[gnutls-devel] 3.6.2 testsuite error with softhsm 2.4.0

Andreas Metzler ametzler at bebt.de
Sat May 12 14:07:02 CEST 2018

On 2018-05-10 Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
> On Thu, May 10, 2018 at 4:21 PM, Andreas Metzler <ametzler at bebt.de> wrote:
> > tests/pkcs11/tls-neg-pkcs11-key fails after upgrading softhsm from 2.2.0
>> # 2.4.0
>> (sid)ametzler at argenau:/tmp/GNUTLS/gnutls-3.6.2/b4deb$ tests/pkcs11/tls-neg-pkcs11-key
>> The token has been initialized and is reassigned to slot 1993469037
>> checking: tls1.2: ecc key
>> checking: tls1.2: rsa-sign key
>> checking: tls1.2: rsa-sign key with rsa-pss sigs prioritized
>> checking: tls1.2: rsa-pss-sign key
>> client[-28]: Resource temporarily unavailable, try again.
>> server[-87]: No supported cipher suites have been found.
>> try_with_key:189: Handshake failed
>> This is on Debian sid.

> I have debian testing at home and it seems to work here (trying from
> gnutls master)


Yes, gnutls master works. I have run git bisect to locate the
"unbreakage" in between 3.6.2 and master and found
962ef882031062866f6782078af17cf9701266da which reverts 
| ef44477127952c13e93d7ea88f7b549bf36602f5
| priority: disable the enabled by default RSA-PSS signature
| algorithms
| They have been modified in the latest (yet unsupported) TLS 1.3
| drafts, so prevent causes interoperability failures by keeping them
| on.

And indeed reverting ef44477127952c13e93d7ea88f7b549bf36602f5 on top of
3.6.2 also fixes the testsuite error in tls-neg-pkcs11-key.

cu Andreas
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

More information about the Gnutls-devel mailing list