Description of problem: If you build libsoup master and try exmaples/get with https://tracker.debian.org/pkg/acpi-support/rss you get a crash somewhere in the depths of gnutls/nettle I've also filed a libsoup upstream report with some more detailed backtrace, in case this is not gnutls/nettle fault https://gitlab.gnome.org/GNOME/libsoup/issues/123 Version-Release number of selected component (if applicable): gnutls-3.6.4-1.fc30.x86_64 nettle-3.4-5.fc30.x86_64 How reproducible: Always Program terminated with signal SIGSEGV, Segmentation fault. #0 _nettle_memxor_x86_64 () at memxor.s:78 78 xorb %r8b, (%rax, %rdx) [Current thread is 1 (Thread 0x7f44bf8fcf80 (LWP 24667))] Missing separate debuginfos, use: dnf debuginfo-install libedit-3.1-24.20170329cvs.fc29.x86_64 llvm-libs-7.0.0-1.fc30.x86_64 opensc-0.18.0-4.fc29.x86_64 python3-libs-3.7.0-9.fc30.x86_64 webkit2gtk3-2.22.2-2.fc30.x86_64 webkit2gtk3-jsc-2.22.2-2.fc30.x86_64 woff2-1.0.2-4.fc29.x86_64 yajl-2.1.0-11.fc29.x86_64 (gdb) bt #0 0x00007f44303a56c3 in _nettle_memxor_x86_64 () at memxor.s:78 #1 0x00007f4430532ef0 in encrypt_packet_tls13 (params=0x7f2fdc00c160, type=<optimized out>, pad_size=0, plain=<synthetic pointer>, cipher_size=<optimized out>, cipher_data=<optimized out>, session=0x55fddecb4600) at cipher.c:452 #2 0x00007f4430532ef0 in _gnutls_encrypt (session=session@entry=0x55fddecb4600, data=data@entry=0x7ffda38222e6 "\001", data_size=data_size@entry=2, min_pad=min_pad@entry=0, bufel=bufel@entry=0x55fdde93a890, type=type@entry=GNUTLS_ALERT, params=0x7f2fdc00c160) at cipher.c:96 #3 0x00007f443052f350 in _gnutls_send_tlen_int (session=session@entry=0x55fddecb4600, type=type@entry=GNUTLS_ALERT, htype=htype@entry=4294967295, epoch_rel=epoch_rel@entry=70001, _data=_data@entry=0x7ffda38222e6, data_size=data_size@entry=2, min_pad=0, mflags=1) at record.c:529 #4 0x00007f443055b7ad in _gnutls_send_int (mflags=1, data_size=2, _data=0x7ffda38222e6, epoch_rel=70001, htype=4294967295, type=GNUTLS_ALERT, session=0x55fddecb4600) at ./record.h:43 #5 0x00007f443055b7ad in gnutls_alert_send (session=session@entry=0x55fddecb4600, level=level@entry=GNUTLS_AL_WARNING, desc=desc@entry=GNUTLS_A_CLOSE_NOTIFY) at alert.c:165 #6 0x00007f4430531de0 in gnutls_bye (session=0x55fddecb4600, how=how@entry=GNUTLS_SHUT_WR) at record.c:297 #7 0x00007f44307012e3 in g_tls_connection_gnutls_close_internal (stream=<optimized out>, direction=(G_TLS_DIRECTION_READ | G_TLS_DIRECTION_WRITE), timeout=<optimized out>, cancellable=0x0, error=0x0) at ../tls/gnutls/gtlsconnection-gnutls.c:2668 #8 0x00007f44c4c1a85c in g_io_stream_close (stream=0x55fdded6f330 [GTlsClientConnectionGnutls], cancellable=cancellable@entry=0x0, error=error@entry=0x0) at giostream.c:422 #9 0x00007f44c56c1f99 in disconnect_internal (sock=sock@entry=0x55fddc4eb190 [SoupSocket], close=close@entry=1) at soup-socket.c:190 #10 0x00007f44c56c45a7 in soup_socket_disconnect (sock=0x55fddc4eb190 [SoupSocket]) at soup-socket.c:1593 #11 0x00007f44c569a508 in soup_connection_disconnect (conn=0x55fddedce9a0 [SoupConnection]) at soup-connection.c:586 #12 0x00007f44c5699d08 in soup_connection_set_state (conn=0x55fddedce9a0 [SoupConnection], state=SOUP_CONNECTION_IDLE) at soup-connection.c:676 #13 0x00007f44c56bb10a in soup_session_unqueue_item (session=0x55fddcef0100 [SoupSession], item=0x55fddf49e040) at soup-session.c:1489 #14 0x00007f44c56befe2 in soup_session_process_queue_item (session=<optimized out>, item=0x55fddf49e040, should_cleanup=<optimized out>, loop=<optimized out>) at soup-session.c:2040 #15 0x00007f44c56bf9ea in async_run_queue (session=session@entry=0x55fddcef0100 [SoupSession]) at soup-session.c:2082 #16 0x00007f44c56bfa7a in idle_run_queue (user_data=user_data@entry=0x55fddfe53420) at soup-session.c:2109 #17 0x00007f44c4a4db7b in g_idle_dispatch (source=0x55fddc519560, callback=0x7f44c56bfa60 <idle_run_queue>, user_data=0x55fddfe53420) at gmain.c:5620 #18 0x00007f44c4a5126d in g_main_dispatch (context=0x55fddc2693b0) at gmain.c:3182 #19 0x00007f44c4a5126d in g_main_context_dispatch (context=context@entry=0x55fddc2693b0) at gmain.c:3847 #20 0x00007f44c4a51638 in g_main_context_iterate (context=context@entry=0x55fddc2693b0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3920 #21 0x00007f44c4a516d0 in g_main_context_iteration (context=context@entry=0x55fddc2693b0, may_block=may_block@entry=1) at gmain.c:3981 #22 0x00007f44c4c56465 in g_application_run (application=0x55fddc2670e0 [LifereaApplication], argc=<optimized out>, argv=0x7ffda3822828) at gapplication.c:2470 #23 0x000055fddc01a61b in main (argc=2, argv=0x7ffda3822828) at main.c:77
That may be a memory corruption. Could you try to install debug symbols for gnutls and nettle and run the same under valgrind? You can install debug symbols as: ``` $ sudo dnf debuginfo-install gnutls nettle ```
$ valgrind --tool=memcheck ./get https://tracker.debian.org/pkg/acpi-support/rss ==25915== Memcheck, a memory error detector ==25915== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==25915== Using Valgrind-3.14.0.GIT and LibVEX; rerun with -h for copyright info ==25915== Command: ./get https://tracker.debian.org/pkg/acpi-support/rss ==25915== ==25915== Thread 5 pool: ==25915== Invalid read of size 1 ==25915== at 0x741EBB3: _nettle_memxor_sse2 (memxor-2.s:79) ==25915== by 0x7137EEF: encrypt_packet_tls13 (cipher.c:452) ==25915== by 0x7137EEF: _gnutls_encrypt (cipher.c:96) ==25915== by 0x713434F: _gnutls_send_tlen_int (record.c:530) ==25915== by 0x713E178: UnknownInlinedFun (record.h:43) ==25915== by 0x713E178: _gnutls_handshake_io_write_flush (buffers.c:797) ==25915== by 0x714010F: _gnutls_send_handshake2 (handshake.c:1318) ==25915== by 0x7185B23: _gnutls13_send_key_update (key_update.c:153) ==25915== by 0x7185C61: gnutls_session_key_update (key_update.c:191) ==25915== by 0x70A99FE: handshake_thread (gtlsconnection-gnutls.c:1883) ==25915== by 0x70A9FD9: async_handshake_thread (gtlsconnection-gnutls.c:2096) ==25915== by 0x4B3AA06: g_task_thread_pool_thread (gtask.c:1331) ==25915== by 0x49ACE92: g_thread_pool_thread_proxy (gthreadpool.c:307) ==25915== by 0x49AC489: g_thread_proxy (gthread.c:784) ==25915== Address 0x109f3a6a3 is not stack'd, malloc'd or (recently) free'd ==25915== ==25915== ==25915== Process terminating with default action of signal 11 (SIGSEGV): dumping core ==25915== Access not within mapped region at address 0x109F3A6A3 ==25915== at 0x741EBB3: _nettle_memxor_sse2 (memxor-2.s:79) ==25915== by 0x7137EEF: encrypt_packet_tls13 (cipher.c:452) ==25915== by 0x7137EEF: _gnutls_encrypt (cipher.c:96) ==25915== by 0x713434F: _gnutls_send_tlen_int (record.c:530) ==25915== by 0x713E178: UnknownInlinedFun (record.h:43) ==25915== by 0x713E178: _gnutls_handshake_io_write_flush (buffers.c:797) ==25915== by 0x714010F: _gnutls_send_handshake2 (handshake.c:1318) ==25915== by 0x7185B23: _gnutls13_send_key_update (key_update.c:153) ==25915== by 0x7185C61: gnutls_session_key_update (key_update.c:191) ==25915== by 0x70A99FE: handshake_thread (gtlsconnection-gnutls.c:1883) ==25915== by 0x70A9FD9: async_handshake_thread (gtlsconnection-gnutls.c:2096) ==25915== by 0x4B3AA06: g_task_thread_pool_thread (gtask.c:1331) ==25915== by 0x49ACE92: g_thread_pool_thread_proxy (gthreadpool.c:307) ==25915== by 0x49AC489: g_thread_proxy (gthread.c:784) ==25915== If you believe this happened as a result of a stack ==25915== overflow in your program's main thread (unlikely but ==25915== possible), you can try to increase the size of the ==25915== main thread stack using the --main-stacksize= flag. ==25915== The main thread stack size used in this run was 8388608. ==25915== ==25915== HEAP SUMMARY: ==25915== in use at exit: 6,175,752 bytes in 50,382 blocks ==25915== total heap usage: 169,815 allocs, 119,433 frees, 24,666,924 bytes allocated ==25915== ==25915== LEAK SUMMARY: ==25915== definitely lost: 240 bytes in 8 blocks ==25915== indirectly lost: 11,090 bytes in 163 blocks ==25915== possibly lost: 3,672 bytes in 29 blocks ==25915== still reachable: 6,115,990 bytes in 49,828 blocks ==25915== of which reachable via heuristic: ==25915== length64 : 2,776 bytes in 55 blocks ==25915== newarray : 1,872 bytes in 37 blocks ==25915== suppressed: 0 bytes in 0 blocks ==25915== Rerun with --leak-check=full to see details of leaked memory ==25915== ==25915== For counts of detected and suppressed errors, rerun with: -v ==25915== ERROR SUMMARY: 2 errors from 1 contexts (suppressed: 0 from 0) Segmentation fault (core dumped)
That doesn't look like memory corruption... just a normal segfault. I wonder, what's happening on the other threads? ('thread apply all bt' in gdb)
There is 'thread apply all bt' in the libsoup(now glib-networking) report
Could you post the same backtrace you have in https://gitlab.gnome.org/GNOME/libsoup/issues/123 but now with the debugging symbols?
I am not sure what you mean, the backtrace there is with the debugging symbols. Are you saying you can't reproduce ?
