Bug 1634736 - Crash in libsoup get while getting https://tracker.debian.org/pkg/acpi-support/rss
Summary: Crash in libsoup get while getting https://tracker.debian.org/pkg/acpi-suppo...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: gnutls
Version: 29
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Nikos Mavrogiannopoulos
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 1640062 (view as bug list)
Depends On:
Blocks: 1641072
TreeView+ depends on / blocked
 
Reported: 2018-10-01 13:30 UTC by Yanko Kaneti
Modified: 2018-11-03 00:00 UTC (History)
5 users (show)

Fixed In Version: gnutls-3.6.4-4.fc29
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1641072 (view as bug list)
Environment:
Last Closed: 2018-11-03 00:00:40 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
GNOME Gitlab GNOME/glib-networking/issues/45 None None None 2018-10-17 15:49:34 UTC
Red Hat Bugzilla 1640062 None CLOSED Segmentation fault in _gnutls_cipher_auth() 2019-07-10 15:58:54 UTC
Gitlab gnutls/gnutls/merge_requests/777 None None None 2018-10-19 05:16:29 UTC

Internal Links: 1640062

Description Yanko Kaneti 2018-10-01 13:30:16 UTC
Description of problem:
If you build libsoup master and try exmaples/get with  https://tracker.debian.org/pkg/acpi-support/rss  you get a crash somewhere in the depths of gnutls/nettle

I've also filed a libsoup upstream report with some more detailed backtrace, in case this is not gnutls/nettle fault

https://gitlab.gnome.org/GNOME/libsoup/issues/123

Version-Release number of selected component (if applicable):
gnutls-3.6.4-1.fc30.x86_64
nettle-3.4-5.fc30.x86_64


