-9): A TLS packet with unexpected length was received. * Closing connection #0 remote: Total 149766 (delta 138201), reused 149559 (delta 138077) Receiving objects: 100% (149766/149766), 198.98 MiB | 361 KiB/s, done. error: RPC failed; result=56, HTTP code = 200 Resolving deltas: 100% (138201/138201), done. git exits at this point but it deletes the entire cloned ./typescript directory. I tried building the latest git binary and included an additional debug option in "http.c" that allowed me to set the protocol version using an environment option: CURLOPT_SSLVERSION=1 git clone ... where 1 = TLSv1, 2 = SSLv2, 3 = SSLv3. I tried each protocol but the result was the same. The knock-on bug here is that git ought not to delete what it has fetched - in this case more than 250MB of data. I did try to build the latest gnutls but it needs a very recent version of libnettle which has the "rsa_decrypt_tr" function. I stopped at that point since I don't want to get into dependency and library version issues. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1111882/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
