[gnutls-devel] Problem with proxied connections on 3.5.3

Andreas Metzler ametzler at bebt.de
Fri Sep 16 19:28:30 CEST 2016

On 2016-08-28 Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
> On Fri, Aug 26, 2016 at 7:18 PM, Andreas Metzler <ametzler at bebt.de> wrote:
> > Hello,
> >
> > this is https://bugs.debian.org/835342 reported by
> Something is wrong there. I don't see any changes in gnutls code that
> could result to it. Could the user bisect since 3.5.2 and try to
> figure out the change that causes that issue? Is there a reproducer?


yes, there is a reproducer, and we now have git bisect:
Hey there,
After struggling a bit with the process of "bisecting", I think I got
something :).
You can view git bisect log here http://pastebin.com/sj1ZbbqA

c801a15bca9ea8f3f7abd4be48bebd36c54eeba2 is the first bad commit
commit c801a15bca9ea8f3f7abd4be48bebd36c54eeba2
Author: Nikos Mavrogiannopoulos <nmav at redhat.com>
Date:   Mon Aug 1 10:48:46 2016 +0200

    nettle: use rsa_*_key_prepare

    Previously we calculated the size of the key directly, but
    by using the rsa_*_key_prepare we benefit from any checks that
    may be introduced in the future. Specifically any checks for invalid
    public keys (e.g., keys that may crash the underlying gmp functions).

:040000 040000 29a2377df28240d7688082ac12318baacdd1bb7c
23aa890386085677a878268578e9a2c27d396c80 Mlib

It seems the commit "b0d560b" reverts  "c801a15", and commit 186dc9c
breaks it again.

I hope that helps.

cu Andreas
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

More information about the Gnutls-devel mailing list