Bug#767169:
Hi, just out of curiosity ? Why not simply switch to openssl ? Accordint to thise report (same bug, btw), openssl is faster anyway https://bugs.archlinux.org/task/40075 On Thu, Oct 30, 2014 at 5:49 PM, Andreas Moog andreas.m...@warperbbs.de wrote: Control: tags -1 -moreinfo Control: tags -1 confirmed help On Wed, Oct 29, 2014 at 08:24:45PM +0100, Frollic Nilsson wrote: Hi, FYI, site and IP masked Thanks for that. I could reproduce the issue by running nzbget in daemon mode. The cause for the issue needs more investigating, sadly upstream's response to this has in the past been: Use openssl. For now, you can run nzbget in server mode (-s instead of -D) and everything should work as expected. I'll try to get info from gnutls developers on how I could debug this. Thanks for your help in the matter! Cheers, Andreas -- PGP-encrypted mails preferred PGP Fingerprint: 74CD D9FE 5BCB FE0D 13EE 8EEA 61F3 4426 74DE 6624
Bug#767169:
Control: tags -1 -moreinfo Control: tags -1 confirmed help On Wed, Oct 29, 2014 at 08:24:45PM +0100, Frollic Nilsson wrote: Hi, FYI, site and IP masked Thanks for that. I could reproduce the issue by running nzbget in daemon mode. The cause for the issue needs more investigating, sadly upstream's response to this has in the past been: Use openssl. For now, you can run nzbget in server mode (-s instead of -D) and everything should work as expected. I'll try to get info from gnutls developers on how I could debug this. Thanks for your help in the matter! Cheers, Andreas -- PGP-encrypted mails preferred PGP Fingerprint: 74CD D9FE 5BCB FE0D 13EE 8EEA 61F3 4426 74DE 6624 signature.asc Description: Digital signature
Bug#767169:
Manually compiled nzbget 13 from source. This is the ldd for the original nzbget 13 coming from the repository: root@debian:~/nzbget-13.0# ldd /usr/bin/nzbget libz.so.1 = /lib/arm-linux-gnueabi/libz.so.1 (0xb6f34000) libpar2.so.1 = /usr/lib/arm-linux-gnueabi/libpar2.so.1 (0xb6eab000) libncurses.so.5 = /lib/arm-linux-gnueabi/libncurses.so.5 (0xb6e7c000) libtinfo.so.5 = /lib/arm-linux-gnueabi/libtinfo.so.5 (0xb6e4d000) libpthread.so.0 = /lib/arm-linux-gnueabi/libpthread.so.0 (0xb6e24000) libxml2.so.2 = /usr/lib/arm-linux-gnueabi/libxml2.so.2 (0xb6ce9000) libsigc-2.0.so.0 = /usr/lib/arm-linux-gnueabi/libsigc-2.0.so.0 (0xb6cd3000) libgnutls-deb0.so.28 = /usr/lib/arm-linux-gnueabi/libgnutls-deb0.so.28 (0xb6bc3000) libstdc++.so.6 = /usr/lib/arm-linux-gnueabi/libstdc++.so.6 (0xb6ae5000) libm.so.6 = /lib/arm-linux-gnueabi/libm.so.6 (0xb6a34000) libgcc_s.so.1 = /lib/arm-linux-gnueabi/libgcc_s.so.1 (0xb6a05000) libc.so.6 = /lib/arm-linux-gnueabi/libc.so.6 (0xb68be000) /lib/ld-linux.so.3 (0xb6f63000) libdl.so.2 = /lib/arm-linux-gnueabi/libdl.so.2 (0xb68ab000) liblzma.so.5 = /lib/arm-linux-gnueabi/liblzma.so.5 (0xb6883000) libp11-kit.so.0 = /usr/lib/arm-linux-gnueabi/libp11-kit.so.0 (0xb683f000) libtasn1.so.6 = /usr/lib/arm-linux-gnueabi/libtasn1.so.6 (0xb681f000) libnettle.so.4 = /usr/lib/arm-linux-gnueabi/libnettle.so.4 (0xb67ec000) libhogweed.so.2 = /usr/lib/arm-linux-gnueabi/libhogweed.so.2 (0xb67bc000) libgmp.so.10 = /usr/lib/arm-linux-gnueabi/libgmp.so.10 (0xb6746000) libffi.so.6 = /usr/lib/arm-linux-gnueabi/libffi.so.6 (0xb6736000) This is the one I compiled myself: root@debian:/usr/bin# ldd nzbget libz.so.1 = /lib/arm-linux-gnueabi/libz.so.1 (0xb6f6e000) libpar2.so.1 = /usr/lib/arm-linux-gnueabi/libpar2.so.1 (0xb6ee5000) libncurses.so.5 = /lib/arm-linux-gnueabi/libncurses.so.5 (0xb6eb6000) libtinfo.so.5 = /lib/arm-linux-gnueabi/libtinfo.so.5 (0xb6e87000) libpthread.so.0 = /lib/arm-linux-gnueabi/libpthread.so.0 (0xb6e5e000) libxml2.so.2 = /usr/lib/arm-linux-gnueabi/libxml2.so.2 (0xb6d23000) libsigc-2.0.so.0 = /usr/lib/arm-linux-gnueabi/libsigc-2.0.so.0 (0xb6d0d000) *libssl.so.1.0.0 = /usr/lib/arm-linux-gnueabi/libssl.so.1.0.0 (0xb6cb4000) *libcrypto.so.1.0.0 = /usr/lib/arm-linux-gnueabi/libcrypto.so.1.0.0 (0xb6b4) libstdc++.so.6 = /usr/lib/arm-linux-gnueabi/libstdc++.so.6 (0xb6a62000) libm.so.6 = /lib/arm-linux-gnueabi/libm.so.6 (0xb69b1000) libgcc_s.so.1 = /lib/arm-linux-gnueabi/libgcc_s.so.1 (0xb6981000) libc.so.6 = /lib/arm-linux-gnueabi/libc.so.6 (0xb683b000) /lib/ld-linux.so.3 (0xb6f9d000) libdl.so.2 = /lib/arm-linux-gnueabi/libdl.so.2 (0xb6828000) liblzma.so.5 = /lib/arm-linux-gnueabi/liblzma.so.5 (0xb680) Mine have a libssl and libcrypto dependency, and the DLds work, no TSL errro message.
Bug#767169: nzbget and TLS/SSL
control: tags -1 moreinfo On Wed, Oct 29, 2014 at 02:20:51PM +0100, Frollic Nilsson wrote: Hi there, thanks for your report, I tried to replicate, but on my system I can download nzb files and their contents just fine over TLS. To determine where the problem lies, please attach the output of: gnutls-cli -V --no-ca-verification HOSTNAME YOU ARE CONNECTING TO (Use the -p option if you connect to a port other than 443) Also please answer these questions: 1. Are you getting the error while adding the nzb or while downloading the content? 2. Can you post the relevant parts of your nzbget configuration file? Remember to remove your password first. That will help to debug the issue! This is the ldd for the original nzbget 13 coming from the repository: root@debian:~/nzbget-13.0# ldd /usr/bin/nzbget libgnutls-deb0.so.28 = /usr/lib/arm-linux-gnueabi/libgnutls-deb0.so.28 (0xb6bc3000) As you can see, gnutls is linked into nzbget. *libssl.so.1.0.0 = /usr/lib/arm-linux-gnueabi/libssl.so.1.0.0 *libcrypto.so.1.0.0 = /usr/lib/arm-linux-gnueabi/libcrypto.so.1.0.0 (0xb6b4) Mine have a libssl and libcrypto dependency, and the DLds work, no TSL errro message. Both these libraries come from openssl, which indeed isn't activated for the Debian build, but usually gnutls works just fine. Thanks for your cooperation. Best wishes, Andreas -- PGP-encrypted mails preferred PGP Fingerprint: 74CD D9FE 5BCB FE0D 13EE 8EEA 61F3 4426 74DE 6624 signature.asc Description: Digital signature
Bug#767169:
Hi, FYI, site and IP masked root@debian:~# gnutls-cli -V --no-ca-verification something.com Processed 0 CA certificate(s). Resolving 'something.com'... Connecting to '1.2.3.4:443'... *** Non fatal error: A TLS warning alert has been received. *** Received alert [112]: The server name sent was not recognized - Certificate type: X.509 - Got a certificate list of 1 certificates. - Certificate[0] info: - X.509 Certificate Information: Version: 3 Serial Number (hex): 00e16f4726677d6dcf83f378c311970b76 Issuer: C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA Limited,CN=EssentialSSL CA Validity: Not Before: Sun Jan 05 00:00:00 UTC 2014 Not After: Mon Jan 05 23:59:59 UTC 2015 Subject: OU=Domain Control Validated,OU=EssentialSSL,CN= something.com Subject Public Key Algorithm: RSA Algorithm Security Level: Medium (2048 bits) Modulus (bits 2048): 00:ba:f4:9c:45:d8:ef:91:3a:4b:fa:dc:e6:3e:c5:de 47:27:d8:ea:65:cd:7a:d6:bf:41:47:0b:04:fa:f8:d2 70:d7:e7:59:cb:82:6b:f4:7f:9d:5a:a7:b9:34:fe:e9 