[gnutls-devel] gnutls ASSERT lines even when not using TLS on knot-resolver

Nikos Mavrogiannopoulos nmav at gnutls.org
Sat Jun 10 11:26:48 CEST 2017


On Thu, Jun 8, 2017 at 8:11 PM, Daniel Kahn Gillmor
<dkg at fifthhorseman.net> wrote:
> Hi GnuTLS folks--
>
> Over on:
>
> https://gitlab.labs.nic.cz/knot/resolver/merge_requests/287#note_48109
>
> Vladimír Čunát (cc'ed here) reports that the following log messages
> appear even when knot-resolver isn't listening on TLS:
>
>      [tls] gnutls: (3) ASSERT: pk.c[_wrap_nettle_pk_verify]:750
>      [tls] gnutls: (3) ASSERT: pubkey.c[pubkey_verify_hashed_data]:1913
>
> Presumably this has to do with the fact that knot-resolver is using
> nettle to do DNSSEC verification, but i don't understand the linkage
> between GnuTLS and nettle well enough to know why this would be
> happening just because the gnutls logging function is set.

My guess is that it uses the gnutls signing/verification functions
rather than nettle directly. The knot developers may be in better
position to answer that.

regards,
Nikos



More information about the Gnutls-devel mailing list