Interoperability issue with The Bat (Debian Bug #316522)
Simon Josefsson
simon at josefsson.org
Fri Jan 4 18:25:56 CET 2008
Marc Haber <mh+gnutls-devel at zugschlus.de> writes:
> Hi,
>
> Simon Josefsson has suggested to me (a member of the maintainer team
> for Exim's packages for the Debian Operating System) that it might be
> a good idea to move a technical debate from our blogs
> (http://blog.zugschlus.de/archives/585-exim4-vs.-OpenSSL-vs.-GnuTLS.html,
> http://blog.josefsson.org/2007/11/09/response-to-gnutls-in-exim-debate/)
> to gnutls-devel as this list is a better medium for archived discussion.
>
> I'll send a dedicated mail for each of Debian's bug reports, so that
> the threads are not going to intermix.
>
> Debian Bug #316522, http://bugs.debian.org/316522
> =================================================
>
> Simon writes:
>> When the email client TheBat talks with exim4 4.50-8, gnutls (in
>> exim4) will log (gnutls_handshake): An error was encountered at the
>> TLS Finished packet calculation. Other clients than TheBat reportedly
>> works. An older version of Exim4, specifically 4.32-2, worked though.
>> It is unclear whether the version of GnuTLS changed when exim4 was
>> upgraded from 4.32-2 to 4.50-8.
>
> Unfortunately, I wasn't able to find out which GnuTLS library exim4
> 4.32-2 was compiled against since snapshot.debian.net is incomplete
> here. 4.32-4 was built for Debian on April 26, 2004.
>
> Exim 4.50-8 in Debian has a binary depends on libgnutls11 (>= 1.0.16).
>
>> There is no discussion of whether changing to OpenSSL would solve the
>> problem. Conclusion: The problem with TheBat warrants debugging.
>> However, this do not seem to be a widely reported problem. Further,
>> TheBat is not free software so we cannot help debug it. Questions:
>> The reported said earlier versions worked, which GnuTLS versions was
>> this? Can the problem be pin-pointed to a specific GnuTLS release or
>> Exim4 release? Does the problem go away with OpenSSL?
>
> Can you ask these questions to the submitter on the BTS?
Done.
> It might be possible (judging from
> https://www.ritlabs.com/bt/view.php?id=5785) that The Bat by default
> refuses to talk TLS to a server presenting a self-signed certificate.
I also note that it is possible to download trial versions of TheBat.
If we can get a recipe to reproduce the problem using it, that would
help a lot.
/Simon
More information about the Gnutls-devel
mailing list