Bug 629858

Summary: gnutls 2.10.1 breaks previously working apps
Product: [Fedora] Fedora Reporter: Yanko Kaneti <yaneti>
Component: gnutlsAssignee: Tomas Mraz <tmraz>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: rawhideCC: jfeeney, jorton, simon.mcvittie, tmraz, tomeu, vivek
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: gnutls-2.10.1-3.fc15 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-09-23 20:54:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
patch for gnutls 2.10.x none

Description Yanko Kaneti 2010-09-03 06:45:14 UTC 
Description of problem:

gnutls-2.10.1-1.fc15 breaks the previously working xmpp connection with empathy.
Somwhere in the empathy logs is this part of a connection error message:
TLS handshake error: -59: GNUTLS_E_INTERNAL_ERROR

Its a little hard for me to track whether this is an gnutls on empathy/telepathy issue. So I apologize if this is the wrong place for this.
Comment 1 Matthew Garrett 2010-09-13 13:40:03 UTC 
Telepathy upstream indicate that this is gnutls's fault and that the following git commits should be backported:

98e0e3c400366ad8b4ba835b48f89e4e45c06acd
2a539ad961affeffee32cb6148f421c8e66ab693
18cff36027f8fc0f71a31b3b12dc989e0674a744
Comment 2 Tomas Mraz 2010-09-13 16:47:08 UTC 
Are all of these commits really required? For example the third one is needed only on gnutls-2.11.x development and the first one also depends on some changes that are on the 2.11.x branch.
Comment 3 Simon McVittie 2010-09-16 10:23:02 UTC 
As I understand it, those three commits were all needed to fix this problem in 2.11. The necessary changes for 2.10 are likely to be different, but we won't know for sure until someone with enough gnutls knowledge backports them.
Comment 4 Tomas Mraz 2010-09-21 11:45:14 UTC 
Please test the gnutls-2.10.1-2.fc15 in rawhide. It contains the 2a539ad961affeffee32cb6148f421c8e66ab693 backported patch.
Comment 5 Tomeu Vizoso 2010-09-21 12:14:44 UTC 
Just installed gnutls-2.10.1-2.fc15 on an updated F14 and I'm getting the same error in the Gabble logs:

TLS handshake error: -59: GNUTLS_E_INTERNAL_ERROR
Comment 6 Yanko Kaneti 2010-09-21 13:22:03 UTC 
gnutls-2.10.1-2.fc15.x86_64 didn't help empathy here either
Comment 7 Tomas Mraz 2010-09-21 15:06:43 UTC 
That's bad because the remaining patches mentioned above are not really applicable to the 2.10.x branch. So the cause of the error on the 2.10.x branch must be something else. I will need a concrete reproducer to be able to investigate the problem further.
Comment 8 Yanko Kaneti 2010-09-21 17:47:14 UTC 
The NEEDINFO is addressed to me but can't give you any more info than what's already in the report. I have no idea about the telepathy internals.
Comment 9 Simon McVittie 2010-09-21 18:17:45 UTC 
I don't use Fedora myself, so I can't help with Fedora-specifics, but we (the Telepathy developers) have also seen this with the gnutls 2.10.1 in Debian experimental. Thank you for looking into this; we were hoping gnutls upstream would backport this to the 2.10 branch, but apparently not...

A relatively self-contained test case, using Wocky, our XMPP library:

- compile Wocky from git://git.collabora.co.uk/git/wocky.git
- run:

    ./examples/wocky-connect USER@DOMAIN PASSWORD connector

  where USER@DOMAIN is a test account on an XMPP server that has TLS (e.g.
  any gmail.com or googlemail.com address will do) and PASSWORD is its
  password.

A failing test looks like this:

    ** (process:32303): WARNING **: wocky-connector-error: 7: TLS handshake error: -59: GNUTLS_E_INTERNAL_ERROR

A successful test looks like this:

    connected (smcv.co.uk/Wocky_6b8b4567) [4167139417]!

On success, press Ctrl+C to exit. I've just confirmed that in Debian, gnutls 2.10.1 from experimental fails, and 2.8.6 from unstable succeeds.

Steps to reproduce this in the real world (harder to debug but more realistic):

- Have Empathy and telepathy-gabble >= 0.9
- Add an account on any XMPP server that offers TLS
- Try to go online
- Gabble should automatically try to use TLS whenever available, but you can force it with Advanced -> Encryption required in the Accounts window

On failure, the debug log (<http://telepathy.freedesktop.org/wiki/Debugging>) should tell you:

connector_error_disconnect: connection failed: WOCKY_CONNECTOR_ERROR_TLS_SESSION_FAILED (#7): TLS handshake error: -59: GNUTLS_E_INTERNAL_ERROR
Comment 10 Vivek Dasmohapatra 2010-09-23 16:16:18 UTC 
Created attachment 449256 [details]
patch for gnutls 2.10.x

This makes wocky (and ∴ gabble) happy with gnutls 2.10.x again.
Comment 11 Vivek Dasmohapatra 2010-09-23 16:18:46 UTC 
The fdo bug is here: https://bugs.freedesktop.org/show_bug.cgi?id=29364
Comment 12 Yanko Kaneti 2010-09-23 18:57:13 UTC 
Yup, gnutls-2.10.1-3.fc15.x86_64 works for me too. Thanks