Interoperability issue with The Bat (Debian Bug #316522)

Simon Josefsson simon at josefsson.org
Fri Jan 4 18:25:56 CET 2008


Marc Haber <mh+gnutls-devel at zugschlus.de> writes:

> Hi,
>
> Simon Josefsson has suggested to me (a member of the maintainer team
> for Exim's packages for the Debian Operating System) that it might be
> a good idea to move a technical debate from our blogs
> (http://blog.zugschlus.de/archives/585-exim4-vs.-OpenSSL-vs.-GnuTLS.html,
> http://blog.josefsson.org/2007/11/09/response-to-gnutls-in-exim-debate/)
> to gnutls-devel as this list is a better medium for archived discussion.
>
> I'll send a dedicated mail for each of Debian's bug reports, so that
> the threads are not going to intermix.
>
> Debian Bug #316522, http://bugs.debian.org/316522
> =================================================
>
> Simon writes:
>>  When the email client TheBat talks with exim4 4.50-8, gnutls (in
>>  exim4) will log (gnutls_handshake): An error was encountered at the
>>  TLS Finished packet calculation. Other clients than TheBat reportedly
>>  works. An older version of Exim4, specifically 4.32-2, worked though.
>>  It is unclear whether the version of GnuTLS changed when exim4 was
>>  upgraded from 4.32-2 to 4.50-8.
>
> Unfortunately, I wasn't able to find out which GnuTLS library exim4
> 4.32-2 was compiled against since snapshot.debian.net is incomplete
> here. 4.32-4 was built for Debian on April 26, 2004.
>
> Exim 4.50-8 in Debian has a binary depends on libgnutls11 (>= 1.0.16).
>
>>  There is no discussion of whether changing to OpenSSL would solve the
>>  problem. Conclusion: The problem with TheBat warrants debugging.
>>  However, this do not seem to be a widely reported problem. Further,
>>  TheBat is not free software so we cannot help debug it. Questions:
>>  The reported said earlier versions worked, which GnuTLS versions was
>>  this? Can the problem be pin-pointed to a specific GnuTLS release or
>>  Exim4 release? Does the problem go away with OpenSSL?
>
> Can you ask these questions to the submitter on the BTS?

Done.

> It might be possible (judging from
> https://www.ritlabs.com/bt/view.php?id=5785) that The Bat by default
> refuses to talk TLS to a server presenting a self-signed certificate.

I also note that it is possible to download trial versions of TheBat.
If we can get a recipe to reproduce the problem using it, that would
help a lot.

/Simon





More information about the Gnutls-devel mailing list