Here is a "fresh" one (gdb) set pagination off (gdb) thread apply all backtrace full Thread 5 (Thread 0x7ffff4cd8700 (LWP 3006)): #0 0x00007ffff57fb6c3 in _nettle_memxor_x86_64 () at memxor.s:78 #1 0x00007ffff599def0 in encrypt_packet_tls13 (params=0x7fffe0008f10, type=<optimized out>, pad_size=0, plain=<synthetic pointer>, cipher_size=<optimized out>, cipher_data=<optimized out>, session=0xaa4230) at cipher.c:452 ver = <optimized out> nonce = "ă!\a\377\377\377\377\060B\252\000\000\000\000" iv_size = <optimized out> max = <optimized out> auth_iov = {{iov_base = 0x0, iov_len = 511101108348}} ret = <optimized out> total = <optimized out> aad = "\377A\000\000" tag_size = 0 iov = {{iov_base = 0x4, iov_len = 532575944818}, {iov_base = 0x7fffe00577f0, iov_len = 140736951484448}} __func__ = "encrypt_packet_tls13" vers = <optimized out> ret = <optimized out> __func__ = "_gnutls_encrypt" #2 0x00007ffff599def0 in _gnutls_encrypt (session=session@entry=0xaa4230, data=data@entry=0x7fffe0027f90 "\030", data_size=data_size@entry=5, min_pad=min_pad@entry=0, bufel=bufel@entry=0x7fffe002ba50, type=type@entry=GNUTLS_HANDSHAKE, params=0x7fffe0008f10) at cipher.c:96 vers = <optimized out> ret = <optimized out> __func__ = "_gnutls_encrypt" #3 0x00007ffff599a350 in _gnutls_send_tlen_int (session=session@entry=0xaa4230, type=GNUTLS_HANDSHAKE, htype=<optimized out>, epoch_rel=epoch_rel@entry=1, _data=0x7fffe0027f90, data_size=5, min_pad=0, mflags=0) at record.c:529 bufel = <optimized out> cipher_size = <optimized out> retval = <optimized out> ret = 0 send_data_size = 5 headers = <optimized out> data = 0x7fffe0027f90 "\030" record_params = 0x7fffe0008f10 max_send_size = <optimized out> record_state = 0x7fffe0009070 vers = 0x7ffff5b0bb80 <sup_versions+160> __func__ = "_gnutls_send_tlen_int" #4 0x00007ffff59a4179 in _gnutls_send_int (mflags=0, data_size=<optimized out>, _data=<optimized out>, epoch_rel=1, htype=<optimized out>, type=<optimized out>, session=0xaa4230) at ./record.h:43 send_buffer = 0xaa44f0 msg = {data = 0x7fffe0027f90 "\030", size = 5} ret = <optimized out> epoch = 1 total = <optimized out> cur = <optimized out> __func__ = "_gnutls_handshake_io_write_flush" #5 0x00007ffff59a4179 in _gnutls_handshake_io_write_flush (session=session@entry=0xaa4230) at buffers.c:797 send_buffer = 0xaa44f0 msg = {data = 0x7fffe0027f90 "\030", size = 5} ret = <optimized out> epoch = 1 total = <optimized out> cur = <optimized out> __func__ = "_gnutls_handshake_io_write_flush" #6 0x00007ffff59a6110 in _gnutls_send_handshake2 (session=session@entry=0xaa4230, bufel=bufel@entry=0x7fffe0027f40, type=type@entry=GNUTLS_HANDSHAKE_KEY_UPDATE, queue_only=queue_only@entry=0) at handshake.c:1318 ret = <optimized out> data = <optimized out> datasize = <optimized out> i_datasize = <optimized out> pos = <optimized out> vers = 0x7ffff5b0bb80 <sup_versions+160> __func__ = "_gnutls_send_handshake2" #7 0x00007ffff59a63db in _gnutls_send_handshake (session=session@entry=0xaa4230, bufel=bufel@entry=0x7fffe0027f40, type=type@entry=GNUTLS_HANDSHAKE_KEY_UPDATE) at handshake.c:1170 #8 0x00007ffff59ebb24 in _gnutls13_send_key_update (session=session@entry=0xaa4230, again=<optimized out>, flags=flags@entry=1) at tls13/key_update.c:153 ret = <optimized out> bufel = 0x7fffe0027f40 val = 1 '\001' __func__ = "_gnutls13_send_key_update" #9 0x00007ffff59ebc62 in gnutls_session_key_update (session=0xaa4230, flags=flags@entry=1) at tls13/key_update.c:190 ret = <optimized out> vers = <optimized out> __func__ = "gnutls_session_key_update" #10 0x00007ffff59abeb8 in gnutls_handshake (session=<optimized out>) at handshake.c:2621 vers = <optimized out> ret = <optimized out> __func__ = "gnutls_handshake" #11 0x00007ffff5b6a9ff in handshake_thread (task=0x7fffe801a1d0 [GTask], object=object@entry=0xa841a0, task_data=<optimized out>, cancellable=<optimized out>) at ../tls/gnutls/gtlsconnection-gnutls.c:1883 gnutls = 0xa841a0 [GTlsClientConnectionGnutls] priv = 0xa84070 error = 0x0 ret = <optimized out> start_time = <optimized out> timeout = <optimized out> __func__ = "handshake_thread" #12 0x00007ffff5b6afda in async_handshake_thread (task=<optimized out>, object=0xa841a0, task_data=<optimized out>, cancellable=<optimized out>) at ../tls/gnutls/gtlsconnection-gnutls.c:2096 gnutls = 0xa841a0 [GTlsClientConnectionGnutls] priv = 0xa84070 #13 0x00007ffff7c52a07 in g_task_thread_pool_thread (thread_data=0x7fffe801a1d0, pool_data=<optimized out>) at gtask.c:1331 task = 0x7fffe801a1d0 [GTask] #14 0x00007ffff7e35e93 in g_thread_pool_thread_proxy (data=<optimized out>) at gthreadpool.c:307 task = 0x7fffe801a1d0 pool = 0x42d440 #15 0x00007ffff7e3548a in g_thread_proxy (data=0x4556d0) at gthread.c:784 thread = 0x4556d0 __func__ = "g_thread_proxy" #16 0x00007ffff769758e in start_thread (arg=<optimized out>) at pthread_create.c:486 ret = <optimized out> pd = <optimized out> now = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737300498176, -8957421858481122168, 140737488345150, 140737488345151, 140737488345280, 140737300496000, 8957433012583781512, 8957438201194337416}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <optimized out> #17 0x00007ffff7af8293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 Thread 4 (Thread 0x7ffff5733700 (LWP 3005)): #0 0x00007ffff7aed471 in __GI___poll (fds=0x7fffec005ab0, nfds=3, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29 resultvar = 18446744073709551100 sc_cancel_oldtype = 0 #1 0x00007ffff7e0c5a6 in g_main_context_poll (priority=<optimized out>, n_fds=3, fds=0x7fffec005ab0, timeout=<optimized out>, context=0x7fffe80142f0) at gmain.c:4221 ret = <optimized out> errsv = <optimized out> poll_func = 0x7ffff7e1c0f0 <g_poll> max_priority = 2147483647 timeout = -1 some_ready = <optimized out> nfds = 3 allocated_nfds = 3 fds = 0x7fffec005ab0 #2 0x00007ffff7e0c5a6 in g_main_context_iterate (context=0x7fffe80142f0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3915 max_priority = 2147483647 timeout = -1 some_ready = <optimized out> nfds = 3 allocated_nfds = 3 fds = 0x7fffec005ab0 #3 0x00007ffff7e0c962 in g_main_loop_run (loop=0x7fffe8014430) at gmain.c:4116 __func__ = "g_main_loop_run" #4 0x00007ffff7c9379a in gdbus_shared_thread_func (user_data=0x7fffe80142c0) at gdbusprivate.c:275 data = 0x7fffe80142c0 #5 0x00007ffff7e3548a in g_thread_proxy (data=0x455d90) at gthread.c:784 thread = 0x455d90 __func__ = "g_thread_proxy" #6 0x00007ffff769758e in start_thread (arg=<optimized out>) at pthread_create.c:486 ret = <optimized out> pd = <optimized out> now = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737311356672, -8957421858481122168, 140737324222942, 140737324222943, 140737324223072, 140737311354496, 8957433852786758792, 8957438201194337416}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <optimized out> #7 0x00007ffff7af8293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 Thread 3 (Thread 0x7ffff6379700 (LWP 3004)): #0 0x00007ffff7aed471 in __GI___poll (fds=0x454750, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29 resultvar = 18446744073709551100 sc_cancel_oldtype = 0 #1 0x00007ffff7e0c5a6 in g_main_context_poll (priority=<optimized out>, n_fds=1, fds=0x454750, timeout=<optimized out>, context=0x454490) at gmain.c:4221 ret = <optimized out> errsv = <optimized out> poll_func = 0x7ffff7e1c0f0 <g_poll> max_priority = 2147483647 timeout = -1 some_ready = <optimized out> nfds = 1 allocated_nfds = 1 fds = 0x454750 #2 0x00007ffff7e0c5a6 in g_main_context_iterate (context=context@entry=0x454490, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3915 max_priority = 2147483647 timeout = -1 some_ready = <optimized out> nfds = 1 allocated_nfds = 1 fds = 0x454750 #3 0x00007ffff7e0c6d0 in g_main_context_iteration (context=context@entry=0x454490, may_block=may_block@entry=1) at gmain.c:3981 retval = <optimized out> #4 0x00007ffff6ba7c6d in dconf_gdbus_worker_thread (user_data=0x454490) at ../gdbus/dconf-gdbus-thread.c:82 context = 0x454490 #5 0x00007ffff7e3548a in g_thread_proxy (data=0x41fca0) at gthread.c:784 thread = 0x41fca0 __func__ = "g_thread_proxy" #6 0x00007ffff769758e in start_thread (arg=<optimized out>) at pthread_create.c:486 ret = <optimized out> pd = <optimized out> now = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737324226304, -8957421858481122168, 140737488342926, 140737488342927, 140737488343056, 140737324224128, 8957435531045229704, 8957438201194337416}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <optimized out> #7 0x00007ffff7af8293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 Thread 2 (Thread 0x7ffff6b7a700 (LWP 3003)): #0 0x00007ffff7aed471 in __GI___poll (fds=0x451770, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29 resultvar = 18446744073709551100 sc_cancel_oldtype = 0 #1 0x00007ffff7e0c5a6 in g_main_context_poll (priority=<optimized out>, n_fds=1, fds=0x451770, timeout=<optimized out>, context=0x4514b0) at gmain.c:4221 ret = <optimized out> errsv = <optimized out> poll_func = 0x7ffff7e1c0f0 <g_poll> max_priority = 2147483647 timeout = -1 some_ready = <optimized out> nfds = 1 allocated_nfds = 1 fds = 0x451770 #2 0x00007ffff7e0c5a6 in g_main_context_iterate (context=context@entry=0x4514b0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3915 max_priority = 2147483647 timeout = -1 some_ready = <optimized out> nfds = 1 allocated_nfds = 1 fds = 0x451770 #3 0x00007ffff7e0c6d0 in g_main_context_iteration (context=0x4514b0, may_block=may_block@entry=1) at gmain.c:3981 retval = <optimized out> #4 0x00007ffff7e0c721 in glib_worker_main (data=<optimized out>) at gmain.c:5861 #5 0x00007ffff7e3548a in g_thread_proxy (data=0x41fc50) at gthread.c:784 thread = 0x41fc50 __func__ = "g_thread_proxy" #6 0x00007ffff769758e in start_thread (arg=<optimized out>) at pthread_create.c:486 ret = <optimized out> pd = <optimized out> now = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737332619008, -8957421858481122168, 140737488342558, 140737488342559, 140737488342688, 140737332616832, 8957436630019986568, 8957438201194337416}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <optimized out> #7 0x00007ffff7af8293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 Thread 1 (Thread 0x7ffff6dab200 (LWP 2999)): #0 0x00007ffff7aed471 in __GI___poll (fds=0x42c350, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29 resultvar = 18446744073709551100 sc_cancel_oldtype = 0 #1 0x00007ffff7e0c5a6 in g_main_context_poll (priority=<optimized out>, n_fds=1, fds=0x42c350, timeout=<optimized out>, context=0x423220) at gmain.c:4221 ret = <optimized out> errsv = <optimized out> poll_func = 0x7ffff7e1c0f0 <g_poll> max_priority = 2147483647 timeout = -1 some_ready = <optimized out> nfds = 1 allocated_nfds = 2 fds = 0x42c350 #2 0x00007ffff7e0c5a6 in g_main_context_iterate (context=0x423220, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3915 max_priority = 2147483647 timeout = -1 some_ready = <optimized out> nfds = 1 allocated_nfds = 2 fds = 0x42c350 #3 0x00007ffff7e0c962 in g_main_loop_run (loop=0x425320) at gmain.c:4116 __func__ = "g_main_loop_run" #4 0x0000000000402510 in get_url (url=0x7fffffffe1eb "https://tracker.debian.org/pkg/acpi-support/rss") at ../examples/get.c:41 name = 0x7ffff7e0c776 <g_main_loop_new+38> "1҅\355\017\225\302H\211\030\211P\b\307@\f\001" msg = 0x42a0a0 [SoupMessage] header = 0x423220 "" output_file = 0x0 #5 0x0000000000402d71 in main (argc=2, argv=0x7fffffffde58) at ../examples/get.c:287 opts = 0x412740 url = 0x7fffffffe1eb "https://tracker.debian.org/pkg/acpi-support/rss" proxy_uri = 0x7ffff7fab6e8 parsed = 0x412c00 error = 0x0 logger = 0x0 (gdb)
Sorry I haven't reproduced (let me know how to compile libsoup preferably with address sanitizer and reproduce this). What I see is an impossible situation; the memxor() call references invalid memory. That looks like the call to send the alert happens on a session which has corrupt memory? Not sure how the memory was corrupt though. I have a small patch which adds a sanity check on gnutls, though it does not address the real issue: https://gitlab.com/gnutls/gnutls/merge_requests/767
Dunno much about address sanitizer but here is what works for me on rawhide # git clone http://gitlab.gnome.org/GNOME/libsoup # mkdir -p libsoup/build # cd libsoup/build # meson .. --prefix=/usr -Db_sanitize=address # ninja # cd examples # ./get https://tracker.debian.org/pkg/acpi-support/rss AddressSanitizer:DEADLYSIGNAL ================================================================= ==22929==ERROR: AddressSanitizer: SEGV on unknown address 0x7f8a42a41623 (pc 0x7f8944f456c3 bp 0x000000000000 sp 0x7f8942a41578 T4) ==22929==The signal is caused by a WRITE memory access. #0 0x7f8944f456c2 in _nettle_memxor_x86_64 (/lib64/libnettle.so.6+0x196c2) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/lib64/libnettle.so.6+0x196c2) in _nettle_memxor_x86_64 Thread T4 (pool) created by T0 here: #0 0x7f89489cc043 in __interceptor_pthread_create (/lib64/libasan.so.5+0x4c043) #1 0x7f894874ac93 (/lib64/libglib-2.0.so.0+0x95c93) ==22929==ABORTING
I've never seen such bad results from asan and valgrind before. I'm sure if there were memory corruption, they would both be pointing that out.... Ideally you would rebuild nettle, gnutls, and glib-networking, all with address sanitizer. glib-networking should be easy since it uses meson. For nettle and gnutls, it might be harder....
In .gitlab-ci.yml of nettle and gnutls there is a rule for building with address sanitizer (called asan).
I dont know if I can do the whole stack with address sanitizer. One thing to note that might be related or not at all is that the "connection" test from glib-networking installed tests fails at .. /tls/connection/client-auth-failure: ** GLib-Net:ERROR:../tls/tests/connection.c:437:on_client_connection_close_finish: assertion failed (error == NULL): Error sending data: Broken pipe (g-io-error-quark, 44)
glib-networking is full of race conditions. That's just one of many random test failures that I haven't had time to fully track down. I have the testsuite finally passing quite reliably when run once, but when run 100 times in a row I see errors like this. Similarly, errors when loading random HTTP resources are common. It's probably unrelated.
So some more diagnostics trying different combinations for gnutls and crypto-policies on a f28 base. (DEFAULT policy) To reproduce the bug you need specifically: gnutls-3.6.4-1.fc29 _AND_ crypto-policies-20180925-1.git71ca85f gnutls-3.6.4-1.fc28 + crypto-policies-20180925-1.git71ca85f - works gnutls-3.6.4-1.fc29 + crypto-policies-20180425-5.git6ad4018 - works Not sure what to make of it. Miscompilation on f29 and rawhide ?
Errm, now I see that TLS 1.3 is actively disabled in the f28 build.
I'm not sure if a full address sanitizer run will give more clues. From the view of gnutls developer, it looks like a session is accessed on the wrong time, however I cannot say whether that's completely wrong (accessing after deinit for example), or a semi-valid or valid case. Maybe running that test with GNUTLS_DEBUG_LEVEL=6 will give more clues on how the gnutls calls are being made? (or ltrace)?