6e:dc:47:3c:06:a2:96:00:44:e9:6a:b2:7f:89:8d:7d 3d:7a:51:9b:a4:8e:c5:93:93:5c:65:e6:2f:e5:cf:0a 52:73:7d:57:9d:b6:46:3c:ff:ed:3b:07:42:a2:94:0c ed:cd:a8:e2:08:de:36:36:2f:b3:fc:55:d8:f8:5b:3d f9:74:26:8b:a8:85:bb:a4:c6:64:97:74:da:ad:a7:6a 3d:18:a3:d6:0f:1a:69:d1:a1:2c:fe:b6:61:45:77:f7 69:dd:ec:81:b1:c2:e1:eb:c2:0d:00:3f:03:1a:18:d6 bb:c1:40:0f:6d:b7:24:f5:e7:c0:ef:95:58:dc:f0:42 bf:12:fa:51:55:fb:a8:11:a4:3b:0b:8c:16:df:9e:9d ca:36:d0:24:90:15:97:dd:3e:10:4e:ea:09:de:9c:f2 19:54:7c:00:a4:02:10:48:07:91:c0:f7:43:6e:62:8b f0:73:43:d4:d2:2a:1c:44:aa:8f:f9:fa:42:ad:93:19 b6:7f:8a:22:80:8b:91:b0:c0:60:f2:3e:88:9c:9a:9b e3 Exponent (bits 24): 01:00:01 Extensions: Authority Key Identifier (not critical): dacbeaad5b085dccfffc2654ce49e555c638f4f8 Subject Key Identifier (not critical): a05967511c994cebbb7edbadf838f51f6e559d29 Key Usage (critical): Digital signature. Key encipherment. Basic Constraints (critical): Certificate Authority (CA): FALSE Key Purpose (not critical): TLS WWW Server. TLS WWW Client. 1.3.6.1.4.1.311.10.3.3 2.16.840.1.113730.4.1 Certificate Policies (not critical): 1.3.6.1.4.1.6449.1.2.2.7 URI: https://secure.comodo.com/CPS 2.23.140.1.2.1 CRL Distribution points (not critical): URI: http://crl.comodoca.com/EssentialSSLCA.crl Authority Information Access (not critical): Access Method: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers) Access Location URI: http://crt.comodoca.com/EssentialSSLCA_2.crt Access Method: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp) Access Location URI: http://ocsp.comodoca.com Subject Alternative Name (not critical): DNSname: something.com DNSname: www.something.com Signature Algorithm: RSA-SHA1 Signature: 8f:dc:87:15:26:00:02:fd:39:59:c6:97:c5:47:97:8f a5:d6:bf:71:11:92:d0:cb:4b:51:10:cc:08:31:b5:df 8d:61:a1:7e:56:ef:77:d2:eb:ff:4f:d5:7c:cb:30:73 65:f0:47:e5:68:0e:c7:e3:6d:de:a1:2a:80:7c:dd:f6 e3:85:7e:b8:30:15:eb:c9:56:7d:0d:c5:34:68:9b:6a 9c:a5:30:d1:11:64:f4:1b:70:56:bd:13:ad:92:85:61 8e:e9:6d:eb:27:c9:6b:ad:34:6f:cc:c0:6a:3d:72:68 f2:f2:39:f4:77:b1:96:e6:5d:ea:9d:49:18:cf:51:fc 84:d1:37:5f:15:62:ab:23:47:33:a2:83:04:57:1d:45 94:ba:e3:77:45:6f:df:1d:e9:02:e6:1c:5e:a1:89:44 d3:98:f4:6b:8f:ae:5b:c9:3c:46:dd:b7:0a:98:ff:43 6d:e0:44:3b:8f:a5:48:49:8e:50:85:e1:37:d9:c6:7f aa:5a:47:eb:31:12:16:7b:24:cd:ea:a6:a4:b0:ee:53 f0:9b:78:0e:f8:bb:50:2c:67:c8:d7:21:21:bb:2b:0e be:92:d0:d1:9d:57:95:da:ec:f0:83:fb:6e:e6:0d:48 6e:61:6a:a5:72:e5:04:20:7f:bb:03:bb:6d:25:72:1d Other Information: SHA1 fingerprint: masked SHA256 fingerprint:
Bug#767169: nzbget 12 compiled without TSL support
Package: hello Version: 12.0+dfsg-1 When provided with NZB DL links to sites using HTTPS, the application throws a TLS handshake failed: Error in the system's randomness device. error message. It would appear that nzbget was compiled without TSL/SSL support. Running Linux debian 3.16-2-kirkwood #1 Debian 3.16.3-2 (2014-09-20) armv5tel GNU/Linux.
Bug#767169:
Also tried the 13.0+dfsg-1, same error.
Bug#767169: nzbget 12 compiled without TSL support
On 2014-10-28 22:51:35, Frollic Nilsson wrote: Package: hello Version: 12.0+dfsg-1 I suspect that's not the package you wanted. When provided with NZB DL links to sites using HTTPS, the application throws a TLS handshake failed: Error in the system's randomness device. error message. Looks more like a gnutls bug or a broken /dev/{,u}random on your side. Cheers -- Sebastian Ramacher signature.asc Description: Digital signature