Bug#638595: WWWOFFLE HTTPS now unusable

Andreas Metzler ametzler at downhill.at.eu.org
Sat Aug 27 18:58:35 CEST 2011


On 2011-08-27 Andreas Metzler <ametzler at downhill.at.eu.org> wrote:
> On 2011-08-25 "Andrew M. Bishop" <amb at gedanken.demon.co.uk> wrote:
[...]
>> Another way to view the problem is to look at the libgnutls functions
>> that WWWOFFLE calls:

>> # ltrace -l /usr/lib/i386-linux-gnu/libgnutls.so \
>>   /home/amb/wwwoffle-2.9g/src/wwwoffled -c /etc/wwwoffle/wwwoffle.conf -f
[...]
>> gnutls_x509_privkey_init(0xbf808bec, 0xbf8087e4, 1024, 0x80fc480, 0xbf808822) = 0
>> gnutls_x509_privkey_import(0x818dd18, 0xbf808be4, 1, 0x80fc480, 0xbf808822) = 0
[...]
>> gnutls_certificate_set_x509_key(0x818ff70, 0xbf808ca8, 1, 0x818dd18, 0xbf808cac) = 0
[...]
>> gnutls_x509_privkey_deinit(0x818dd18, 0x80feaa8, 1, 0x818dd18, 0xbf808cac) = 161
>> gnutls_credentials_set(0x8195178, 1, 0x818ff70, 0x80f9104, 0xbf808cf8)    = 0
>> gnutls_transport_set_ptr(0x8195178, 0, 0x818ff70, 0x80f9104, 0xbf808cf8)  = 0x8195178
>> gnutls_handshake(0x8195178, 0, 0x818ff70, 0x80f9104, 0xbf808cf8 <unfinished ...>
[...]
>> The documentation for these functions don't say that you can't call
>> the 'deinit' function until after the handshake.  The libgnutls NEWS
>> file doesn't say that there is an ABI change in this area either.  It
>> certainly used to work that you could do this.

Hello,

I would not be surprised if upstream's response was "don't do this, this
was never supposed to work" but at a quick look I could not find
respective reference in the docs either.

cu andreas




More information about the Gnutls-devel mailing list