$ GNUTLS_DEBUG_LEVEL=6 ./get -s 'https://tracker.debian.org/pkg/acpi-support/rss' [yaneti@d2 examples (master)]$ GNUTLS_DEBUG_LEVEL=6 ./get -s 'https://tracker.debian.org/pkg/acpi-support/rss' gnutls[2]: Enabled GnuTLS 3.6.4 logging... gnutls[2]: getrandom random generator was detected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator (AVX) was detected gnutls[2]: cached system priority /etc/crypto-policies/back-ends/gnutls.config mtime 1537867831 gnutls[2]: Initializing needed PKCS #11 modules gnutls[2]: p11: Initializing module: p11-kit-trust gnutls[2]: p11: No login requested. gnutls[3]: p11 attrs: CKA_CLASS (CERT), CKA_CERTIFICATE_TYPE gnutls[3]: p11 attrs: CKA_TRUSTED gnutls[3]: p11 attrs: CKA_CERTIFICATE_CATEGORY=CA gnutls[2]: p11: No login requested. gnutls[3]: p11 attrs: CKA_CLASS (CERT), CKA_CERTIFICATE_TYPE gnutls[3]: p11 attrs: CKA_TRUSTED gnutls[3]: p11 attrs: CKA_CERTIFICATE_CATEGORY=CA gnutls[3]: ASSERT: pkcs11.c[find_multi_objs_cb]:3090 gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_obj_list_import_url3]:3411 gnutls[2]: p11: No login requested. gnutls[3]: p11 attrs: CKA_CLASS (CERT), CKA_CERTIFICATE_TYPE gnutls[3]: p11 attrs: CKA_TRUSTED gnutls[3]: p11 attrs: CKA_CERTIFICATE_CATEGORY=CA gnutls[2]: p11: No login requested. gnutls[3]: p11 attrs: CKA_CLASS (CERT), CKA_CERTIFICATE_TYPE gnutls[3]: p11 attrs: CKA_TRUSTED gnutls[3]: p11 attrs: CKA_CERTIFICATE_CATEGORY=CA gnutls[3]: ASSERT: pkcs11.c[find_multi_objs_cb]:3090 gnutls[3]: ASSERT: common.c[_gnutls_x509_get_raw_field2]:1566 gnutls[3]: ASSERT: x509.c[gnutls_x509_crt_get_subject_unique_id]:3895 gnutls[3]: ASSERT: x509.c[gnutls_x509_crt_get_issuer_unique_id]:3945 gnutls[3]: ASSERT: common.c[_gnutls_x509_get_raw_field2]:1566 gnutls[3]: ASSERT: x509.c[gnutls_x509_crt_get_subject_unique_id]:3895 gnutls[3]: ASSERT: x509.c[gnutls_x509_crt_get_issuer_unique_id]:3945 gnutls[3]: ASSERT: common.c[_gnutls_x509_get_raw_field2]:1566 gnutls[3]: ASSERT: x509.c[gnutls_x509_crt_get_subject_unique_id]:3895 gnutls[3]: ASSERT: x509.c[gnutls_x509_crt_get_issuer_unique_id]:3945 gnutls[3]: ASSERT: verify-high.c[advance_iter]:391 gnutls[3]: ASSERT: verify-high.c[gnutls_x509_trust_list_iter_get_ca]:485 gnutls[2]: system priority /etc/crypto-policies/back-ends/gnutls.config has not changed gnutls[2]: resolved 'SYSTEM' to 'NONE:+MAC-ALL:-MD5:+GROUP-ALL:+SIGN-ALL:-SIGN-RSA-MD5:+SIGN-RSA-SHA1:+SIGN-DSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+CIPHER-ALL:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+DHE-DSS:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:+COMP-NULL:%PROFILE_LOW', next '' gnutls[2]: selected priority string: NONE:+MAC-ALL:-MD5:+GROUP-ALL:+SIGN-ALL:-SIGN-RSA-MD5:+SIGN-RSA-SHA1:+SIGN-DSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+CIPHER-ALL:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+DHE-DSS:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:+COMP-NULL:%PROFILE_LOW:%COMPAT gnutls[2]: added 6 protocols, 33 ciphersuites, 19 sig algos and 9 groups into priority list gnutls[2]: system priority /etc/crypto-policies/back-ends/gnutls.config has not changed gnutls[2]: resolved 'SYSTEM' to 'NONE:+MAC-ALL:-MD5:+GROUP-ALL:+SIGN-ALL:-SIGN-RSA-MD5:+SIGN-RSA-SHA1:+SIGN-DSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+CIPHER-ALL:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+DHE-DSS:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:+COMP-NULL:%PROFILE_LOW', next '' gnutls[2]: selected priority string: NONE:+MAC-ALL:-MD5:+GROUP-ALL:+SIGN-ALL:-SIGN-RSA-MD5:+SIGN-RSA-SHA1:+SIGN-DSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+CIPHER-ALL:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+DHE-DSS:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:+COMP-NULL:%PROFILE_LOW:%COMPAT:%UNSAFE_RENEGOTIATION gnutls[2]: added 6 protocols, 33 ciphersuites, 19 sig algos and 9 groups into priority list gnutls[2]: system priority /etc/crypto-policies/back-ends/gnutls.config has not changed gnutls[2]: resolved 'SYSTEM' to 'NONE:+MAC-ALL:-MD5:+GROUP-ALL:+SIGN-ALL:-SIGN-RSA-MD5:+SIGN-RSA-SHA1:+SIGN-DSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+CIPHER-ALL:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+DHE-DSS:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:+COMP-NULL:%PROFILE_LOW', next '' gnutls[2]: selected priority string: NONE:+MAC-ALL:-MD5:+GROUP-ALL:+SIGN-ALL:-SIGN-RSA-MD5:+SIGN-RSA-SHA1:+SIGN-DSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+CIPHER-ALL:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+DHE-DSS:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:+COMP-NULL:%PROFILE_LOW:%COMPAT:%COMPAT:!VERS-TLS-ALL:+VERS-TLS1.0:%FALLBACK_SCSV gnutls[2]: added 3 protocols, 33 ciphersuites, 16 sig algos and 9 groups into priority list gnutls[2]: system priority /etc/crypto-policies/back-ends/gnutls.config has not changed gnutls[2]: resolved 'SYSTEM' to 'NONE:+MAC-ALL:-MD5:+GROUP-ALL:+SIGN-ALL:-SIGN-RSA-MD5:+SIGN-RSA-SHA1:+SIGN-DSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+CIPHER-ALL:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+DHE-DSS:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:+COMP-NULL:%PROFILE_LOW', next '' gnutls[2]: selected priority string: NONE:+MAC-ALL:-MD5:+GROUP-ALL:+SIGN-ALL:-SIGN-RSA-MD5:+SIGN-RSA-SHA1:+SIGN-DSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+CIPHER-ALL:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+DHE-DSS:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:+COMP-NULL:%PROFILE_LOW:%COMPAT:%COMPAT:!VERS-TLS-ALL:+VERS-TLS1.0:%FALLBACK_SCSV:%UNSAFE_RENEGOTIATION gnutls[2]: added 3 protocols, 33 ciphersuites, 16 sig algos and 9 groups into priority list gnutls[5]: REC[0x18525c0]: Allocating epoch #0 gnutls[5]: REC[0x18525c0]: Allocating epoch #1 gnutls[4]: HSK[0x18525c0]: Adv. version: 3.3 gnutls[2]: Keeping ciphersuite 13.02 (GNUTLS_AES_256_GCM_SHA384) gnutls[2]: Keeping ciphersuite 13.03 (GNUTLS_CHACHA20_POLY1305_SHA256) gnutls[2]: Keeping ciphersuite 13.01 (GNUTLS_AES_128_GCM_SHA256) gnutls[2]: Keeping ciphersuite 13.04 (GNUTLS_AES_128_CCM_SHA256) gnutls[2]: Keeping ciphersuite c0.30 (GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384) gnutls[2]: Keeping ciphersuite cc.a8 (GNUTLS_ECDHE_RSA_CHACHA20_POLY1305) gnutls[2]: Keeping ciphersuite c0.14 (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1) gnutls[2]: Keeping ciphersuite c0.2f (GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256) gnutls[2]: Keeping ciphersuite c0.13 (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1) gnutls[2]: Keeping ciphersuite c0.2c (GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384) gnutls[2]: Keeping ciphersuite cc.a9 (GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305) gnutls[2]: Keeping ciphersuite c0.ad (GNUTLS_ECDHE_ECDSA_AES_256_CCM) gnutls[2]: Keeping ciphersuite c0.0a (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1) gnutls[2]: Keeping ciphersuite c0.2b (GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256) gnutls[2]: Keeping ciphersuite c0.ac (GNUTLS_ECDHE_ECDSA_AES_128_CCM) gnutls[2]: Keeping ciphersuite c0.09 (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1) gnutls[2]: Keeping ciphersuite 00.9d (GNUTLS_RSA_AES_256_GCM_SHA384) gnutls[2]: Keeping ciphersuite c0.9d (GNUTLS_RSA_AES_256_CCM) gnutls[2]: Keeping ciphersuite 00.35 (GNUTLS_RSA_AES_256_CBC_SHA1) gnutls[2]: Keeping ciphersuite 00.9c (GNUTLS_RSA_AES_128_GCM_SHA256) gnutls[2]: Keeping ciphersuite c0.9c (GNUTLS_RSA_AES_128_CCM) gnutls[2]: Keeping ciphersuite 00.2f (GNUTLS_RSA_AES_128_CBC_SHA1) gnutls[2]: Keeping ciphersuite 00.9f (GNUTLS_DHE_RSA_AES_256_GCM_SHA384) gnutls[2]: Keeping ciphersuite cc.aa (GNUTLS_DHE_RSA_CHACHA20_POLY1305) gnutls[2]: Keeping ciphersuite c0.9f (GNUTLS_DHE_RSA_AES_256_CCM) gnutls[2]: Keeping ciphersuite 00.39 (GNUTLS_DHE_RSA_AES_256_CBC_SHA1) gnutls[2]: Keeping ciphersuite 00.9e (GNUTLS_DHE_RSA_AES_128_GCM_SHA256) gnutls[2]: Keeping ciphersuite c0.9e (GNUTLS_DHE_RSA_AES_128_CCM) gnutls[2]: Keeping ciphersuite 00.33 (GNUTLS_DHE_RSA_AES_128_CBC_SHA1) gnutls[2]: Keeping ciphersuite 00.a3 (GNUTLS_DHE_DSS_AES_256_GCM_SHA384) gnutls[2]: Keeping ciphersuite 00.38 (GNUTLS_DHE_DSS_AES_256_CBC_SHA1) gnutls[2]: Keeping ciphersuite 00.a2 (GNUTLS_DHE_DSS_AES_128_GCM_SHA256) gnutls[2]: Keeping ciphersuite 00.32 (GNUTLS_DHE_DSS_AES_128_CBC_SHA1) gnutls[4]: EXT[0x18525c0]: Preparing extension (Maximum Record Size/1) for 'client hello' gnutls[4]: EXT[0x18525c0]: Preparing extension (OCSP Status Request/5) for 'client hello' gnutls[4]: EXT[0x18525c0]: Sending extension OCSP Status Request/5 (5 bytes) gnutls[4]: EXT[0x18525c0]: Preparing extension (Client Certificate Type/19) for 'client hello' gnutls[4]: EXT[0x18525c0]: Preparing extension (Server Certificate Type/20) for 'client hello' gnutls[4]: EXT[0x18525c0]: Preparing extension (Supported Groups/10) for 'client hello' gnutls[4]: EXT[0x18525c0]: Sent group SECP256R1 (0x17) gnutls[4]: EXT[0x18525c0]: Sent group SECP384R1 (0x18) gnutls[4]: EXT[0x18525c0]: Sent group SECP521R1 (0x19) gnutls[4]: EXT[0x18525c0]: Sent group X25519 (0x1d) gnutls[4]: EXT[0x18525c0]: Sent group FFDHE2048 (0x100) gnutls[4]: EXT[0x18525c0]: Sent group FFDHE3072 (0x101) gnutls[4]: EXT[0x18525c0]: Sent group FFDHE4096 (0x102) gnutls[4]: EXT[0x18525c0]: Sent group FFDHE6144 (0x103) gnutls[4]: EXT[0x18525c0]: Sent group FFDHE8192 (0x104) gnutls[4]: EXT[0x18525c0]: Sending extension Supported Groups/10 (20 bytes) gnutls[4]: EXT[0x18525c0]: Preparing extension (Supported EC Point Formats/11) for 'client hello' gnutls[4]: EXT[0x18525c0]: Sending extension Supported EC Point Formats/11 (2 bytes) gnutls[4]: EXT[0x18525c0]: Preparing extension (SRP/12) for 'client hello' gnutls[4]: EXT[0x18525c0]: Preparing extension (Signature Algorithms/13) for 'client hello' gnutls[4]: EXT[0x18525c0]: sent signature algo (4.1) RSA-SHA256 gnutls[4]: EXT[0x18525c0]: sent signature algo (8.9) RSA-PSS-SHA256 gnutls[4]: EXT[0x18525c0]: sent signature algo (8.4) RSA-PSS-RSAE-SHA256 gnutls[4]: EXT[0x18525c0]: sent signature algo (4.3) ECDSA-SHA256 gnutls[4]: EXT[0x18525c0]: sent signature algo (8.7) EdDSA-Ed25519 gnutls[4]: EXT[0x18525c0]: sent signature algo (5.1) RSA-SHA384 gnutls[4]: EXT[0x18525c0]: sent signature algo (8.10) RSA-PSS-SHA384 gnutls[4]: EXT[0x18525c0]: sent signature algo (8.5) RSA-PSS-RSAE-SHA384 gnutls[4]: EXT[0x18525c0]: sent signature algo (5.3) ECDSA-SHA384 gnutls[4]: EXT[0x18525c0]: sent signature algo (6.1) RSA-SHA512 gnutls[4]: EXT[0x18525c0]: sent signature algo (8.11) RSA-PSS-SHA512 gnutls[4]: EXT[0x18525c0]: sent signature algo (8.6) RSA-PSS-RSAE-SHA512 gnutls[4]: EXT[0x18525c0]: sent signature algo (6.3) ECDSA-SHA512 gnutls[4]: EXT[0x18525c0]: sent signature algo (2.1) RSA-SHA1 gnutls[4]: EXT[0x18525c0]: sent signature algo (2.3) ECDSA-SHA1 gnutls[4]: EXT[0x18525c0]: sent signature algo (2.2) DSA-SHA1 gnutls[4]: EXT[0x18525c0]: Sending extension Signature Algorithms/13 (34 bytes) gnutls[4]: EXT[0x18525c0]: Preparing extension (SRTP/14) for 'client hello' gnutls[4]: EXT[0x18525c0]: Preparing extension (Heartbeat/15) for 'client hello' gnutls[4]: EXT[0x18525c0]: Preparing extension (ALPN/16) for 'client hello' gnutls[4]: EXT[0x18525c0]: Preparing extension (Encrypt-then-MAC/22) for 'client hello' gnutls[4]: EXT[0x18525c0]: Preparing extension (Extended Master Secret/23) for 'client hello' gnutls[4]: EXT[0x18525c0]: Preparing extension (Session Ticket/35) for 'client hello' gnutls[4]: EXT[0x18525c0]: Sending extension Session Ticket/35 (0 bytes) gnutls[4]: EXT[0x18525c0]: Preparing extension (Key Share/51) for 'client hello' gnutls[4]: EXT[0x18525c0]: sending key share for SECP256R1 gnutls[3]: ASSERT: mpi.c[wrap_nettle_mpi_print]:60 gnutls[3]: ASSERT: mpi.c[wrap_nettle_mpi_print]:60 gnutls[4]: EXT[0x18525c0]: sending key share for X25519 gnutls[4]: EXT[0x18525c0]: Sending extension Key Share/51 (107 bytes) gnutls[4]: EXT[0x18525c0]: Preparing extension (Supported Versions/43) for 'client hello' gnutls[2]: Advertizing version 3.4 gnutls[2]: Advertizing version 3.3 gnutls[2]: Advertizing version 3.2 gnutls[2]: Advertizing version 3.1 gnutls[4]: EXT[0x18525c0]: Sending extension Supported Versions/43 (9 bytes) gnutls[4]: EXT[0x18525c0]: Preparing extension (Post Handshake Auth/49) for 'client hello' gnutls[4]: EXT[0x18525c0]: Preparing extension (Safe Renegotiation/65281) for 