How reproducible:
Always


Program terminated with signal SIGSEGV, Segmentation fault.
#0  _nettle_memxor_x86_64 () at memxor.s:78
78		xorb	%r8b, (%rax, %rdx)
[Current thread is 1 (Thread 0x7f44bf8fcf80 (LWP 24667))]
Missing separate debuginfos, use: dnf debuginfo-install libedit-3.1-24.20170329cvs.fc29.x86_64 llvm-libs-7.0.0-1.fc30.x86_64 opensc-0.18.0-4.fc29.x86_64 python3-libs-3.7.0-9.fc30.x86_64 webkit2gtk3-2.22.2-2.fc30.x86_64 webkit2gtk3-jsc-2.22.2-2.fc30.x86_64 woff2-1.0.2-4.fc29.x86_64 yajl-2.1.0-11.fc29.x86_64
(gdb) bt
#0  0x00007f44303a56c3 in _nettle_memxor_x86_64 () at memxor.s:78
#1  0x00007f4430532ef0 in encrypt_packet_tls13 (params=0x7f2fdc00c160, type=<optimized out>, pad_size=0, plain=<synthetic pointer>, cipher_size=<optimized out>, cipher_data=<optimized out>, session=0x55fddecb4600) at cipher.c:452
#2  0x00007f4430532ef0 in _gnutls_encrypt
    (session=session@entry=0x55fddecb4600, data=data@entry=0x7ffda38222e6 "\001", data_size=data_size@entry=2, min_pad=min_pad@entry=0, bufel=bufel@entry=0x55fdde93a890, type=type@entry=GNUTLS_ALERT, params=0x7f2fdc00c160) at cipher.c:96
#3  0x00007f443052f350 in _gnutls_send_tlen_int
    (session=session@entry=0x55fddecb4600, type=type@entry=GNUTLS_ALERT, htype=htype@entry=4294967295, epoch_rel=epoch_rel@entry=70001, _data=_data@entry=0x7ffda38222e6, data_size=data_size@entry=2, min_pad=0, mflags=1) at record.c:529
#4  0x00007f443055b7ad in _gnutls_send_int (mflags=1, data_size=2, _data=0x7ffda38222e6, epoch_rel=70001, htype=4294967295, type=GNUTLS_ALERT, session=0x55fddecb4600) at ./record.h:43
#5  0x00007f443055b7ad in gnutls_alert_send (session=session@entry=0x55fddecb4600, level=level@entry=GNUTLS_AL_WARNING, desc=desc@entry=GNUTLS_A_CLOSE_NOTIFY) at alert.c:165
#6  0x00007f4430531de0 in gnutls_bye (session=0x55fddecb4600, how=how@entry=GNUTLS_SHUT_WR) at record.c:297
#7  0x00007f44307012e3 in g_tls_connection_gnutls_close_internal (stream=<optimized out>, direction=(G_TLS_DIRECTION_READ | G_TLS_DIRECTION_WRITE), timeout=<optimized out>, cancellable=0x0, error=0x0) at ../tls/gnutls/gtlsconnection-gnutls.c:2668
#8  0x00007f44c4c1a85c in g_io_stream_close (stream=0x55fdded6f330 [GTlsClientConnectionGnutls], cancellable=cancellable@entry=0x0, error=error@entry=0x0) at giostream.c:422
#9  0x00007f44c56c1f99 in disconnect_internal (sock=sock@entry=0x55fddc4eb190 [SoupSocket], close=close@entry=1) at soup-socket.c:190
#10 0x00007f44c56c45a7 in soup_socket_disconnect (sock=0x55fddc4eb190 [SoupSocket]) at soup-socket.c:1593
#11 0x00007f44c569a508 in soup_connection_disconnect (conn=0x55fddedce9a0 [SoupConnection]) at soup-connection.c:586
#12 0x00007f44c5699d08 in soup_connection_set_state (conn=0x55fddedce9a0 [SoupConnection], state=SOUP_CONNECTION_IDLE) at soup-connection.c:676
#13 0x00007f44c56bb10a in soup_session_unqueue_item (session=0x55fddcef0100 [SoupSession], item=0x55fddf49e040) at soup-session.c:1489
#14 0x00007f44c56befe2 in soup_session_process_queue_item (session=<optimized out>, item=0x55fddf49e040, should_cleanup=<optimized out>, loop=<optimized out>) at soup-session.c:2040
#15 0x00007f44c56bf9ea in async_run_queue (session=session@entry=0x55fddcef0100 [SoupSession]) at soup-session.c:2082
#16 0x00007f44c56bfa7a in idle_run_queue (user_data=user_data@entry=0x55fddfe53420) at soup-session.c:2109
#17 0x00007f44c4a4db7b in g_idle_dispatch (source=0x55fddc519560, callback=0x7f44c56bfa60 <idle_run_queue>, user_data=0x55fddfe53420) at gmain.c:5620
#18 0x00007f44c4a5126d in g_main_dispatch (context=0x55fddc2693b0) at gmain.c:3182
#19 0x00007f44c4a5126d in g_main_context_dispatch (context=context@entry=0x55fddc2693b0) at gmain.c:3847
#20 0x00007f44c4a51638 in g_main_context_iterate (context=context@entry=0x55fddc2693b0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3920
#21 0x00007f44c4a516d0 in g_main_context_iteration (context=context@entry=0x55fddc2693b0, may_block=may_block@entry=1) at gmain.c:3981
#22 0x00007f44c4c56465 in g_application_run (application=0x55fddc2670e0 [LifereaApplication], argc=<optimized out>, argv=0x7ffda3822828) at gapplication.c:2470
#23 0x000055fddc01a61b in main (argc=2, argv=0x7ffda3822828) at main.c:77

Comment 1 Nikos Mavrogiannopoulos 2018-10-02 09:07:17 UTC
That may be a memory corruption. Could you try to install debug symbols for gnutls and nettle and run the same under valgrind?

You can install debug symbols as:
```
$ sudo dnf debuginfo-install gnutls nettle
```

