On 2012-05-29 20:16, Janne Snabb wrote:
> I am seeing some GnuTLS 3.0.x issues which I am unable to reproduce when
> using GnuTLS 2.x. This could be a GnuTLS bug.
Ok, looks like this is unrelated to Exim.
No need to delay the release :).
Steps to re-produce with GnuTLS tools:
1. Create server key+certificate:
certtool --generate-privkey --outfile foo.key
certtool --generate-self-signed --load-privkey foo.key --outfile foo.crt
2. Start server:
gnutls-serv --x509keyfile foo.key --x509certfile foo.crt --x509cafile
/etc/ssl/certs/ca-certificates.crt
3. Connect with client and observe failure:
gnutls-cli --insecure -p 5556 localhost
4. Start server without CA cert bundle:
gnutls-serv --x509keyfile foo.key --x509certfile foo.crt
5. Connect with client and observe success:
gnutls-cli --insecure -p 5556 localhost
I can reproduce this with gnutls-bin 3.0.19-2 as packaged in Debian "sid".
There are no problems when using gnutls-bin
3.0.11+really2.12.14-5ubuntu3 as packaged in Ubuntu 12.04.
--
Janne Snabb / EPIPE Communications
snabb@??? -
http://epipe.com/