'client hello' gnutls[4]: EXT[0x18525c0]: Sending extension Safe Renegotiation/65281 (1 bytes) gnutls[4]: EXT[0x18525c0]: Preparing extension (Server Name Indication/0) for 'client hello' gnutls[2]: HSK[0x18525c0]: sent server name: 'tracker.debian.org' gnutls[4]: EXT[0x18525c0]: Sending extension Server Name Indication/0 (23 bytes) gnutls[4]: EXT[0x18525c0]: Preparing extension (Cookie/44) for 'client hello' gnutls[4]: EXT[0x18525c0]: Preparing extension (Early Data/42) for 'client hello' gnutls[4]: EXT[0x18525c0]: Preparing extension (PSK Key Exchange Modes/45) for 'client hello' gnutls[4]: EXT[0x18525c0]: Sending extension PSK Key Exchange Modes/45 (3 bytes) gnutls[4]: EXT[0x18525c0]: Preparing extension (Record Size Limit/28) for 'client hello' gnutls[4]: EXT[0x18525c0]: Sending extension Record Size Limit/28 (2 bytes) gnutls[4]: EXT[0x18525c0]: Preparing extension (ClientHello Padding/21) for 'client hello' gnutls[4]: EXT[0x18525c0]: Sending extension ClientHello Padding/21 (147 bytes) gnutls[4]: EXT[0x18525c0]: Preparing extension (Pre Shared Key/41) for 'client hello' gnutls[4]: HSK[0x18525c0]: CLIENT HELLO was queued [512 bytes] gnutls[5]: REC[0x18525c0]: Preparing Packet Handshake(22) with length: 512 and min pad: 0 gnutls[5]: REC[0x18525c0]: Sent Packet[1] Handshake(22) in epoch 0 and length: 517 gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171 gnutls[5]: REC[0x18525c0]: SSL 3.3 Handshake packet received. Epoch 0, length: 69 gnutls[5]: REC[0x18525c0]: Expected Packet Handshake(22) gnutls[5]: REC[0x18525c0]: Received Packet Handshake(22) with length: 69 gnutls[5]: REC[0x18525c0]: Decrypted Packet[0] Handshake(22) with length: 69 gnutls[4]: HSK[0x18525c0]: SERVER HELLO (2) was received. Length 65[65], frag offset 0, frag length: 65, sequence: 0 gnutls[3]: ASSERT: buffers.c[get_last_packet]:1162 gnutls[3]: ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1413 gnutls[4]: HSK[0x18525c0]: Server's version: 3.3 gnutls[4]: HSK[0x18525c0]: SessionID length: 0 gnutls[4]: HSK[0x18525c0]: SessionID: c0 gnutls[4]: HSK[0x18525c0]: Selected cipher suite: GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256 gnutls[4]: EXT[0x18525c0]: Parsing extension 'Server Name Indication/0' (0 bytes) gnutls[4]: EXT[0x18525c0]: Parsing extension 'Safe Renegotiation/65281' (1 bytes) gnutls[4]: EXT[0x18525c0]: Parsing extension 'Supported EC Point Formats/11' (4 bytes) gnutls[4]: EXT[0x18525c0]: Parsing extension 'Session Ticket/35' (0 bytes) gnutls[4]: EXT[0x18525c0]: Parsing extension 'OCSP Status Request/5' (0 bytes) gnutls[4]: HSK[0x18525c0]: Safe renegotiation succeeded gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171 gnutls[5]: REC[0x18525c0]: SSL 3.3 Handshake packet received. Epoch 0, length: 2998 gnutls[5]: REC[0x18525c0]: Expected Packet Handshake(22) gnutls[5]: REC[0x18525c0]: Received Packet Handshake(22) with length: 2998 gnutls[5]: REC[0x18525c0]: Decrypted Packet[1] Handshake(22) with length: 2998 gnutls[4]: HSK[0x18525c0]: CERTIFICATE (11) was received. Length 2994[2994], frag offset 0, frag length: 2994, sequence: 0 gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171 gnutls[5]: REC[0x18525c0]: SSL 3.3 Handshake packet received. Epoch 0, length: 535 gnutls[5]: REC[0x18525c0]: Expected Packet Handshake(22) gnutls[5]: REC[0x18525c0]: Received Packet Handshake(22) with length: 535 gnutls[5]: REC[0x18525c0]: Decrypted Packet[2] Handshake(22) with length: 535 gnutls[4]: HSK[0x18525c0]: CERTIFICATE STATUS (22) was received. Length 531[531], frag offset 0, frag length: 531, sequence: 0 gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171 gnutls[5]: REC[0x18525c0]: SSL 3.3 Handshake packet received. Epoch 0, length: 589 gnutls[5]: REC[0x18525c0]: Expected Packet Handshake(22) gnutls[5]: REC[0x18525c0]: Received Packet Handshake(22) with length: 589 gnutls[5]: REC[0x18525c0]: Decrypted Packet[3] Handshake(22) with length: 589 gnutls[4]: HSK[0x18525c0]: SERVER KEY EXCHANGE (12) was received. Length 585[585], frag offset 0, frag length: 585, sequence: 0 gnutls[2]: received curve SECP256R1 gnutls[4]: HSK[0x18525c0]: Selected group SECP256R1 (2) gnutls[4]: HSK[0x18525c0]: verify TLS 1.2 handshake data: using RSA-SHA512 gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171 gnutls[5]: REC[0x18525c0]: SSL 3.3 Handshake packet received. Epoch 0, length: 4 gnutls[5]: REC[0x18525c0]: Expected Packet Handshake(22) gnutls[5]: REC[0x18525c0]: Received Packet Handshake(22) with length: 4 gnutls[5]: REC[0x18525c0]: Decrypted Packet[4] Handshake(22) with length: 4 gnutls[4]: HSK[0x18525c0]: SERVER HELLO DONE (14) was received. Length 0[0], frag offset 0, frag length: 0, sequence: 0 gnutls[3]: ASSERT: buffers.c[get_last_packet]:1162 gnutls[3]: ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1413 gnutls[3]: ASSERT: mpi.c[wrap_nettle_mpi_print]:60 gnutls[3]: ASSERT: mpi.c[wrap_nettle_mpi_print]:60 gnutls[4]: HSK[0x18525c0]: CLIENT KEY EXCHANGE was queued [70 bytes] gnutls[4]: REC[0x18525c0]: Sent ChangeCipherSpec gnutls[5]: REC[0x18525c0]: Initializing epoch #1 gnutls[5]: REC[0x18525c0]: Epoch #1 ready gnutls[4]: HSK[0x18525c0]: Cipher Suite: GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256 gnutls[4]: HSK[0x18525c0]: Initializing internal [write] cipher sessions gnutls[4]: HSK[0x18525c0]: recording tls-unique CB (send) gnutls[4]: HSK[0x18525c0]: FINISHED was queued [16 bytes] gnutls[5]: REC[0x18525c0]: Preparing Packet Handshake(22) with length: 70 and min pad: 0 gnutls[5]: REC[0x18525c0]: Sent Packet[2] Handshake(22) in epoch 0 and length: 75 gnutls[5]: REC[0x18525c0]: Preparing Packet ChangeCipherSpec(20) with length: 1 and min pad: 0 gnutls[5]: REC[0x18525c0]: Sent Packet[3] ChangeCipherSpec(20) in epoch 0 and length: 6 gnutls[5]: REC[0x18525c0]: Preparing Packet Handshake(22) with length: 16 and min pad: 0 gnutls[5]: REC[0x18525c0]: Sent Packet[1] Handshake(22) in epoch 1 and length: 45 gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171 gnutls[5]: REC[0x18525c0]: SSL 3.3 Handshake packet received. Epoch 0, length: 218 gnutls[5]: REC[0x18525c0]: Expected Packet Handshake(22) gnutls[5]: REC[0x18525c0]: Received Packet Handshake(22) with length: 218 gnutls[5]: REC[0x18525c0]: Decrypted Packet[5] Handshake(22) with length: 218 gnutls[4]: HSK[0x18525c0]: NEW SESSION TICKET (4) was received. Length 214[214], frag offset 0, frag length: 214, sequence: 0 gnutls[4]: HSK[0x18525c0]: received session ticket gnutls[5]: REC[0x18525c0]: SSL 3.3 ChangeCipherSpec packet received. Epoch 0, length: 1 gnutls[5]: REC[0x18525c0]: Expected Packet ChangeCipherSpec(20) gnutls[5]: REC[0x18525c0]: Received Packet ChangeCipherSpec(20) with length: 1 gnutls[5]: REC[0x18525c0]: Decrypted Packet[6] ChangeCipherSpec(20) with length: 1 gnutls[4]: HSK[0x18525c0]: Cipher Suite: GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256 gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171 gnutls[5]: REC[0x18525c0]: SSL 3.3 Handshake packet received. Epoch 1, length: 40 gnutls[5]: REC[0x18525c0]: Expected Packet Handshake(22) gnutls[5]: REC[0x18525c0]: Received Packet Handshake(22) with length: 40 gnutls[5]: REC[0x18525c0]: Decrypted Packet[0] Handshake(22) with length: 16 gnutls[4]: HSK[0x18525c0]: FINISHED (20) was received. Length 12[12], frag offset 0, frag length: 12, sequence: 0 gnutls[5]: REC[0x18525c0]: Start of epoch cleanup gnutls[5]: REC[0x18525c0]: Epoch #0 freed gnutls[5]: REC[0x18525c0]: End of epoch cleanup gnutls[3]: ASSERT: verify.c[verify_crt]:663 gnutls[3]: ASSERT: verify.c[verify_crt]:815 gnutls[3]: ASSERT: verify.c[_gnutls_verify_crt_status]:985 gnutls[2]: issuer in verification was not found or insecure; trying against trust list gnutls[3]: ASSERT: verify.c[verify_crt]:663 gnutls[3]: ASSERT: verify.c[verify_crt]:815 gnutls[3]: ASSERT: verify.c[_gnutls_verify_crt_status]:985 gnutls[3]: ASSERT: verify-high.c[gnutls_x509_trust_list_verify_crt2]:1374 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033 gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4585 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033 gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4598 gnutls[2]: crt_is_known: did not find any cert gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033 gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4585 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033 gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4598 gnutls[2]: crt_is_known: did not find any cert gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033 gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4585 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033 gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4598 gnutls[2]: crt_is_known: did not find any cert gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033 gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4585 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033 gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4598 gnutls[2]: crt_is_known: did not find any cert gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[2]: p11: No login requested. gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033 gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4585 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033 gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4598 gnutls[2]: crt_is_known: did not find any cert gnutls[3]: ASSERT: name_constraints.c[gnutls_x509_crt_get_name_constraints]:470 gnutls[3]: ASSERT: name_constraints.c[gnutls_x509_crt_get_name_constraints]:470 gnutls[5]: REC[0x18525c0]: Preparing Packet Application Data(23) with length: 186 and min pad: 0 gnutls[5]: REC[0x18525c0]: Sent Packet[2] Application Data(23) in epoch 1 and length: 215 gnutls[5]: REC[0x18525c0]: SSL 3.3 Handshake packet received. Epoch 1, length: 28 gnutls[5]: REC[0x18525c0]: Expected Packet Application Data(23) gnutls[5]: REC[0x18525c0]: Received Packet Handshake(22) with length: 28 gnutls[5]: REC[0x18525c0]: Decrypted Packet[1] Handshake(22) with length: 4 gnutls[3]: ASSERT: record.c[_gnutls_recv_in_buffers]:1481 gnutls[3]: ASSERT: record.c[_gnutls_recv_int]:1656 gnutls[4]: HSK[0x18525c0]: sending key update (1) gnutls[4]: HSK[0x18525c0]: KEY_UPDATE was queued [5 bytes] gnutls[5]: REC[0x18525c0]: Preparing Packet Handshake(22) with length: 5 and min pad: 0 Segmentation fault (core dumped)
BTW the above dump is with LEGACY crypto policy, not with DEFAULT like my f28 tests
(In reply to Yanko Kaneti from comment #15) > Errm, now I see that TLS 1.3 is actively disabled in the f28 build. Yes, that's the difference. (glib-networking is not yet prepared for TLS 1.3.)
You shouldn't need significant changes for that (you can see the differences in [0]). My understanding is that this failure has to do with rehandshake which has different semantics under TLS1.3 (does rekey only, instead of reauthentication). Other than that, no other changes should be required for functionality. Why is the crash happening though I do not know; it looks like attempting to send an alert while on a rekey? Is that example multi-threaded? [0]. https://nikmav.blogspot.com/2018/05/gnutls-and-tls-13.html
Ehm, if glib-networking is not ready for TLS1.3 perhaps we should just disable it there. The exmple works fine with: G_TLS_GNUTLS_PRIORITY=NORMAL:-VERS-TLS1.3:%COMPAT comparad to the default NORMAL:%COMPAT
Well that's one option, a good choice if we get stuck. I'd rather try to figure out what's wrong first. (In reply to Nikos Mavrogiannopoulos from comment #20) > Other than that, no other changes should be required for functionality. Why > is the crash happening though I do not know; it looks like attempting to > send an alert while on a rekey? Is that example multi-threaded? I see multiple backtraces posted above: * The first one in comment #0 shows a crash when sending a close alert GNUTLS_A_CLOSE_NOTIFY. The close is occurring because soup_connection_disconnect() was called. * The second one in comment #2 shows a crash during the handshake (inside the re-key code). Looks quite different from the first trace. * The third one in comment #3 matches the trace in comment #2. The handshake *always* occurs on a secondary thread to avoid blocking the main thread. There are likely unresolved threadsafety issues in the code that handles this.