Comment 2 Yanko Kaneti 2018-10-02 09:16:23 UTC
$ valgrind --tool=memcheck  ./get https://tracker.debian.org/pkg/acpi-support/rss
==25915== Memcheck, a memory error detector
==25915== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==25915== Using Valgrind-3.14.0.GIT and LibVEX; rerun with -h for copyright info
==25915== Command: ./get https://tracker.debian.org/pkg/acpi-support/rss
==25915== 
==25915== Thread 5 pool:
==25915== Invalid read of size 1
==25915==    at 0x741EBB3: _nettle_memxor_sse2 (memxor-2.s:79)
==25915==    by 0x7137EEF: encrypt_packet_tls13 (cipher.c:452)
==25915==    by 0x7137EEF: _gnutls_encrypt (cipher.c:96)
==25915==    by 0x713434F: _gnutls_send_tlen_int (record.c:530)
==25915==    by 0x713E178: UnknownInlinedFun (record.h:43)
==25915==    by 0x713E178: _gnutls_handshake_io_write_flush (buffers.c:797)
==25915==    by 0x714010F: _gnutls_send_handshake2 (handshake.c:1318)
==25915==    by 0x7185B23: _gnutls13_send_key_update (key_update.c:153)
==25915==    by 0x7185C61: gnutls_session_key_update (key_update.c:191)
==25915==    by 0x70A99FE: handshake_thread (gtlsconnection-gnutls.c:1883)
==25915==    by 0x70A9FD9: async_handshake_thread (gtlsconnection-gnutls.c:2096)
==25915==    by 0x4B3AA06: g_task_thread_pool_thread (gtask.c:1331)
==25915==    by 0x49ACE92: g_thread_pool_thread_proxy (gthreadpool.c:307)
==25915==    by 0x49AC489: g_thread_proxy (gthread.c:784)
==25915==  Address 0x109f3a6a3 is not stack'd, malloc'd or (recently) free'd
==25915== 
==25915== 
==25915== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==25915==  Access not within mapped region at address 0x109F3A6A3
==25915==    at 0x741EBB3: _nettle_memxor_sse2 (memxor-2.s:79)
==25915==    by 0x7137EEF: encrypt_packet_tls13 (cipher.c:452)
==25915==    by 0x7137EEF: _gnutls_encrypt (cipher.c:96)
==25915==    by 0x713434F: _gnutls_send_tlen_int (record.c:530)
==25915==    by 0x713E178: UnknownInlinedFun (record.h:43)
==25915==    by 0x713E178: _gnutls_handshake_io_write_flush (buffers.c:797)
==25915==    by 0x714010F: _gnutls_send_handshake2 (handshake.c:1318)
==25915==    by 0x7185B23: _gnutls13_send_key_update (key_update.c:153)
==25915==    by 0x7185C61: gnutls_session_key_update (key_update.c:191)
==25915==    by 0x70A99FE: handshake_thread (gtlsconnection-gnutls.c:1883)
==25915==    by 0x70A9FD9: async_handshake_thread (gtlsconnection-gnutls.c:2096)
==25915==    by 0x4B3AA06: g_task_thread_pool_thread (gtask.c:1331)
==25915==    by 0x49ACE92: g_thread_pool_thread_proxy (gthreadpool.c:307)
==25915==    by 0x49AC489: g_thread_proxy (gthread.c:784)
==25915==  If you believe this happened as a result of a stack
==25915==  overflow in your program's main thread (unlikely but
==25915==  possible), you can try to increase the size of the
==25915==  main thread stack using the --main-stacksize= flag.
==25915==  The main thread stack size used in this run was 8388608.
==25915== 
==25915== HEAP SUMMARY:
==25915==     in use at exit: 6,175,752 bytes in 50,382 blocks
==25915==   total heap usage: 169,815 allocs, 119,433 frees, 24,666,924 bytes allocated
==25915== 
==25915== LEAK SUMMARY:
==25915==    definitely lost: 240 bytes in 8 blocks
==25915==    indirectly lost: 11,090 bytes in 163 blocks
==25915==      possibly lost: 3,672 bytes in 29 blocks
==25915==    still reachable: 6,115,990 bytes in 49,828 blocks
==25915==                       of which reachable via heuristic:
==25915==                         length64           : 2,776 bytes in 55 blocks
==25915==                         newarray           : 1,872 bytes in 37 blocks
==25915==         suppressed: 0 bytes in 0 blocks
==25915== Rerun with --leak-check=full to see details of leaked memory
==25915== 
==25915== For counts of detected and suppressed errors, rerun with: -v
==25915== ERROR SUMMARY: 2 errors from 1 contexts (suppressed: 0 from 0)
Segmentation fault (core dumped)

Comment 3 Michael Catanzaro 2018-10-02 09:28:55 UTC
That doesn't look like memory corruption... just a normal segfault.

I wonder, what's happening on the other threads? ('thread apply all bt' in gdb)

Comment 4 Yanko Kaneti 2018-10-02 09:34:26 UTC
There is 'thread apply all bt' in the libsoup(now glib-networking) report

Comment 5 Nikos Mavrogiannopoulos 2018-10-02 09:42:57 UTC
Could you post the same backtrace you have in https://gitlab.gnome.org/GNOME/libsoup/issues/123 but now with the debugging symbols?

Comment 6 Yanko Kaneti 2018-10-02 09:56:34 UTC
I am not sure what you mean, the backtrace there is with the debugging symbols.
Are you saying you can't reproduce ?

