Bug#594150: regression in apt-transport-https interop with apt-cacher

Andreas Metzler ametzler at downhill.at.eu.org
Tue Nov 23 19:21:37 UTC 2010


On 2010-11-22 Simon McVittie <smcv at debian.org> wrote:
[...]
> On Sun, 14 Nov 2010 at 17:07:24 +0000, Neil Williams wrote:
> > gnutls-cli --insecure -p 443
> > --x509certfile /etc/apt/client-certs/test-client.apt-test.aviatis.com.crt
> > --x509keyfile /etc/apt/client-certs/test-client.apt-test.aviatis.com.key
> > apt-test.aviatis.com
> [...]
> > *** Non fatal error: Rehandshake was requested by the peer.
> > *** Received rehandshake request
> > *** Fatal error: Unsafe renegotiation denied.
> > *** Rehandshake Failed.

> That sounds to me as though it might be fallout from CVE-2009-3555. I've
> reassigned this to gnutls in the hope that one of its maintainers can shed
> some light on it - if this isn't gnutls' fault, please reassign or close
> as appropriate.

As a suporting data point: 
gnutls-cli --priority NORMAL:%UNSAFE_RENEGOTIATION 
succeeds.

I will ask gnutls upstream to make sure.

cu andreas





More information about the Pkg-gnutls-maint mailing list