This seems to be identical to https://bugzilla.redhat.com/show_bug.cgi?id=1640062
An interesting aspect is that if I run the reproducer I get: ``` (get:22014): GLib-Net-WARNING **: 14:39:15.705: G_TLS_GNUTLS_PRIORITY is invalid; ignoring! (get:22014): GLib-Net-WARNING **: 14:39:15.705: (../tls/gnutls/gtlsconnection-gnutls.c:298):g_tls_connection_gnutls_init_priorities: runtime check failed: (ret == 0) (get:22014): GLib-Net-WARNING **: 14:39:15.705: (../tls/gnutls/gtlsconnection-gnutls.c:303):g_tls_connection_gnutls_init_priorities: runtime check failed: (ret == 0) ``` Using G_TLS_GNUTLS_PRIORITY=NORMAL ./get ... I get no crash but an internal error. Putting more debug info into gnutls I see the following: 1. Handshake completes and TLS1.2 is negotiated 2. A second handshake is called just after, but in that case it thinks that TLS1.3 is the actual version. It seems that glib-networking is calling the gnutls_priority_set_direct() over an established TLS session (ouch), and that confuses gnutls. Applying: ``` diff --git a/lib/priority.c b/lib/priority.c index afd4b1a68..087cf5d28 100644 --- a/lib/priority.c +++ b/lib/priority.c @@ -594,7 +594,7 @@ gnutls_priority_set(gnutls_session_t session, gnutls_priority_t priority) * This will be overridden later. */ if (session->internals.priorities->protocol.algorithms > 0 && - !session->internals.handshake_in_progress) { + !session->internals.handshake_in_progress && !session->internals.initial_negotiation_completed) { if (_gnutls_set_current_version(session, session->internals.priorities-> protocol.priority[0]) < 0) { ``` on top of gnutls fixes the case where `G_TLS_GNUTLS_PRIORITY=NORMAL ./get https://tracker.debian.org/pkg/acpi-support/rss` is called. However the call to: ./get https://tracker.debian.org/pkg/acpi-support/rss still crashes. I suspect that in that case an invalid priority string is used.
Could you verify that this scratch-build addresses the issue? https://koji.fedoraproject.org/koji/taskinfo?taskID=30288246
Previous build failed. New link: https://koji.fedoraproject.org/koji/taskinfo?taskID=30288347
Well, I am on rawhide. But I downgraded with the scratch build without any noticeable change in the crashing.
(In reply to Nikos Mavrogiannopoulos from comment #24) > An interesting aspect is that if I run the reproducer I get: > ``` > (get:22014): GLib-Net-WARNING **: 14:39:15.705: G_TLS_GNUTLS_PRIORITY is > invalid; ignoring! > (get:22014): GLib-Net-WARNING **: 14:39:15.705: > (../tls/gnutls/gtlsconnection-gnutls.c:298): > g_tls_connection_gnutls_init_priorities: runtime check failed: (ret == 0) > (get:22014): GLib-Net-WARNING **: 14:39:15.705: > (../tls/gnutls/gtlsconnection-gnutls.c:303): > g_tls_connection_gnutls_init_priorities: runtime check failed: (ret == 0) > ``` I can't reproduce this issue. Have you modified your system crypto policy? When I run the example on Fedora 29 I just directly get the segfault with no warnings, just like Yanko reported: $ ./get https://tracker.debian.org/pkg/acpi-support/rss Segmentation fault (core dumped) > Using G_TLS_GNUTLS_PRIORITY=NORMAL ./get ... > I get no crash but an internal error. This is really weird. I think you're hitting a completely different issue. Here's what I see: $ G_TLS_GNUTLS_PRIORITY=NORMAL ./get https://tracker.debian.org/pkg/acpi-support/rss Segmentation fault (core dumped) In both cases the crash I'm seeing is the same as Yanko reported in comment #2 and comment #7, different from the crash reported in comment #0. > Putting more debug info into gnutls I > see the following: > > 1. Handshake completes and TLS1.2 is negotiated > > 2. A second handshake is called just after, but in that case it thinks that > TLS1.3 is the actual version. It seems that glib-networking is calling the > gnutls_priority_set_direct() over an established TLS session (ouch), and > that confuses gnutls. We do this in the case of rehandshakes (well, I guess that would be rekeys in TLS 1.3) but never for the initial handshake. The only place where we set the priority is in g_tls_connection_gnutls_set_handshake_priority(), which is only called in handshake_thread() in gtlsconnection-gnutls.c. That occurs on a secondary thread immediately before a sync call to gnutls_handshake(). > I suspect that in that case an invalid priority string is > used. Do you know what the priority string is? Could it perhaps be related to a non-default system crypto policy? Also remember that Fedora has glib-networking patched to include %SYSTEM in the priority string, so it's incompatible with upstream GnuTLS and must be run against a Fedora GnuTLS.
(In reply to Michael Catanzaro from comment #28) > We do this in the case of rehandshakes (well, I guess that would be rekeys > in TLS 1.3) but never for the initial handshake. The only place where we set > the priority is in g_tls_connection_gnutls_set_handshake_priority(), which > is only called in handshake_thread() in gtlsconnection-gnutls.c. That occurs > on a secondary thread immediately before a sync call to gnutls_handshake(). BTW a speculative fix would be to change this code in handshake_thread(): g_tls_connection_gnutls_set_handshake_priority (gnutls); into: if (!priv->ever_handshaked) g_tls_connection_gnutls_set_handshake_priority (gnutls); if calling it after a handshake is invalid (though that's never caused problems in the past).
Should probably do that regardless, since there's no reason to muck with the priorities if they've already been set.
(In reply to Michael Catanzaro from comment #28) > (In reply to Nikos Mavrogiannopoulos from comment #24) > > An interesting aspect is that if I run the reproducer I get: > > ``` > > (get:22014): GLib-Net-WARNING **: 14:39:15.705: G_TLS_GNUTLS_PRIORITY is > > invalid; ignoring! > > (get:22014): GLib-Net-WARNING **: 14:39:15.705: > > (../tls/gnutls/gtlsconnection-gnutls.c:298): > > g_tls_connection_gnutls_init_priorities: runtime check failed: (ret == 0) > > (get:22014): GLib-Net-WARNING **: 14:39:15.705: > > (../tls/gnutls/gtlsconnection-gnutls.c:303): > > g_tls_connection_gnutls_init_priorities: runtime check failed: (ret == 0) > > ``` > I can't reproduce this issue. Have you modified your system crypto policy? > When I run the example on Fedora 29 I just directly get the segfault with no > warnings, just like Yanko reported: Yes, it was actually a crypto policy issue (lib was compiled without it). > > Putting more debug info into gnutls I > > see the following: > > > > 1. Handshake completes and TLS1.2 is negotiated > > > > 2. A second handshake is called just after, but in that case it thinks that > > TLS1.3 is the actual version. It seems that glib-networking is calling the > > gnutls_priority_set_direct() over an established TLS session (ouch), and > > that confuses gnutls. > > We do this in the case of rehandshakes (well, I guess that would be rekeys > in TLS 1.3) but never for the initial handshake. The only place where we set > the priority is in g_tls_connection_gnutls_set_handshake_priority(), which > is only called in handshake_thread() in gtlsconnection-gnutls.c. That occurs > on a secondary thread immediately before a sync call to gnutls_handshake(). > > I suspect that in that case an invalid priority string is > > used. > > Do you know what the priority string is? There was not. The only issue I found was the setting of the priorities before rehandshake.
What about this build: https://koji.fedoraproject.org/koji/taskinfo?taskID=30305397
(In reply to Nikos Mavrogiannopoulos from comment #32) > What about this build: > https://koji.fedoraproject.org/koji/taskinfo?taskID=30305397 This one fixes the crash for me. The get also works as expected Blow is the gnutls debug log of the negotiation I think. $ GNUTLS_DEBUG_LEVEL=6 ./get -s 'https://tracker.debian.org/pkg/acpi-support/rss' > /dev/null gnutls[2]: Enabled GnuTLS 3.6.4 logging... gnutls[2]: getrandom random generator was detected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator (AVX) was detected gnutls[2]: cached system priority /etc/crypto-policies/back-ends/gnutls.config mtime 1537867831 gnutls[2]: Initializing needed PKCS #11 modules gnutls[2]: p11: Initializing module: p11-kit-trust gnutls[2]: p11: No login requested. gnutls[3]: p11 attrs: CKA_CLASS (CERT), CKA_CERTIFICATE_TYPE gnutls[3]: p11 attrs: CKA_TRUSTED gnutls[3]: p11 attrs: CKA_CERTIFICATE_CATEGORY=CA gnutls[2]: p11: No login requested. gnutls[3]: p11 attrs: CKA_CLASS (CERT), CKA_CERTIFICATE_TYPE gnutls[3]: p11 attrs: CKA_TRUSTED gnutls[3]: p11 attrs: CKA_CERTIFICATE_CATEGORY=CA gnutls[3]: ASSERT: pkcs11.c[find_multi_objs_cb]:3090 gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_obj_list_import_url3]:3411 gnutls[2]: p11: No login requested. gnutls[3]: p11 attrs: CKA_CLASS (CERT), CKA_CERTIFICATE_TYPE gnutls[3]: p11 attrs: CKA_TRUSTED gnutls[3]: p11 attrs: CKA_CERTIFICATE_CATEGORY=CA gnutls[2]: p11: No login requested. gnutls[3]: p11 attrs: CKA_CLASS (CERT), CKA_CERTIFICATE_TYPE gnutls[3]: p11 attrs: CKA_TRUSTED gnutls[3]: p11 attrs: CKA_CERTIFICATE_CATEGORY=CA gnutls[3]: ASSERT: pkcs11.c[find_multi_objs_cb]:3090 gnutls[3]: ASSERT: common.c[_gnutls_x509_get_raw_field2]:1566 gnutls[3]: ASSERT: x509.c[gnutls_x509_crt_get_subject_unique_id]:3895 gnutls[3]: ASSERT: x509.c[gnutls_x509_crt_get_issuer_unique_id]:3945 gnutls[3]: ASSERT: common.c[_gnutls_x509_get_raw_field2]:1566 gnutls[3]: ASSERT: x509.c[gnutls_x509_crt_get_subject_unique_id]:3895 gnutls[3]: ASSERT: x509.c[gnutls_x509_crt_get_issuer_unique_id]:3945 gnutls[3]: ASSERT: common.c[_gnutls_x509_get_raw_field2]:1566 gnutls[3]: ASSERT: x509.c[gnutls_x509_crt_get_subject_unique_id]:3895 gnutls[3]: ASSERT: x509.c[gnutls_x509_crt_get_issuer_unique_id]:3945 gnutls[3]: ASSERT: verify-high.c[advance_iter]:391 gnutls[3]: ASSERT: verify-high.c[gnutls_x509_trust_list_iter_get_ca]:485 gnutls[2]: system priority /etc/crypto-policies/back-ends/gnutls.config has not changed gnutls[2]: resolved 'SYSTEM' to 'NONE:+MAC-ALL:-MD5:+GROUP-ALL:+SIGN-ALL:-SIGN-RSA-MD5:+SIGN-RSA-SHA1:+SIGN-DSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+CIPHER-ALL:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+DHE-DSS:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:+COMP-NULL:%PROFILE_LOW', next '' gnutls[2]: selected priority string: NONE:+MAC-ALL:-MD5:+GROUP-ALL:+SIGN-ALL:-SIGN-RSA-MD5:+SIGN-RSA-SHA1:+SIGN-DSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+CIPHER-ALL:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+DHE-DSS:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:+COMP-NULL:%PROFILE_LOW:%COMPAT gnutls[2]: added 6 protocols, 33 ciphersuites, 19 sig algos and 9 groups into priority list gnutls[2]: system priority /etc/crypto-policies/back-ends/gnutls.config has not changed gnutls[2]: resolved 'SYSTEM' to 'NONE:+MAC-ALL:-MD5:+GROUP-ALL:+SIGN-ALL:-SIGN-RSA-MD5:+SIGN-RSA-SHA1:+SIGN-DSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+CIPHER-ALL:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+DHE-DSS:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:+COMP-NULL:%PROFILE_LOW', next '' gnutls[2]: selected priority string: NONE:+MAC-ALL:-MD5:+GROUP-ALL:+SIGN-ALL:-SIGN-RSA-MD5:+SIGN-RSA-SHA1:+SIGN-DSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+CIPHER-ALL:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+DHE-DSS:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:+COMP-NULL:%PROFILE_LOW:%COMPAT:%UNSAFE_RENEGOTIATION gnutls[2]: added 6 protocols, 33 ciphersuites, 19 sig algos and 9 groups into priority list gnutls[2]: system priority /etc/crypto-policies/back-ends/gnutls.config has not changed gnutls[2]: resolved 'SYSTEM' to 'NONE:+MAC-ALL:-MD5:+GROUP-ALL:+SIGN-ALL:-SIGN-RSA-MD5:+SIGN-RSA-SHA1:+SIGN-DSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+CIPHER-ALL:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+DHE-DSS:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:+COMP-NULL:%PROFILE_LOW', next '' gnutls[2]: selected priority string: NONE:+MAC-ALL:-MD5:+GROUP-ALL:+SIGN-ALL:-SIGN-RSA-MD5:+SIGN-RSA-SHA1:+SIGN-DSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+CIPHER-ALL:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+DHE-DSS:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:+COMP-NULL:%PROFILE_LOW:%COMPAT:%COMPAT:!VERS-TLS-ALL:+VERS-TLS1.0:%FALLBACK_SCSV