Description of problem: Previously the client cert DN would get reported as C=UK,CN=libvirt and with new version we're getting back CN=libvirt,C=UK This is causing a regression for libvirt. The libvirt server has ablity to set a whitelist against the DN string, against which we do a regex match. eg the sysadmin may have defined a whitelist of C=UK,CN=libvirt-client-* to allow all certs issed to libvirt clients. This change in DN ordering by gnutls breaks any existing whitelists our admins have setup, as well as breaking the libvirt test suite which validates this. Also reported at https://lists.gnupg.org/pipermail/gnutls-devel/2016-November/008224.html Just filing this bug to track request that 3.5.6 not be pushed to Fedora 25 updates Version-Release number of selected component (if applicable): 3.5.6-1.fc25
https://gitlab.com/gnutls/gnutls/merge_requests/140
gnutls-3.5.7-1.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2016-4b4b8f7e3d
gnutls-3.5.7-1.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-4b4b8f7e3d
gnutls-3.5.7-1.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.