Comment 7 Yanko Kaneti 2018-10-02 10:13:03 UTC
Here is a "fresh" one

(gdb) set pagination off 
(gdb) thread apply all backtrace full

Thread 5 (Thread 0x7ffff4cd8700 (LWP 3006)):
#0  0x00007ffff57fb6c3 in _nettle_memxor_x86_64 () at memxor.s:78
#1  0x00007ffff599def0 in encrypt_packet_tls13 (params=0x7fffe0008f10, type=<optimized out>, pad_size=0, plain=<synthetic pointer>, cipher_size=<optimized out>, cipher_data=<optimized out>, session=0xaa4230) at cipher.c:452
        ver = <optimized out>
        nonce = "ă!\a\377\377\377\377\060B\252\000\000\000\000"
        iv_size = <optimized out>
        max = <optimized out>
        auth_iov = {{iov_base = 0x0, iov_len = 511101108348}}
        ret = <optimized out>
        total = <optimized out>
        aad = "\377A\000\000"
        tag_size = 0
        iov = {{iov_base = 0x4, iov_len = 532575944818}, {iov_base = 0x7fffe00577f0, iov_len = 140736951484448}}
        __func__ = "encrypt_packet_tls13"
        vers = <optimized out>
        ret = <optimized out>
        __func__ = "_gnutls_encrypt"
#2  0x00007ffff599def0 in _gnutls_encrypt (session=session@entry=0xaa4230, data=data@entry=0x7fffe0027f90 "\030", data_size=data_size@entry=5, min_pad=min_pad@entry=0, bufel=bufel@entry=0x7fffe002ba50, type=type@entry=GNUTLS_HANDSHAKE, params=0x7fffe0008f10) at cipher.c:96
        vers = <optimized out>
        ret = <optimized out>
        __func__ = "_gnutls_encrypt"
#3  0x00007ffff599a350 in _gnutls_send_tlen_int (session=session@entry=0xaa4230, type=GNUTLS_HANDSHAKE, htype=<optimized out>, epoch_rel=epoch_rel@entry=1, _data=0x7fffe0027f90, data_size=5, min_pad=0, mflags=0) at record.c:529
        bufel = <optimized out>
        cipher_size = <optimized out>
        retval = <optimized out>
        ret = 0
        send_data_size = 5
        headers = <optimized out>
        data = 0x7fffe0027f90 "\030"
        record_params = 0x7fffe0008f10
        max_send_size = <optimized out>
        record_state = 0x7fffe0009070
        vers = 0x7ffff5b0bb80 <sup_versions+160>
        __func__ = "_gnutls_send_tlen_int"
#4  0x00007ffff59a4179 in _gnutls_send_int (mflags=0, data_size=<optimized out>, _data=<optimized out>, epoch_rel=1, htype=<optimized out>, type=<optimized out>, session=0xaa4230) at ./record.h:43
        send_buffer = 0xaa44f0
        msg = {data = 0x7fffe0027f90 "\030", size = 5}
        ret = <optimized out>
        epoch = 1
        total = <optimized out>
        cur = <optimized out>
        __func__ = "_gnutls_handshake_io_write_flush"
#5  0x00007ffff59a4179 in _gnutls_handshake_io_write_flush (session=session@entry=0xaa4230) at buffers.c:797
        send_buffer = 0xaa44f0
        msg = {data = 0x7fffe0027f90 "\030", size = 5}
        ret = <optimized out>
        epoch = 1
        total = <optimized out>
        cur = <optimized out>
        __func__ = "_gnutls_handshake_io_write_flush"
#6  0x00007ffff59a6110 in _gnutls_send_handshake2 (session=session@entry=0xaa4230, bufel=bufel@entry=0x7fffe0027f40, type=type@entry=GNUTLS_HANDSHAKE_KEY_UPDATE, queue_only=queue_only@entry=0) at handshake.c:1318
        ret = <optimized out>
        data = <optimized out>
        datasize = <optimized out>
        i_datasize = <optimized out>
        pos = <optimized out>
        vers = 0x7ffff5b0bb80 <sup_versions+160>
        __func__ = "_gnutls_send_handshake2"
#7  0x00007ffff59a63db in _gnutls_send_handshake (session=session@entry=0xaa4230, bufel=bufel@entry=0x7fffe0027f40, type=type@entry=GNUTLS_HANDSHAKE_KEY_UPDATE) at handshake.c:1170
#8  0x00007ffff59ebb24 in _gnutls13_send_key_update (session=session@entry=0xaa4230, again=<optimized out>, flags=flags@entry=1) at tls13/key_update.c:153
        ret = <optimized out>
        bufel = 0x7fffe0027f40
        val = 1 '\001'
        __func__ = "_gnutls13_send_key_update"
#9  0x00007ffff59ebc62 in gnutls_session_key_update (session=0xaa4230, flags=flags@entry=1) at tls13/key_update.c:190
        ret = <optimized out>
        vers = <optimized out>
        __func__ = "gnutls_session_key_update"
#10 0x00007ffff59abeb8 in gnutls_handshake (session=<optimized out>) at handshake.c:2621
        vers = <optimized out>
        ret = <optimized out>
        __func__ = "gnutls_handshake"