gnutls[2]: added 3 protocols, 33 ciphersuites, 16 sig algos and 9 groups into priority list gnutls[2]: system priority /etc/crypto-policies/back-ends/gnutls.config has not changed gnutls[2]: resolved 'SYSTEM' to 'NONE:+MAC-ALL:-MD5:+GROUP-ALL:+SIGN-ALL:-SIGN-RSA-MD5:+SIGN-RSA-SHA1:+SIGN-DSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+CIPHER-ALL:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+DHE-DSS:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:+COMP-NULL:%PROFILE_LOW', next '' gnutls[2]: selected priority string: NONE:+MAC-ALL:-MD5:+GROUP-ALL:+SIGN-ALL:-SIGN-RSA-MD5:+SIGN-RSA-SHA1:+SIGN-DSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+CIPHER-ALL:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+DHE-DSS:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:+COMP-NULL:%PROFILE_LOW:%COMPAT:%COMPAT:!VERS-TLS-ALL:+VERS-TLS1.0:%FALLBACK_SCSV:%UNSAFE_RENEGOTIATION gnutls[2]: added 3 protocols, 33 ciphersuites, 16 sig algos and 9 groups into priority list gnutls[5]: REC[0x1773af0]: Allocating epoch #0 gnutls[5]: REC[0x1773af0]: Allocating epoch #1 gnutls[4]: HSK[0x1773af0]: Adv. version: 3.3 gnutls[2]: Keeping ciphersuite 13.02 (GNUTLS_AES_256_GCM_SHA384) gnutls[2]: Keeping ciphersuite 13.03 (GNUTLS_CHACHA20_POLY1305_SHA256) gnutls[2]: Keeping ciphersuite 13.01 (GNUTLS_AES_128_GCM_SHA256) gnutls[2]: Keeping ciphersuite 13.04 (GNUTLS_AES_128_CCM_SHA256) gnutls[2]: Keeping ciphersuite c0.30 (GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384) gnutls[2]: Keeping ciphersuite cc.a8 (GNUTLS_ECDHE_RSA_CHACHA20_POLY1305) gnutls[2]: Keeping ciphersuite c0.14 (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1) gnutls[2]: Keeping ciphersuite c0.2f (GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256) gnutls[2]: Keeping ciphersuite c0.13 (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1) gnutls[2]: Keeping ciphersuite c0.2c (GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384) gnutls[2]: Keeping ciphersuite cc.a9 (GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305) gnutls[2]: Keeping ciphersuite c0.ad (GNUTLS_ECDHE_ECDSA_AES_256_CCM) gnutls[2]: Keeping ciphersuite c0.0a (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1) gnutls[2]: Keeping ciphersuite c0.2b (GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256) gnutls[2]: Keeping ciphersuite c0.ac (GNUTLS_ECDHE_ECDSA_AES_128_CCM) gnutls[2]: Keeping ciphersuite c0.09 (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1) gnutls[2]: Keeping ciphersuite 00.9d (GNUTLS_RSA_AES_256_GCM_SHA384) gnutls[2]: Keeping ciphersuite c0.9d (GNUTLS_RSA_AES_256_CCM) gnutls[2]: Keeping ciphersuite 00.35 (GNUTLS_RSA_AES_256_CBC_SHA1) gnutls[2]: Keeping ciphersuite 00.9c (GNUTLS_RSA_AES_128_GCM_SHA256) gnutls[2]: Keeping ciphersuite c0.9c (GNUTLS_RSA_AES_128_CCM) gnutls[2]: Keeping ciphersuite 00.2f (GNUTLS_RSA_AES_128_CBC_SHA1) gnutls[2]: Keeping ciphersuite 00.9f (GNUTLS_DHE_RSA_AES_256_GCM_SHA384) gnutls[2]: Keeping ciphersuite cc.aa (GNUTLS_DHE_RSA_CHACHA20_POLY1305) gnutls[2]: Keeping ciphersuite c0.9f (GNUTLS_DHE_RSA_AES_256_CCM) gnutls[2]: Keeping ciphersuite 00.39 (GNUTLS_DHE_RSA_AES_256_CBC_SHA1) gnutls[2]: Keeping ciphersuite 00.9e (GNUTLS_DHE_RSA_AES_128_GCM_SHA256) gnutls[2]: Keeping ciphersuite c0.9e (GNUTLS_DHE_RSA_AES_128_CCM) gnutls[2]: Keeping ciphersuite 00.33 (GNUTLS_DHE_RSA_AES_128_CBC_SHA1) gnutls[2]: Keeping ciphersuite 00.a3 (GNUTLS_DHE_DSS_AES_256_GCM_SHA384) gnutls[2]: Keeping ciphersuite 00.38 (GNUTLS_DHE_DSS_AES_256_CBC_SHA1) gnutls[2]: Keeping ciphersuite 00.a2 (GNUTLS_DHE_DSS_AES_128_GCM_SHA256) gnutls[2]: Keeping ciphersuite 00.32 (GNUTLS_DHE_DSS_AES_128_CBC_SHA1) gnutls[4]: EXT[0x1773af0]: Preparing extension (Maximum Record Size/1) for 'client hello' gnutls[4]: EXT[0x1773af0]: Preparing extension (OCSP Status Request/5) for 'client hello' gnutls[4]: EXT[0x1773af0]: Sending extension OCSP Status Request/5 (5 bytes) gnutls[4]: EXT[0x1773af0]: Preparing extension (Client Certificate Type/19) for 'client hello' gnutls[4]: EXT[0x1773af0]: Preparing extension (Server Certificate Type/20) for 'client hello' gnutls[4]: EXT[0x1773af0]: Preparing extension (Supported Groups/10) for 'client hello' gnutls[4]: EXT[0x1773af0]: Sent group SECP256R1 (0x17) gnutls[4]: EXT[0x1773af0]: Sent group SECP384R1 (0x18) gnutls[4]: EXT[0x1773af0]: Sent group SECP521R1 (0x19) gnutls[4]: EXT[0x1773af0]: Sent group X25519 (0x1d) gnutls[4]: EXT[0x1773af0]: Sent group FFDHE2048 (0x100) gnutls[4]: EXT[0x1773af0]: Sent group FFDHE3072 (0x101) gnutls[4]: EXT[0x1773af0]: Sent group FFDHE4096 (0x102) gnutls[4]: EXT[0x1773af0]: Sent group FFDHE6144 (0x103) gnutls[4]: EXT[0x1773af0]: Sent group FFDHE8192 (0x104) gnutls[4]: EXT[0x1773af0]: Sending extension Supported Groups/10 (20 bytes) gnutls[4]: EXT[0x1773af0]: Preparing extension (Supported EC Point Formats/11) for 'client hello' gnutls[4]: EXT[0x1773af0]: Sending extension Supported EC Point Formats/11 (2 bytes) gnutls[4]: EXT[0x1773af0]: Preparing extension (SRP/12) for 'client hello' gnutls[4]: EXT[0x1773af0]: Preparing extension (Signature Algorithms/13) for 'client hello' gnutls[4]: EXT[0x1773af0]: sent signature algo (4.1) RSA-SHA256 gnutls[4]: EXT[0x1773af0]: sent signature algo (8.9) RSA-PSS-SHA256 gnutls[4]: EXT[0x1773af0]: sent signature algo (8.4) RSA-PSS-RSAE-SHA256 gnutls[4]: EXT[0x1773af0]: sent signature algo (4.3) ECDSA-SHA256 gnutls[4]: EXT[0x1773af0]: sent signature algo (8.7) EdDSA-Ed25519 gnutls[4]: EXT[0x1773af0]: sent signature algo (5.1) RSA-SHA384 gnutls[4]: EXT[0x1773af0]: sent signature algo (8.10) RSA-PSS-SHA384 gnutls[4]: EXT[0x1773af0]: sent signature algo (8.5) RSA-PSS-RSAE-SHA384 gnutls[4]: EXT[0x1773af0]: sent signature algo (5.3) ECDSA-SHA384 gnutls[4]: EXT[0x1773af0]: sent signature algo (6.1) RSA-SHA512 gnutls[4]: EXT[0x1773af0]: sent signature algo (8.11) RSA-PSS-SHA512 gnutls[4]: EXT[0x1773af0]: sent signature algo (8.6) RSA-PSS-RSAE-SHA512 gnutls[4]: EXT[0x1773af0]: sent signature algo (6.3) ECDSA-SHA512 gnutls[4]: EXT[0x1773af0]: sent signature algo (2.1) RSA-SHA1 gnutls[4]: EXT[0x1773af0]: sent signature algo (2.3) ECDSA-SHA1 gnutls[4]: EXT[0x1773af0]: sent signature algo (2.2) DSA-SHA1 gnutls[4]: EXT[0x1773af0]: Sending extension Signature Algorithms/13 (34 bytes) gnutls[4]: EXT[0x1773af0]: Preparing extension (SRTP/14) for 'client hello' gnutls[4]: EXT[0x1773af0]: Preparing extension (Heartbeat/15) for 'client hello' gnutls[4]: EXT[0x1773af0]: Preparing extension (ALPN/16) for 'client hello' gnutls[4]: EXT[0x1773af0]: Preparing extension (Encrypt-then-MAC/22) for 'client hello' gnutls[4]: EXT[0x1773af0]: Preparing extension (Extended Master Secret/23) for 'client hello' gnutls[4]: EXT[0x1773af0]: Preparing extension (Session Ticket/35) for 'client hello' gnutls[4]: EXT[0x1773af0]: Sending extension Session Ticket/35 (0 bytes) gnutls[4]: EXT[0x1773af0]: Preparing extension (Key Share/51) for 'client hello' gnutls[4]: EXT[0x1773af0]: sending key share for SECP256R1 gnutls[3]: ASSERT: mpi.c[wrap_nettle_mpi_print]:60 gnutls[3]: ASSERT: mpi.c[wrap_nettle_mpi_print]:60 gnutls[4]: EXT[0x1773af0]: sending key share for X25519 gnutls[4]: EXT[0x1773af0]: Sending extension Key Share/51 (107 bytes) gnutls[4]: EXT[0x1773af0]: Preparing extension (Supported Versions/43) for 'client hello' gnutls[2]: Advertizing version 3.4 gnutls[2]: Advertizing version 3.3 gnutls[2]: Advertizing version 3.2 gnutls[2]: Advertizing version 3.1 gnutls[4]: EXT[0x1773af0]: Sending extension Supported Versions/43 (9 bytes) gnutls[4]: EXT[0x1773af0]: Preparing extension (Post Handshake Auth/49) for 'client hello' gnutls[4]: EXT[0x1773af0]: Preparing extension (Safe Renegotiation/65281) for 'client hello' gnutls[4]: EXT[0x1773af0]: Sending extension Safe Renegotiation/65281 (1 bytes) gnutls[4]: EXT[0x1773af0]: Preparing extension (Server Name Indication/0) for 'client hello' gnutls[2]: HSK[0x1773af0]: sent server name: 'tracker.debian.org' gnutls[4]: EXT[0x1773af0]: Sending extension Server Name Indication/0 (23 bytes) gnutls[4]: EXT[0x1773af0]: Preparing extension (Cookie/44) for 'client hello' gnutls[4]: EXT[0x1773af0]: Preparing extension (Early Data/42) for 'client hello' gnutls[4]: EXT[0x1773af0]: Preparing extension (PSK Key Exchange Modes/45) for 'client hello' gnutls[4]: EXT[0x1773af0]: Sending extension PSK Key Exchange Modes/45 (3 bytes) gnutls[4]: EXT[0x1773af0]: Preparing extension (Record Size Limit/28) for 'client hello' gnutls[4]: EXT[0x1773af0]: Sending extension Record Size Limit/28 (2 bytes) gnutls[4]: EXT[0x1773af0]: Preparing extension (ClientHello Padding/21) for 'client hello' gnutls[4]: EXT[0x1773af0]: Sending extension ClientHello Padding/21 (147 bytes) gnutls[4]: EXT[0x1773af0]: Preparing extension (Pre Shared Key/41) for 'client hello' gnutls[4]: HSK[0x1773af0]: CLIENT HELLO was queued [512 bytes] gnutls[5]: REC[0x1773af0]: Preparing Packet Handshake(22) with length: 512 and min pad: 0 gnutls[5]: REC[0x1773af0]: Sent Packet[1] Handshake(22) in epoch 0 and length: 517 gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171 gnutls[5]: REC[0x1773af0]: SSL 3.3 Handshake packet received. Epoch 0, length: 69 gnutls[5]: REC[0x1773af0]: Expected Packet Handshake(22) gnutls[5]: REC[0x1773af0]: Received Packet Handshake(22) with length: 69 gnutls[5]: REC[0x1773af0]: Decrypted Packet[0] Handshake(22) with length: 69 gnutls[4]: HSK[0x1773af0]: SERVER HELLO (2) was received. Length 65[65], frag offset 0, frag length: 65, sequence: 0 gnutls[3]: ASSERT: buffers.c[get_last_packet]:1162 gnutls[3]: ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1413 gnutls[4]: HSK[0x1773af0]: Server's version: 3.3 gnutls[4]: HSK[0x1773af0]: SessionID length: 0 gnutls[4]: HSK[0x1773af0]: SessionID: c0 gnutls[4]: HSK[0x1773af0]: Selected cipher suite: GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256 gnutls[4]: EXT[0x1773af0]: Parsing extension 'Server Name Indication/0' (0 bytes) gnutls[4]: EXT[0x1773af0]: Parsing extension 'Safe Renegotiation/65281' (1 bytes) gnutls[4]: EXT[0x1773af0]: Parsing extension 'Supported EC Point Formats/11' (4 bytes) gnutls[4]: EXT[0x1773af0]: Parsing extension 'Session Ticket/35' (0 bytes) gnutls[4]: EXT[0x1773af0]: Parsing extension 'OCSP Status Request/5' (0 bytes) gnutls[4]: HSK[0x1773af0]: Safe renegotiation succeeded gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171 gnutls[5]: REC[0x1773af0]: SSL 3.3 Handshake packet received. Epoch 0, length: 2998 gnutls[5]: REC[0x1773af0]: Expected Packet Handshake(22) gnutls[5]: REC[0x1773af0]: Received Packet Handshake(22) with length: 2998 gnutls[5]: REC[0x1773af0]: Decrypted Packet[1] Handshake(22) with length: 2998 gnutls[4]: HSK[0x1773af0]: CERTIFICATE (11) was received. Length 2994[2994], frag offset 0, frag length: 2994, sequence: 0 gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171 gnutls[5]: REC[0x1773af0]: SSL 3.3 Handshake packet received. Epoch 0, length: 535 gnutls[5]: REC[0x1773af0]: Expected Packet Handshake(22) gnutls[5]: REC[0x1773af0]: Received Packet Handshake(22) with length: 535 gnutls[5]: REC[0x1773af0]: Decrypted Packet[2] Handshake(22) with length: 535 gnutls[4]: HSK[0x1773af0]: CERTIFICATE STATUS (22) was received. Length 531[531], frag offset 0, frag length: 531, sequence: 0 gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171 gnutls[5]: REC[0x1773af0]: SSL 3.3 Handshake packet received. Epoch 0, length: 589 gnutls[5]: REC[0x1773af0]: Expected Packet Handshake(22) gnutls[5]: REC[0x1773af0]: Received Packet Handshake(22) with length: 589 gnutls[5]: REC[0x1773af0]: Decrypted Packet[3] Handshake(22) with length: 589 gnutls[4]: HSK[0x1773af0]: SERVER KEY EXCHANGE (12) was received. Length 585[585], frag offset 0, frag length: 585, sequence: 0 gnutls[2]: received curve SECP256R1 gnutls[4]: HSK[0x1773af0]: Selected group SECP256R1 (2) gnutls[4]: HSK[0x1773af0]: verify TLS 1.2 handshake data: using RSA-SHA512 gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171 gnutls[5]: REC[0x1773af0]: SSL 3.3 Handshake packet received. Epoch 0, length: 4 gnutls[5]: REC[0x1773af0]: Expected Packet Handshake(22) gnutls[5]: REC[0x1773af0]: Received Packet