[gnutls-devel] GnuTLS | Git access issues due to long CA bundle filename (#1280)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Thu Oct 14 15:38:27 CEST 2021 


Ye Yang created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1280



## Description of problem:
I have a CA bundle file added to `/etc/ssl/certs` that is used by the NGINX HTTPS reverse proxy setup on the machine and is unrelated to `git`.

I have noticed that `git` (which uses `gnutls`) operations would fail if the bundle filename has more than 36 characters.

## Version of gnutls used:

`3.6.13-2ubuntu1.6`

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)

Ubuntu

## How reproducible:

Steps to Reproduce:

 * Add a CA bundle file with more than 36 characters, eg: `/etc/ssl/certs/star.staging.xxxx.eu.nginx.bundle.crt`
 * Try to `git clone`

## Actual results:

```bash
root at wiki-staging:~# ll /etc/ssl/certs/star.staging.xxxx.eu.nginx.bundle.crt 
-rw-r--r-- 1 root root 7198 Oct 13 18:37 /etc/ssl/certs/star.staging.xxxx.eu.nginx.bundle.crt
root at wiki-staging:~# git clone https://code.****.pt/****/****.git
Cloning into '****'...
fatal: unable to access 'https://code.****.pt/****/****.git/': server certificate verification failed. CAfile: none CRLfile: none
root at wiki-staging:~# 
```

## Expected results:

If we change the file name from `star.staging.xxxx.eu.nginx.bundle.crt` (37 chars) to `star.staging.xxx.eu.nginx.bundle.crt` (36 chars) the `git` commands return to normal function.

```bash
root at wiki-staging:~# mv  /etc/ssl/certs/star.staging.xxxx.eu.nginx.bundle.crt /etc/ssl/certs/star.staging.xxx.eu.nginx.bundle.crt
root at wiki-staging:~# ll /etc/ssl/certs/star.staging.xxx.eu.nginx.bundle.crt
-rw-r--r-- 1 root root 7198 Oct 13 18:37 /etc/ssl/certs/star.staging.xxx.eu.nginx.bundle.crt
root at wiki-staging:~# git clone https://code.****.pt/****/****.git
Cloning into '****'...
remote: Counting objects: 13, done.
remote: Compressing objects: 100% (11/11), done.
remote: Total 13 (delta 1), reused 0 (delta 0)
Unpacking objects: 100% (13/13), 3.49 KiB | 142.00 KiB/s, done.
root at wiki-staging:~# 
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1280
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20211014/b2a36630/attachment.html>

More information about the Gnutls-devel mailing list