#11 0x00007ffff5b6a9ff in handshake_thread (task=0x7fffe801a1d0 [GTask], object=object@entry=0xa841a0, task_data=<optimized out>, cancellable=<optimized out>) at ../tls/gnutls/gtlsconnection-gnutls.c:1883
        gnutls = 0xa841a0 [GTlsClientConnectionGnutls]
        priv = 0xa84070
        error = 0x0
        ret = <optimized out>
        start_time = <optimized out>
        timeout = <optimized out>
        __func__ = "handshake_thread"
#12 0x00007ffff5b6afda in async_handshake_thread (task=<optimized out>, object=0xa841a0, task_data=<optimized out>, cancellable=<optimized out>) at ../tls/gnutls/gtlsconnection-gnutls.c:2096
        gnutls = 0xa841a0 [GTlsClientConnectionGnutls]
        priv = 0xa84070
#13 0x00007ffff7c52a07 in g_task_thread_pool_thread (thread_data=0x7fffe801a1d0, pool_data=<optimized out>) at gtask.c:1331
        task = 0x7fffe801a1d0 [GTask]
#14 0x00007ffff7e35e93 in g_thread_pool_thread_proxy (data=<optimized out>) at gthreadpool.c:307
        task = 0x7fffe801a1d0
        pool = 0x42d440
#15 0x00007ffff7e3548a in g_thread_proxy (data=0x4556d0) at gthread.c:784
        thread = 0x4556d0
        __func__ = "g_thread_proxy"
#16 0x00007ffff769758e in start_thread (arg=<optimized out>) at pthread_create.c:486
        ret = <optimized out>
        pd = <optimized out>
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737300498176, -8957421858481122168, 140737488345150, 140737488345151, 140737488345280, 140737300496000, 8957433012583781512, 8957438201194337416}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
#17 0x00007ffff7af8293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 4 (Thread 0x7ffff5733700 (LWP 3005)):
#0  0x00007ffff7aed471 in __GI___poll (fds=0x7fffec005ab0, nfds=3, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
        resultvar = 18446744073709551100
        sc_cancel_oldtype = 0
#1  0x00007ffff7e0c5a6 in g_main_context_poll (priority=<optimized out>, n_fds=3, fds=0x7fffec005ab0, timeout=<optimized out>, context=0x7fffe80142f0) at gmain.c:4221
        ret = <optimized out>
        errsv = <optimized out>
        poll_func = 0x7ffff7e1c0f0 <g_poll>
        max_priority = 2147483647
        timeout = -1
        some_ready = <optimized out>
        nfds = 3
        allocated_nfds = 3
        fds = 0x7fffec005ab0
#2  0x00007ffff7e0c5a6 in g_main_context_iterate (context=0x7fffe80142f0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3915
        max_priority = 2147483647
        timeout = -1
        some_ready = <optimized out>
        nfds = 3
        allocated_nfds = 3
        fds = 0x7fffec005ab0
#3  0x00007ffff7e0c962 in g_main_loop_run (loop=0x7fffe8014430) at gmain.c:4116
        __func__ = "g_main_loop_run"
#4  0x00007ffff7c9379a in gdbus_shared_thread_func (user_data=0x7fffe80142c0) at gdbusprivate.c:275
        data = 0x7fffe80142c0
#5  0x00007ffff7e3548a in g_thread_proxy (data=0x455d90) at gthread.c:784
        thread = 0x455d90
        __func__ = "g_thread_proxy"
#6  0x00007ffff769758e in start_thread (arg=<optimized out>) at pthread_create.c:486
        ret = <optimized out>
        pd = <optimized out>
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737311356672, -8957421858481122168, 140737324222942, 140737324222943, 140737324223072, 140737311354496, 8957433852786758792, 8957438201194337416}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
#7  0x00007ffff7af8293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 3 (Thread 0x7ffff6379700 (LWP 3004)):
#0  0x00007ffff7aed471 in __GI___poll (fds=0x454750, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
        resultvar = 18446744073709551100
        sc_cancel_oldtype = 0
#1  0x00007ffff7e0c5a6 in g_main_context_poll (priority=<optimized out>, n_fds=1, fds=0x454750, timeout=<optimized out>, context=0x454490) at gmain.c:4221
        ret = <optimized out>
        errsv = <optimized out>
        poll_func = 0x7ffff7e1c0f0 <g_poll>
        max_priority = 2147483647
        timeout = -1
        some_ready = <optimized out>
        nfds = 1
        allocated_nfds = 1
        fds = 0x454750
#2  0x00007ffff7e0c5a6 in g_main_context_iterate (context=context@entry=0x454490, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3915
        max_priority = 2147483647
        timeout = -1
        some_ready = <optimized out>
        nfds = 1
        allocated_nfds = 1
        fds = 0x454750