Handshake(22) with length: 4 gnutls[5]: REC[0x1773af0]: Decrypted Packet[4] Handshake(22) with length: 4 gnutls[4]: HSK[0x1773af0]: SERVER HELLO DONE (14) was received. Length 0[0], frag offset 0, frag length: 0, sequence: 0 gnutls[3]: ASSERT: buffers.c[get_last_packet]:1162 gnutls[3]: ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1413 gnutls[3]: ASSERT: mpi.c[wrap_nettle_mpi_print]:60 gnutls[3]: ASSERT: mpi.c[wrap_nettle_mpi_print]:60 gnutls[4]: HSK[0x1773af0]: CLIENT KEY EXCHANGE was queued [70 bytes] gnutls[4]: REC[0x1773af0]: Sent ChangeCipherSpec gnutls[5]: REC[0x1773af0]: Initializing epoch #1 gnutls[5]: REC[0x1773af0]: Epoch #1 ready gnutls[4]: HSK[0x1773af0]: Cipher Suite: GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256 gnutls[4]: HSK[0x1773af0]: Initializing internal [write] cipher sessions gnutls[4]: HSK[0x1773af0]: recording tls-unique CB (send) gnutls[4]: HSK[0x1773af0]: FINISHED was queued [16 bytes] gnutls[5]: REC[0x1773af0]: Preparing Packet Handshake(22) with length: 70 and min pad: 0 gnutls[5]: REC[0x1773af0]: Sent Packet[2] Handshake(22) in epoch 0 and length: 75 gnutls[5]: REC[0x1773af0]: Preparing Packet ChangeCipherSpec(20) with length: 1 and min pad: 0 gnutls[5]: REC[0x1773af0]: Sent Packet[3] ChangeCipherSpec(20) in epoch 0 and length: 6 gnutls[5]: REC[0x1773af0]: Preparing Packet Handshake(22) with length: 16 and min pad: 0 gnutls[5]: REC[0x1773af0]: Sent Packet[1] Handshake(22) in epoch 1 and length: 45 gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171 gnutls[5]: REC[0x1773af0]: SSL 3.3 Handshake packet received. Epoch 0, length: 218 gnutls[5]: REC[0x1773af0]: Expected Packet Handshake(22) gnutls[5]: REC[0x1773af0]: Received Packet Handshake(22) with length: 218 gnutls[5]: REC[0x1773af0]: Decrypted Packet[5] Handshake(22) with length: 218 gnutls[4]: HSK[0x1773af0]: NEW SESSION TICKET (4) was received. Length 214[214], frag offset 0, frag length: 214, sequence: 0 gnutls[4]: HSK[0x1773af0]: received session ticket gnutls[5]: REC[0x1773af0]: SSL 3.3 ChangeCipherSpec packet received. Epoch 0, length: 1 gnutls[5]: REC[0x1773af0]: Expected Packet ChangeCipherSpec(20) gnutls[5]: REC[0x1773af0]: Received Packet ChangeCipherSpec(20) with length: 1 gnutls[5]: REC[0x1773af0]: Decrypted Packet[6] ChangeCipherSpec(20) with length: 1 gnutls[4]: HSK[0x1773af0]: Cipher Suite: GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256 gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171 gnutls[5]: REC[0x1773af0]: SSL 3.3 Handshake packet received. Epoch 1, length: 40 gnutls[5]: REC[0x1773af0]: Expected Packet Handshake(22) gnutls[5]: REC[0x1773af0]: Received Packet Handshake(22) with length: 40 gnutls[5]: REC[0x1773af0]: Decrypted Packet[0] Handshake(22) with length: 16 gnutls[4]: HSK[0x1773af0]: FINISHED (20) was received. Length 12[12], frag offset 0, frag length: 12, sequence: 0 gnutls[5]: REC[0x1773af0]: Start of epoch cleanup gnutls[5]: REC[0x1773af0]: Epoch #0 freed gnutls[5]: REC[0x1773af0]: End of epoch cleanup gnutls[3]: ASSERT: verify.c[verify_crt]:663 gnutls[3]: ASSERT: verify.c[verify_crt]:815 gnutls[3]: ASSERT: verify.c[_gnutls_verify_crt_status]:985 gnutls[2]: issuer in verification was not found or insecure; trying against trust list gnutls[3]: ASSERT: verify.c[verify_crt]:663 gnutls[3]: ASSERT: verify.c[verify_crt]:815 gnutls[3]: ASSERT: verify.c[_gnutls_verify_crt_status]:985 gnutls[3]: ASSERT: verify-high.c[gnutls_x509_trust_list_verify_crt2]:1374 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033 gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4585 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033 gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4598 gnutls[2]: crt_is_known: did not find any cert gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033 gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4585 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033 gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4598 gnutls[2]: crt_is_known: did not find any cert gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033 gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4585 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033 gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4598 gnutls[2]: crt_is_known: did not find any cert gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033 gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4585 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033 gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4598 gnutls[2]: crt_is_known: did not find any cert gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[2]: p11: No login requested. gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033 gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4585 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033 gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4598 gnutls[2]: crt_is_known: did not find any cert gnutls[3]: ASSERT: name_constraints.c[gnutls_x509_crt_get_name_constraints]:470 gnutls[3]: ASSERT: name_constraints.c[gnutls_x509_crt_get_name_constraints]:470 gnutls[5]: REC[0x1773af0]: Preparing Packet Application Data(23) with length: 186 and min pad: 0 gnutls[5]: REC[0x1773af0]: Sent Packet[2] Application Data(23) in epoch 1 and length: 215 gnutls[5]: REC[0x1773af0]: SSL 3.3 Handshake packet received. Epoch 1, length: 28 gnutls[5]: REC[0x1773af0]: Expected Packet Application Data(23) gnutls[5]: REC[0x1773af0]: Received Packet Handshake(22) with length: 28 gnutls[5]: REC[0x1773af0]: Decrypted Packet[1] Handshake(22) with length: 4 gnutls[3]: ASSERT: record.c[_gnutls_recv_in_buffers]:1481 gnutls[3]: ASSERT: record.c[_gnutls_recv_int]:1656 gnutls[5]: REC[0x1773af0]: Allocating epoch #2 gnutls[4]: HSK[0x1773af0]: Adv. version: 3.3 gnutls[2]: Keeping ciphersuite 13.02 (GNUTLS_AES_256_GCM_SHA384) gnutls[2]: Keeping ciphersuite 13.03 (GNUTLS_CHACHA20_POLY1305_SHA256) gnutls[2]: Keeping ciphersuite 13.01 (GNUTLS_AES_128_GCM_SHA256) gnutls[2]: Keeping ciphersuite 13.04 (GNUTLS_AES_128_CCM_SHA256) gnutls[2]: Keeping ciphersuite c0.30 (GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384) gnutls[2]: Keeping ciphersuite cc.a8 (GNUTLS_ECDHE_RSA_CHACHA20_POLY1305) gnutls[2]: Keeping ciphersuite c0.14 (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1) gnutls[2]: Keeping ciphersuite c0.2f (GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256) gnutls[2]: Keeping ciphersuite c0.13 (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1) gnutls[2]: Keeping ciphersuite c0.2c (GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384) gnutls[2]: Keeping ciphersuite cc.a9 (GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305) gnutls[2]: Keeping ciphersuite c0.ad (GNUTLS_ECDHE_ECDSA_AES_256_CCM) gnutls[2]: Keeping ciphersuite c0.0a (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1) gnutls[2]: Keeping ciphersuite c0.2b (GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256) gnutls[2]: Keeping ciphersuite c0.ac (GNUTLS_ECDHE_ECDSA_AES_128_CCM) gnutls[2]: Keeping ciphersuite c0.09 (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1) gnutls[2]: Keeping ciphersuite 00.9d (GNUTLS_RSA_AES_256_GCM_SHA384) gnutls[2]: Keeping ciphersuite c0.9d (GNUTLS_RSA_AES_256_CCM) gnutls[2]: Keeping ciphersuite 00.35 (GNUTLS_RSA_AES_256_CBC_SHA1) gnutls[2]: Keeping ciphersuite 00.9c (GNUTLS_RSA_AES_128_GCM_SHA256) gnutls[2]: Keeping ciphersuite c0.9c (GNUTLS_RSA_AES_128_CCM) gnutls[2]: Keeping ciphersuite 00.2f (GNUTLS_RSA_AES_128_CBC_SHA1) gnutls[2]: Keeping ciphersuite 00.9f (GNUTLS_DHE_RSA_AES_256_GCM_SHA384) gnutls[2]: Keeping ciphersuite cc.aa (GNUTLS_DHE_RSA_CHACHA20_POLY1305) gnutls[2]: Keeping ciphersuite c0.9f (GNUTLS_DHE_RSA_AES_256_CCM) gnutls[2]: Keeping ciphersuite 00.39 (GNUTLS_DHE_RSA_AES_256_CBC_SHA1) gnutls[2]: Keeping ciphersuite 00.9e (GNUTLS_DHE_RSA_AES_128_GCM_SHA256) gnutls[2]: Keeping ciphersuite c0.9e (GNUTLS_DHE_RSA_AES_128_CCM) gnutls[2]: Keeping ciphersuite 00.33 (GNUTLS_DHE_RSA_AES_128_CBC_SHA1) gnutls[2]: Keeping ciphersuite 00.a3 (GNUTLS_DHE_DSS_AES_256_GCM_SHA384) gnutls[2]: Keeping ciphersuite 00.38 (GNUTLS_DHE_DSS_AES_256_CBC_SHA1) gnutls[2]: Keeping ciphersuite 00.a2 (GNUTLS_DHE_DSS_AES_128_GCM_SHA256) gnutls[2]: Keeping ciphersuite 00.32 (GNUTLS_DHE_DSS_AES_128_CBC_SHA1) gnutls[4]: EXT[0x1773af0]: Preparing extension (Maximum Record Size/1) for 'client hello' gnutls[4]: EXT[0x1773af0]: Preparing extension (OCSP Status Request/5) for 'client hello' gnutls[4]: EXT[0x1773af0]: Sending extension OCSP Status Request/5 (5 bytes) gnutls[4]: EXT[0x1773af0]: Preparing extension (Client Certificate Type/19) for 'client hello' gnutls[4]: EXT[0x1773af0]: Preparing extension (Server Certificate Type/20) for 'client hello' gnutls[4]: EXT[0x1773af0]: Preparing extension (Supported Groups/10) for 'client hello' gnutls[4]: EXT[0x1773af0]: Sent group SECP256R1 (0x17) gnutls[4]: EXT[0x1773af0]: Sent group SECP384R1 (0x18) gnutls[4]: EXT[0x1773af0]: Sent group SECP521R1 (0x19) gnutls[4]: EXT[0x1773af0]: Sent group X25519 (0x1d) gnutls[4]: EXT[0x1773af0]: Sent group FFDHE2048 (0x100) gnutls[4]: EXT[0x1773af0]: Sent group FFDHE3072 (0x101) gnutls[4]: EXT[0x1773af0]: Sent group FFDHE4096 (0x102) gnutls[4]: EXT[0x1773af0]: Sent group FFDHE6144 (0x103) gnutls[4]: EXT[0x1773af0]: Sent group FFDHE8192 (0x104) gnutls[4]: EXT[0x1773af0]: Sending extension Supported Groups/10 (20 bytes) gnutls[4]: EXT[0x1773af0]: Preparing extension (Supported EC Point Formats/11) for 'client hello' gnutls[4]: EXT[0x1773af0]: Sending extension Supported EC Point Formats/11 (2 bytes) gnutls[4]: EXT[0x1773af0]: Preparing extension (SRP/12) for 'client hello' gnutls[4]: EXT[0x1773af0]: Preparing extension (Signature Algorithms/13) for 'client hello' gnutls[4]: EXT[0x1773af0]: sent signature algo (4.1) RSA-SHA256 gnutls[4]: EXT[0x1773af0]: sent signature algo (8.9) RSA-PSS-SHA256 gnutls[4]: EXT[0x1773af0]: sent signature algo (8.4) RSA-PSS-RSAE-SHA256 gnutls[4]: EXT[0x1773af0]: sent signature algo (4.3) ECDSA-SHA256 gnutls[4]: EXT[0x1773af0]: sent signature algo (8.7) EdDSA-Ed25519 gnutls[4]: EXT[0x1773af0]: sent signature algo (5.1) RSA-SHA384 gnutls[4]: EXT[0x1773af0]: sent signature algo (8.10) RSA-PSS-SHA384 gnutls[4]: EXT[0x1773af0]: sent signature algo (8.5) RSA-PSS-RSAE-SHA384 gnutls[4]: EXT[0x1773af0]: sent signature algo (5.3) ECDSA-SHA384 gnutls[4]: EXT[0x1773af0]: sent signature algo (6.1) RSA-SHA512 gnutls[4]: EXT[0x1773af0]: sent signature algo (8.11) RSA-PSS-SHA512 gnutls[4]: EXT[0x1773af0]: sent signature algo (8.6) RSA-PSS-RSAE-SHA512 gnutls[4]: EXT[0x1773af0]: sent signature algo (6.3) ECDSA-SHA512 gnutls[4]: EXT[0x1773af0]: sent signature algo (2.1) RSA-SHA1 gnutls[4]: EXT[0x1773af0]: sent signature algo (2.3) ECDSA-SHA1 gnutls[4]: EXT[0x1773af0]: sent signature algo (2.2) DSA-SHA1 gnutls[4]: EXT[0x1773af0]: Sending extension Signature Algorithms/13 (34 bytes) gnutls[4]: EXT[0x1773af0]: Preparing extension (SRTP/14) for 'client hello' gnutls[4]: EXT[0x1773af0]: Preparing extension (Heartbeat/15) for 'client hello' gnutls[4]: EXT[0x1773af0]: Preparing extension (ALPN/16) for 'client hello' gnutls[4]: EXT[0x1773af0]: Preparing extension (Encrypt-then-MAC/22) for 'client hello' gnutls[4]: EXT[0x1773af0]: Preparing extension (Extended Master Secret/23) for 'client hello' gnutls[4]: EXT[0x1773af0]: Preparing extension (Session Ticket/35) for 'client hello' gnutls[4]: EXT[0x1773af0]: Sending extension Session Ticket/35 (208 bytes) gnutls[4]: EXT[0x1773af0]: Preparing extension (Key Share/51) for 'client hello' gnutls[4]: EXT[0x1773af0]: sending key share for SECP256R1 gnutls[3]: ASSERT: mpi.c[wrap_nettle_mpi_print]:60 gnutls[3]: ASSERT: mpi.c[wrap_nettle_mpi_print]:60 gnutls[4]: EXT[0x1773af0]: sending key share for X25519 gnutls[4]: EXT[0x1773af0]: Sending extension Key Share/51 (107 bytes) gnutls[4]: EXT[0x1773af0]: Preparing extension (Supported Versions/43) for 'client hello' gnutls[2]: Advertizing version 3.4 gnutls[2]: Advertizing version 3.3 gnutls[2]: Advertizing version 3.2 gnutls[2]: Advertizing version 3.1 gnutls[4]: EXT[0x1773af0]: Sending extension Supported Versions/43 (9 bytes) gnutls[4]: EXT[0x1773af0]: Preparing extension (Post