Re: [exim] Exim 4.80 RC6 + GnuTLS more issues

Top Page

Reply to this message
Author: Janne Snabb
To: exim-users
Subject: Re: [exim] Exim 4.80 RC6 + GnuTLS more issues
On 2012-05-29 20:16, Janne Snabb wrote:
> I am seeing some GnuTLS 3.0.x issues which I am unable to reproduce when
> using GnuTLS 2.x. This could be a GnuTLS bug.

Ok, looks like this is unrelated to Exim.

No need to delay the release :).

Steps to re-produce with GnuTLS tools:

1. Create server key+certificate:

certtool --generate-privkey --outfile foo.key
certtool --generate-self-signed --load-privkey foo.key --outfile foo.crt

2. Start server:

gnutls-serv --x509keyfile foo.key --x509certfile foo.crt --x509cafile

3. Connect with client and observe failure:

gnutls-cli --insecure -p 5556 localhost

4. Start server without CA cert bundle:

gnutls-serv --x509keyfile foo.key --x509certfile foo.crt

5. Connect with client and observe success:

gnutls-cli --insecure -p 5556 localhost

I can reproduce this with gnutls-bin 3.0.19-2 as packaged in Debian "sid".

There are no problems when using gnutls-bin
3.0.11+really2.12.14-5ubuntu3 as packaged in Ubuntu 12.04.

Janne Snabb / EPIPE Communications
snabb@??? -