#3  0x00007ffff7e0c6d0 in g_main_context_iteration (context=context@entry=0x454490, may_block=may_block@entry=1) at gmain.c:3981
        retval = <optimized out>
#4  0x00007ffff6ba7c6d in dconf_gdbus_worker_thread (user_data=0x454490) at ../gdbus/dconf-gdbus-thread.c:82
        context = 0x454490
#5  0x00007ffff7e3548a in g_thread_proxy (data=0x41fca0) at gthread.c:784
        thread = 0x41fca0
        __func__ = "g_thread_proxy"
#6  0x00007ffff769758e in start_thread (arg=<optimized out>) at pthread_create.c:486
        ret = <optimized out>
        pd = <optimized out>
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737324226304, -8957421858481122168, 140737488342926, 140737488342927, 140737488343056, 140737324224128, 8957435531045229704, 8957438201194337416}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
#7  0x00007ffff7af8293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 2 (Thread 0x7ffff6b7a700 (LWP 3003)):
#0  0x00007ffff7aed471 in __GI___poll (fds=0x451770, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
        resultvar = 18446744073709551100
        sc_cancel_oldtype = 0
#1  0x00007ffff7e0c5a6 in g_main_context_poll (priority=<optimized out>, n_fds=1, fds=0x451770, timeout=<optimized out>, context=0x4514b0) at gmain.c:4221
        ret = <optimized out>
        errsv = <optimized out>
        poll_func = 0x7ffff7e1c0f0 <g_poll>
        max_priority = 2147483647
        timeout = -1
        some_ready = <optimized out>
        nfds = 1
        allocated_nfds = 1
        fds = 0x451770
#2  0x00007ffff7e0c5a6 in g_main_context_iterate (context=context@entry=0x4514b0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3915
        max_priority = 2147483647
        timeout = -1
        some_ready = <optimized out>
        nfds = 1
        allocated_nfds = 1
        fds = 0x451770
#3  0x00007ffff7e0c6d0 in g_main_context_iteration (context=0x4514b0, may_block=may_block@entry=1) at gmain.c:3981
        retval = <optimized out>
#4  0x00007ffff7e0c721 in glib_worker_main (data=<optimized out>) at gmain.c:5861
#5  0x00007ffff7e3548a in g_thread_proxy (data=0x41fc50) at gthread.c:784
        thread = 0x41fc50
        __func__ = "g_thread_proxy"
#6  0x00007ffff769758e in start_thread (arg=<optimized out>) at pthread_create.c:486
        ret = <optimized out>
        pd = <optimized out>
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737332619008, -8957421858481122168, 140737488342558, 140737488342559, 140737488342688, 140737332616832, 8957436630019986568, 8957438201194337416}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
#7  0x00007ffff7af8293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 1 (Thread 0x7ffff6dab200 (LWP 2999)):
#0  0x00007ffff7aed471 in __GI___poll (fds=0x42c350, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
        resultvar = 18446744073709551100
        sc_cancel_oldtype = 0
#1  0x00007ffff7e0c5a6 in g_main_context_poll (priority=<optimized out>, n_fds=1, fds=0x42c350, timeout=<optimized out>, context=0x423220) at gmain.c:4221
        ret = <optimized out>
        errsv = <optimized out>
        poll_func = 0x7ffff7e1c0f0 <g_poll>
        max_priority = 2147483647
        timeout = -1
        some_ready = <optimized out>
        nfds = 1
        allocated_nfds = 2
        fds = 0x42c350
#2  0x00007ffff7e0c5a6 in g_main_context_iterate (context=0x423220, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3915
        max_priority = 2147483647
        timeout = -1
        some_ready = <optimized out>
        nfds = 1
        allocated_nfds = 2
        fds = 0x42c350
#3  0x00007ffff7e0c962 in g_main_loop_run (loop=0x425320) at gmain.c:4116
        __func__ = "g_main_loop_run"
#4  0x0000000000402510 in get_url (url=0x7fffffffe1eb "https://tracker.debian.org/pkg/acpi-support/rss") at ../examples/get.c:41
        name = 0x7ffff7e0c776 <g_main_loop_new+38> "1҅\355\017\225\302H\211\030\211P\b\307@\f\001"
        msg = 0x42a0a0 [SoupMessage]
        header = 0x423220 ""
        output_file = 0x0
#5  0x0000000000402d71 in main (argc=2, argv=0x7fffffffde58) at ../examples/get.c:287
        opts = 0x412740
        url = 0x7fffffffe1eb "https://tracker.debian.org/pkg/acpi-support/rss"
        proxy_uri = 0x7ffff7fab6e8
        parsed = 0x412c00
        error = 0x0
        logger = 0x0
(gdb)