Handshake Auth/49) for 'client hello' gnutls[4]: EXT[0x1773af0]: Preparing extension (Safe Renegotiation/65281) for 'client hello' gnutls[4]: EXT[0x1773af0]: Sending extension Safe Renegotiation/65281 (13 bytes) gnutls[4]: EXT[0x1773af0]: Preparing extension (Server Name Indication/0) for 'client hello' gnutls[2]: HSK[0x1773af0]: sent server name: 'tracker.debian.org' gnutls[4]: EXT[0x1773af0]: Sending extension Server Name Indication/0 (23 bytes) gnutls[4]: EXT[0x1773af0]: Preparing extension (Cookie/44) for 'client hello' gnutls[4]: EXT[0x1773af0]: Preparing extension (Early Data/42) for 'client hello' gnutls[4]: EXT[0x1773af0]: Preparing extension (PSK Key Exchange Modes/45) for 'client hello' gnutls[4]: EXT[0x1773af0]: Sending extension PSK Key Exchange Modes/45 (3 bytes) gnutls[4]: EXT[0x1773af0]: Preparing extension (Record Size Limit/28) for 'client hello' gnutls[4]: EXT[0x1773af0]: Sending extension Record Size Limit/28 (2 bytes) gnutls[4]: EXT[0x1773af0]: Preparing extension (ClientHello Padding/21) for 'client hello' gnutls[4]: EXT[0x1773af0]: Preparing extension (Pre Shared Key/41) for 'client hello' gnutls[4]: HSK[0x1773af0]: CLIENT HELLO was queued [613 bytes] gnutls[5]: REC[0x1773af0]: Preparing Packet Handshake(22) with length: 613 and min pad: 0 gnutls[5]: REC[0x1773af0]: Sent Packet[3] Handshake(22) in epoch 1 and length: 642 gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171 gnutls[5]: REC[0x1773af0]: SSL 3.3 Handshake packet received. Epoch 1, length: 117 gnutls[5]: REC[0x1773af0]: Expected Packet Handshake(22) gnutls[5]: REC[0x1773af0]: Received Packet Handshake(22) with length: 117 gnutls[5]: REC[0x1773af0]: Decrypted Packet[2] Handshake(22) with length: 93 gnutls[4]: HSK[0x1773af0]: SERVER HELLO (2) was received. Length 89[89], frag offset 0, frag length: 89, sequence: 0 gnutls[3]: ASSERT: buffers.c[get_last_packet]:1162 gnutls[3]: ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1413 gnutls[4]: HSK[0x1773af0]: Server's version: 3.3 gnutls[4]: HSK[0x1773af0]: SessionID length: 0 gnutls[4]: HSK[0x1773af0]: SessionID: c0 gnutls[4]: HSK[0x1773af0]: Selected cipher suite: GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256 gnutls[4]: EXT[0x1773af0]: Parsing extension 'Server Name Indication/0' (0 bytes) gnutls[4]: EXT[0x1773af0]: Parsing extension 'Safe Renegotiation/65281' (25 bytes) gnutls[4]: EXT[0x1773af0]: Parsing extension 'Supported EC Point Formats/11' (4 bytes) gnutls[4]: EXT[0x1773af0]: Parsing extension 'Session Ticket/35' (0 bytes) gnutls[4]: EXT[0x1773af0]: Parsing extension 'OCSP Status Request/5' (0 bytes) gnutls[4]: HSK[0x1773af0]: Safe renegotiation succeeded gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171 gnutls[5]: REC[0x1773af0]: SSL 3.3 Handshake packet received. Epoch 1, length: 3022 gnutls[5]: REC[0x1773af0]: Expected Packet Handshake(22) gnutls[5]: REC[0x1773af0]: Received Packet Handshake(22) with length: 3022 gnutls[5]: REC[0x1773af0]: Decrypted Packet[3] Handshake(22) with length: 2998 gnutls[4]: HSK[0x1773af0]: CERTIFICATE (11) was received. Length 2994[2994], frag offset 0, frag length: 2994, sequence: 0 gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171 gnutls[5]: REC[0x1773af0]: SSL 3.3 Handshake packet received. Epoch 1, length: 559 gnutls[5]: REC[0x1773af0]: Expected Packet Handshake(22) gnutls[5]: REC[0x1773af0]: Received Packet Handshake(22) with length: 559 gnutls[5]: REC[0x1773af0]: Decrypted Packet[4] Handshake(22) with length: 535 gnutls[4]: HSK[0x1773af0]: CERTIFICATE STATUS (22) was received. Length 531[531], frag offset 0, frag length: 531, sequence: 0 gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171 gnutls[5]: REC[0x1773af0]: SSL 3.3 Handshake packet received. Epoch 1, length: 613 gnutls[5]: REC[0x1773af0]: Expected Packet Handshake(22) gnutls[5]: REC[0x1773af0]: Received Packet Handshake(22) with length: 613 gnutls[5]: REC[0x1773af0]: Decrypted Packet[5] Handshake(22) with length: 589 gnutls[4]: HSK[0x1773af0]: SERVER KEY EXCHANGE (12) was received. Length 585[585], frag offset 0, frag length: 585, sequence: 0 gnutls[2]: received curve SECP256R1 gnutls[4]: HSK[0x1773af0]: Selected group SECP256R1 (2) gnutls[4]: HSK[0x1773af0]: verify TLS 1.2 handshake data: using RSA-SHA512 gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171 gnutls[5]: REC[0x1773af0]: SSL 3.3 Handshake packet received. Epoch 1, length: 142 gnutls[5]: REC[0x1773af0]: Expected Packet Handshake(22) gnutls[5]: REC[0x1773af0]: Received Packet Handshake(22) with length: 142 gnutls[5]: REC[0x1773af0]: Decrypted Packet[6] Handshake(22) with length: 118 gnutls[4]: HSK[0x1773af0]: CERTIFICATE REQUEST (13) was received. Length 110[114], frag offset 0, frag length: 110, sequence: 0 gnutls[4]: EXT[0x1773af0]: rcvd signature algo (6.1) RSA-SHA512 gnutls[4]: EXT[0x1773af0]: rcvd signature algo (6.2) (null) gnutls[4]: EXT[0x1773af0]: rcvd signature algo (6.3) ECDSA-SHA512 gnutls[4]: EXT[0x1773af0]: rcvd signature algo (5.1) RSA-SHA384 gnutls[4]: EXT[0x1773af0]: rcvd signature algo (5.2) (null) gnutls[4]: EXT[0x1773af0]: rcvd signature algo (5.3) ECDSA-SHA384 gnutls[4]: EXT[0x1773af0]: rcvd signature algo (4.1) RSA-SHA256 gnutls[4]: EXT[0x1773af0]: rcvd signature algo (4.2) (null) gnutls[4]: EXT[0x1773af0]: rcvd signature algo (4.3) ECDSA-SHA256 gnutls[4]: EXT[0x1773af0]: rcvd signature algo (3.1) (null) gnutls[4]: EXT[0x1773af0]: rcvd signature algo (3.2) (null) gnutls[4]: EXT[0x1773af0]: rcvd signature algo (3.3) (null) gnutls[4]: EXT[0x1773af0]: rcvd signature algo (2.1) RSA-SHA1 gnutls[4]: EXT[0x1773af0]: rcvd signature algo (2.2) DSA-SHA1 gnutls[4]: EXT[0x1773af0]: rcvd signature algo (2.3) ECDSA-SHA1 gnutls[3]: Peer requested CA: O=Debian SSO client certificate,CN=SSO CA 2015-08-21 gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171 gnutls[4]: HSK[0x1773af0]: SERVER HELLO DONE (14) was received. Length 0[0], frag offset 0, frag length: 0, sequence: 0 gnutls[3]: ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1431 gnutls[4]: HSK[0x1773af0]: CERTIFICATE was queued [7 bytes] gnutls[3]: ASSERT: mpi.c[wrap_nettle_mpi_print]:60 gnutls[3]: ASSERT: mpi.c[wrap_nettle_mpi_print]:60 gnutls[4]: HSK[0x1773af0]: CLIENT KEY EXCHANGE was queued [70 bytes] gnutls[4]: REC[0x1773af0]: Sent ChangeCipherSpec gnutls[5]: REC[0x1773af0]: Initializing epoch #2 gnutls[5]: REC[0x1773af0]: Epoch #2 ready gnutls[4]: HSK[0x1773af0]: Cipher Suite: GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256 gnutls[4]: HSK[0x1773af0]: Initializing internal [write] cipher sessions gnutls[4]: HSK[0x1773af0]: recording tls-unique CB (send) gnutls[4]: HSK[0x1773af0]: FINISHED was queued [16 bytes] gnutls[5]: REC[0x1773af0]: Preparing Packet Handshake(22) with length: 7 and min pad: 0 gnutls[5]: REC[0x1773af0]: Sent Packet[4] Handshake(22) in epoch 1 and length: 36 gnutls[5]: REC[0x1773af0]: Preparing Packet Handshake(22) with length: 70 and min pad: 0 gnutls[5]: REC[0x1773af0]: Sent Packet[5] Handshake(22) in epoch 1 and length: 99 gnutls[5]: REC[0x1773af0]: Preparing Packet ChangeCipherSpec(20) with length: 1 and min pad: 0 gnutls[5]: REC[0x1773af0]: Sent Packet[6] ChangeCipherSpec(20) in epoch 1 and length: 30 gnutls[5]: REC[0x1773af0]: Preparing Packet Handshake(22) with length: 16 and min pad: 0 gnutls[5]: REC[0x1773af0]: Sent Packet[1] Handshake(22) in epoch 2 and length: 45 gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171 gnutls[5]: REC[0x1773af0]: SSL 3.3 Handshake packet received. Epoch 1, length: 226 gnutls[5]: REC[0x1773af0]: Expected Packet Handshake(22) gnutls[5]: REC[0x1773af0]: Received Packet Handshake(22) with length: 226 gnutls[5]: REC[0x1773af0]: Decrypted Packet[7] Handshake(22) with length: 202 gnutls[4]: HSK[0x1773af0]: NEW SESSION TICKET (4) was received. Length 198[198], frag offset 0, frag length: 198, sequence: 0 gnutls[4]: HSK[0x1773af0]: received session ticket gnutls[5]: REC[0x1773af0]: SSL 3.3 ChangeCipherSpec packet received. Epoch 1, length: 25 gnutls[5]: REC[0x1773af0]: Expected Packet ChangeCipherSpec(20) gnutls[5]: REC[0x1773af0]: Received Packet ChangeCipherSpec(20) with length: 25 gnutls[5]: REC[0x1773af0]: Decrypted Packet[8] ChangeCipherSpec(20) with length: 1 gnutls[4]: HSK[0x1773af0]: Cipher Suite: GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256 gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171 gnutls[5]: REC[0x1773af0]: SSL 3.3 Handshake packet received. Epoch 2, length: 40 gnutls[5]: REC[0x1773af0]: Expected Packet Handshake(22) gnutls[5]: REC[0x1773af0]: Received Packet Handshake(22) with length: 40 gnutls[5]: REC[0x1773af0]: Decrypted Packet[0] Handshake(22) with length: 16 gnutls[4]: HSK[0x1773af0]: FINISHED (20) was received. Length 12[12], frag offset 0, frag length: 12, sequence: 0 gnutls[5]: REC[0x1773af0]: Start of epoch cleanup gnutls[5]: REC[0x1773af0]: Epoch #1 freed gnutls[5]: REC[0x1773af0]: End of epoch cleanup gnutls[3]: ASSERT: verify.c[verify_crt]:663 gnutls[3]: ASSERT: verify.c[verify_crt]:815 gnutls[3]: ASSERT: verify.c[_gnutls_verify_crt_status]:985 gnutls[2]: issuer in verification was not found or insecure; trying against trust list gnutls[3]: ASSERT: verify.c[verify_crt]:663 gnutls[3]: ASSERT: verify.c[verify_crt]:815 gnutls[3]: ASSERT: verify.c[_gnutls_verify_crt_status]:985 gnutls[3]: ASSERT: verify-high.c[gnutls_x509_trust_list_verify_crt2]:1374 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033 gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4585 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033 gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4598 gnutls[2]: crt_is_known: did not find any cert gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033 gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4585 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033 gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4598 gnutls[2]: crt_is_known: did not find any cert gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033 gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4585 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033 gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4598 gnutls[2]: crt_is_known: did not find any cert gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033 gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4585 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033 gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4598 gnutls[2]: crt_is_known: did not find any cert gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[2]: p11: No login requested. gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033 gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4585 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[2]: p11: No login requested. gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208 gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033 gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4598 gnutls[2]: crt_is_known: did not find any cert gnutls[3]: ASSERT: name_constraints.c[gnutls_x509_crt_get_name_constraints]:470 gnutls[3]: ASSERT: name_constraints.c[gnutls_x509_crt_get_name_constraints]:470 gnutls[5]: REC[0x1773af0]: SSL 3.3 Application Data packet received. Epoch 2, length: 741 ...........
*** Bug 1640062 has been marked as a duplicate of this bug. ***
gnutls-3.6.4-3.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-4a56319e68
gnutls-3.6.4-3.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-4a56319e68
Thanks a bunch, Nikos! I'll also push my change to only set the priority once (before the first handshake, instead of before every handshake).
asterisk-16.0.0-1.fc29 getdns-1.4.2-4.fc29 gnutls-3.6.4-4.fc29 libreswan-3.27-1.fc29 netresolve-0.0.1-0.22.20160317git.fc29 unbound-1.8.1-1.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-7be27ff1d8
asterisk-16.0.0-1.fc29, getdns-1.4.2-4.fc29, gnutls-3.6.4-4.fc29, libreswan-3.27-1.fc29, netresolve-0.0.1-0.22.20160317git.fc29, unbound-1.8.1-1.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-7be27ff1d8
asterisk-16.0.0-1.fc29, getdns-1.4.2-4.fc29, gnutls-3.6.4-4.fc29, libreswan-3.27-1.fc29, netresolve-0.0.1-0.22.20160317git.fc29, unbound-1.8.1-1.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.