On 2012-05-29 20:16, Janne Snabb wrote: > I am seeing some GnuTLS 3.0.x issues which I am unable to reproduce when > using GnuTLS 2.x. This could be a GnuTLS bug.
Ok, looks like this is unrelated to Exim. No need to delay the release :). Steps to re-produce with GnuTLS tools: 1. Create server key+certificate: certtool --generate-privkey --outfile foo.key certtool --generate-self-signed --load-privkey foo.key --outfile foo.crt 2. Start server: gnutls-serv --x509keyfile foo.key --x509certfile foo.crt --x509cafile /etc/ssl/certs/ca-certificates.crt 3. Connect with client and observe failure: gnutls-cli --insecure -p 5556 localhost 4. Start server without CA cert bundle: gnutls-serv --x509keyfile foo.key --x509certfile foo.crt 5. Connect with client and observe success: gnutls-cli --insecure -p 5556 localhost I can reproduce this with gnutls-bin 3.0.19-2 as packaged in Debian "sid". There are no problems when using gnutls-bin 3.0.11+really2.12.14-5ubuntu3 as packaged in Ubuntu 12.04. -- Janne Snabb / EPIPE Communications [email protected] - http://epipe.com/ -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
