Bug#910835: libgnutls30: elinks errors with SSL error with 3.6.4-2 libgnutls28 on any https website
Control: forwarded 910835 https://gitlab.com/gnutls/gnutls/issues/593 On 2018-10-12 Dimitri John Ledkov wrote: > On Thu, 11 Oct 2018 23:46:17 +0100 Dimitri John Ledkov > wrote: > > Package: libgnutls30 > > Version: 3.6.4-2 [...] > > $ elinks -dump https://google.com > > ELinks: SSL error > Ok, I've traced this further now. ELinks does: > gnutls_priority_set_direct(*state, "NORMAL:-CTYPE-OPENPGP", NULL) > which used to pass fine in 3.5. (aka use normal, but disable OPENPGP > certs), with with 3.6 this errors out, because OPENPGP certs are > disabled now by default but that matches the requested > expectations. [...] Hello, Well, actually support for OPENPGP certs was deleted, not only disabled by default. So elinks should simply use gnutls_set_default_priority() instead of gnutls_priority_set_direct(). GnuTLS probably will probably accept -CTYPE-OPENPGP in priority strings in 3.6.5 again. (Treating it as the noop it is.) cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
Bug#910835: libgnutls30: elinks errors with SSL error with 3.6.4-2 libgnutls28 on any https website
On 2018-10-12 Dimitri John Ledkov wrote: [...] > gnutls_priority_set_direct(*state, "NORMAL:-CTYPE-OPENPGP", NULL) > which used to pass fine in 3.5. (aka use normal, but disable OPENPGP > certs), with with 3.6 this errors out, because OPENPGP certs are > disabled now by default but that matches the requested > expectations. > Imho, it would be nice if -CTYPE-OPENPGP was still valid in 3.6 and be > a no-op. Confirmed (with gnutls-cli --priority 'NORMAL:-CTYPE-OPENPGP' --list). I will ask upstream, looks like an oversight. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
Bug#910835: libgnutls30: elinks errors with SSL error with 3.6.4-2 libgnutls28 on any https website
On Thu, 11 Oct 2018 23:46:17 +0100 Dimitri John Ledkov wrote: > Package: libgnutls30 > Version: 3.6.4-2 > Severity: important > > $ sudo apt install libgnutls30/experimental > > $ elinks -dump https://google.com > ELinks: SSL error Ok, I've traced this further now. ELinks does: gnutls_priority_set_direct(*state, "NORMAL:-CTYPE-OPENPGP", NULL) which used to pass fine in 3.5. (aka use normal, but disable OPENPGP certs), with with 3.6 this errors out, because OPENPGP certs are disabled now by default but that matches the requested expectations. Imho, it would be nice if -CTYPE-OPENPGP was still valid in 3.6 and be a no-op. Regards, Dimitri.
Bug#910835: libgnutls30: elinks errors with SSL error with 3.6.4-2 libgnutls28 on any https website
Package: libgnutls30 Version: 3.6.4-2 Severity: important -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Maintainer, I've tried upgrading libgnutls30 and squid autopkgtest surfaced the following bug: # The below works correctly and dumps a text # representation of the google homepage $ elinks -dump https://google.com $ sudo apt install libgnutls30/experimental $ elinks -dump https://google.com ELinks: SSL error I'm not sure why... Either elinks is buggy and need changes, or maybe libgnutls30 is buggy, or if it's not buggy maybe it needs to declare breaks on elinks. Hopefully you can investigate this further, or like clone/reassign to elinks package. Regards, Dimitri. -BEGIN PGP SIGNATURE- iQFEBAEBCgAuFiEEdzyZ69ChEXIhenw/ysLYuc0spfkFAlu/0rgQHHhub3hAdWJ1 bnR1LmNvbQAKCRDKwti5zSyl+XniB/4jLfZhEIed2ItKSeRfNVm0WKGJqKT9z2xQ YT91+6BDV1AUEnTkGW3ThsKFgEKlzYEeBuQa6iE/L9YiBO9b8EggKHWd8x425ZOx gMjRPt3BKAucqCpwy8ISwnBzxeMt4rB4SZ9KfzSbDbVCH+6uyR2ioZS67knb19lO gAii4tSnoyHLBwh6vmZP5ngkxKjfrqHujYOlW5eLgSkbs4yIrfdDQX0vzJn8Nv8E KJDz5Qd/1iN3mQFOC/kiVurk+ENKNyYaSc4/oW/utpRMvEfpDxIhOskmfexTDOKb LaT8LPxBPAbvRTeQ7arPHLC/lhcBx70Hj3o9bxz+jiKyBGz438x7 =FNFV -END PGP SIGNATURE-