Comment 8 Nikos Mavrogiannopoulos 2018-10-02 10:56:41 UTC
Sorry I haven't reproduced (let me know how to compile libsoup preferably with address sanitizer and reproduce this). What I see is an impossible situation; the memxor() call references invalid memory. That looks like the call to send the alert happens on a session which has corrupt memory? Not sure how the memory was corrupt though. I have a small patch which adds a sanity check on gnutls, though it does not address the real issue:

https://gitlab.com/gnutls/gnutls/merge_requests/767

Comment 9 Yanko Kaneti 2018-10-02 11:58:01 UTC
Dunno much about address sanitizer but here is what works for me on rawhide

# git clone http://gitlab.gnome.org/GNOME/libsoup
# mkdir -p libsoup/build
# cd libsoup/build
# meson .. --prefix=/usr -Db_sanitize=address
# ninja
# cd examples
# ./get https://tracker.debian.org/pkg/acpi-support/rss
AddressSanitizer:DEADLYSIGNAL
=================================================================
==22929==ERROR: AddressSanitizer: SEGV on unknown address 0x7f8a42a41623 (pc 0x7f8944f456c3 bp 0x000000000000 sp 0x7f8942a41578 T4)
==22929==The signal is caused by a WRITE memory access.
    #0 0x7f8944f456c2 in _nettle_memxor_x86_64 (/lib64/libnettle.so.6+0x196c2)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib64/libnettle.so.6+0x196c2) in _nettle_memxor_x86_64
Thread T4 (pool) created by T0 here:
    #0 0x7f89489cc043 in __interceptor_pthread_create (/lib64/libasan.so.5+0x4c043)
    #1 0x7f894874ac93  (/lib64/libglib-2.0.so.0+0x95c93)

==22929==ABORTING

Comment 10 Michael Catanzaro 2018-10-02 13:41:19 UTC
I've never seen such bad results from asan and valgrind before. I'm sure if there were memory corruption, they would both be pointing that out....

Ideally you would rebuild nettle, gnutls, and glib-networking, all with address sanitizer. glib-networking should be easy since it uses meson. For nettle and gnutls, it might be harder....

Comment 11 Nikos Mavrogiannopoulos 2018-10-02 13:50:12 UTC
In .gitlab-ci.yml of nettle and gnutls there is a rule for building with address sanitizer (called asan).

Comment 12 Yanko Kaneti 2018-10-02 14:01:55 UTC
I dont know if I can do the whole stack with address sanitizer.  One thing to note that might be related or not at all is  that the "connection" test from glib-networking installed tests fails at 
..
/tls/connection/client-auth-failure: **
GLib-Net:ERROR:../tls/tests/connection.c:437:on_client_connection_close_finish: assertion failed (error == NULL): Error sending data: Broken pipe (g-io-error-quark, 44)

Comment 13 Michael Catanzaro 2018-10-02 15:36:10 UTC
glib-networking is full of race conditions. That's just one of many random test failures that I haven't had time to fully track down. I have the testsuite finally passing quite reliably when run once, but when run 100 times in a row I see errors like this. Similarly, errors when loading random HTTP resources are common.

It's probably unrelated.

