Package: libcurl3-gnutls Version: 7.35.0-1 Severity: normal Hi,
this appears to be a regression. With 7.33.0-1 I could access git repositories over https; with 7.35.0-1 I can't: % GIT_CURL_VERBOSE=1 git clone https://https.server/repo.git/ Cloning into 'repo'... * Couldn't find host https.server in the .netrc file; using defaults * Hostname was NOT found in DNS cache * Trying 172.18.42.42... * Connected to https.server (172.18.42.42) port 443 (#0) * found 164 certificates in /etc/ssl/certs/ca-certificates.crt * gnutls_handshake() failed: A record packet with illegal version was received. * Closing connection 0 fatal: unable to access 'https://https.server/repo.git/': gnutls_handshake() failed: A record packet with illegal version was received. gnutls-cli can connect to the server without problems: % echo 'GET /repo.git/ HTTP/1.0\nHost: https.server\n\n' | gnutls-cli -p 443 https.server :( Processed 164 CA certificate(s). Resolving 'https.server'... Connecting to '172.18.42.42:443'... - Certificate type: X.509 - Got a certificate list of 3 certificates. - Certificate[0] info: - subject `serialNumber=<redacted>,OU=<redacted>,OU=See www.rapidssl.com/resources/cps (c)12,OU=Domain Control Validated - RapidSSL(R),CN=*.<redacted.tld>', issuer `C=US,O=GeoTrust\, Inc.,CN=RapidSSL CA', RSA key 3072 bits, signed using RSA-SHA1, activated `2012-06-16 18:43:43 UTC', expires `2014-07-20 07:59:49 UTC', SHA-1 fingerprint `<redacted>' Public Key ID: <redacted> Public key's random art: +--[ RSA 3072]----+ |B= E.ooo | |*.O .++ | |+*o...=oo | |.. +o.+o . | | .o . S | | . | | | | | | | +-----------------+ - Certificate[1] info: - subject `C=US,O=GeoTrust\, Inc.,CN=RapidSSL CA', issuer `C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA', RSA key 2048 bits, signed using RSA-SHA1, activated `2010-02-19 22:45:05 UTC', expires `2020-02-18 22:45:05 UTC', SHA-1 fingerprint `c039a3269ee4b8e82d00c53fa797b5a19e836f47' - Certificate[2] info: - subject `C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA', issuer `C=US,O=Equifax,OU=Equifax Secure Certificate Authority', RSA key 2048 bits, signed using RSA-SHA1, activated `2002-05-21 04:00:00 UTC', expires `2018-08-21 04:00:00 UTC', SHA-1 fingerprint `7359755c6df9a0abc3060bce369564c8ec4542a3' - Status: The certificate is trusted. - Description: (SSL3.0)-(ECDHE-RSA-SECP256R1)-(AES-128-CBC)-(SHA1) - Session ID: D1:8A:A9:05:88:2D:0B:E1:0D:CA:4A:95:70:F7:E2:73:08:2C:51:13:8F:86:15:24:63:75:35:46:5A:0D:47:09 - Ephemeral EC Diffie-Hellman parameters - Using curve: SECP256R1 - Curve size: 256 bits - Version: SSL3.0 - Key Exchange: ECDHE-RSA - Cipher: AES-128-CBC - MAC: SHA1 - Compression: NULL - Handshake was completed - Simple Client Mode: -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.13.5-vs2.3.6.10-hellgate (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=hu_HU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libcurl3-gnutls depends on: ii libc6 2.18-4 ii libcomerr2 1.42.9-3 ii libgcrypt11 1.5.3-3 ii libgnutls26 2.12.23-13 ii libgssapi-krb5-2 1.12+dfsg-2 ii libidn11 1.28-1 ii libk5crypto3 1.12+dfsg-2 ii libkrb5-3 1.12+dfsg-2 ii libldap-2.4-2 2.4.31-1+nmu2+astpasswd.2 ii librtmp0 2.4+20121230.gitdf6c518-1 ii libssh2-1 1.4.3-2 ii multiarch-support 2.18-3 ii zlib1g 1:1.2.8.dfsg-1 Versions of packages libcurl3-gnutls recommends: ii ca-certificates 20130906 libcurl3-gnutls suggests no packages. -- no debconf information Best regards, Andras -- I always lie. In fact, I'm lying to you right now! -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org