Comment 14 Yanko Kaneti 2018-10-02 20:58:42 UTC
So some more diagnostics trying different combinations for gnutls and crypto-policies  on a f28 base. (DEFAULT policy)

To reproduce the bug you need specifically:
gnutls-3.6.4-1.fc29  _AND_ crypto-policies-20180925-1.git71ca85f

gnutls-3.6.4-1.fc28 + crypto-policies-20180925-1.git71ca85f - works
gnutls-3.6.4-1.fc29 + crypto-policies-20180425-5.git6ad4018 - works

Not sure what to make of it. Miscompilation on f29 and rawhide ?

Comment 15 Yanko Kaneti 2018-10-02 21:24:06 UTC
Errm, now I see that TLS 1.3 is actively disabled in the f28 build.

Comment 16 Nikos Mavrogiannopoulos 2018-10-03 06:54:59 UTC
I'm not sure if a full address sanitizer run will give more clues. From the view of gnutls developer, it looks like a session is accessed on the wrong time, however I cannot say whether that's completely wrong (accessing after deinit for example), or a semi-valid  or valid case. Maybe running that test with GNUTLS_DEBUG_LEVEL=6 will give more clues on how the gnutls calls are being made? (or ltrace)?

Comment 17 Yanko Kaneti 2018-10-03 07:01:02 UTC
$ GNUTLS_DEBUG_LEVEL=6  ./get -s   'https://tracker.debian.org/pkg/acpi-support/rss'
[yaneti@d2 examples (master)]$ GNUTLS_DEBUG_LEVEL=6  ./get -s   'https://tracker.debian.org/pkg/acpi-support/rss'
gnutls[2]: Enabled GnuTLS 3.6.4 logging...
gnutls[2]: getrandom random generator was detected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator (AVX) was detected
gnutls[2]: cached system priority /etc/crypto-policies/back-ends/gnutls.config mtime 1537867831
gnutls[2]: Initializing needed PKCS #11 modules
gnutls[2]: p11: Initializing module: p11-kit-trust
gnutls[2]: p11: No login requested.
gnutls[3]: p11 attrs: CKA_CLASS (CERT), CKA_CERTIFICATE_TYPE
gnutls[3]: p11 attrs: CKA_TRUSTED
gnutls[3]: p11 attrs: CKA_CERTIFICATE_CATEGORY=CA
gnutls[2]: p11: No login requested.
gnutls[3]: p11 attrs: CKA_CLASS (CERT), CKA_CERTIFICATE_TYPE
gnutls[3]: p11 attrs: CKA_TRUSTED
gnutls[3]: p11 attrs: CKA_CERTIFICATE_CATEGORY=CA
gnutls[3]: ASSERT: pkcs11.c[find_multi_objs_cb]:3090
gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_obj_list_import_url3]:3411
gnutls[2]: p11: No login requested.
gnutls[3]: p11 attrs: CKA_CLASS (CERT), CKA_CERTIFICATE_TYPE
gnutls[3]: p11 attrs: CKA_TRUSTED
gnutls[3]: p11 attrs: CKA_CERTIFICATE_CATEGORY=CA
gnutls[2]: p11: No login requested.
gnutls[3]: p11 attrs: CKA_CLASS (CERT), CKA_CERTIFICATE_TYPE
gnutls[3]: p11 attrs: CKA_TRUSTED
gnutls[3]: p11 attrs: CKA_CERTIFICATE_CATEGORY=CA
gnutls[3]: ASSERT: pkcs11.c[find_multi_objs_cb]:3090
gnutls[3]: ASSERT: common.c[_gnutls_x509_get_raw_field2]:1566
gnutls[3]: ASSERT: x509.c[gnutls_x509_crt_get_subject_unique_id]:3895
gnutls[3]: ASSERT: x509.c[gnutls_x509_crt_get_issuer_unique_id]:3945
gnutls[3]: ASSERT: common.c[_gnutls_x509_get_raw_field2]:1566
gnutls[3]: ASSERT: x509.c[gnutls_x509_crt_get_subject_unique_id]:3895
gnutls[3]: ASSERT: x509.c[gnutls_x509_crt_get_issuer_unique_id]:3945
gnutls[3]: ASSERT: common.c[_gnutls_x509_get_raw_field2]:1566
gnutls[3]: ASSERT: x509.c[gnutls_x509_crt_get_subject_unique_id]:3895
gnutls[3]: ASSERT: x509.c[gnutls_x509_crt_get_issuer_unique_id]:3945
gnutls[3]: ASSERT: verify-high.c[advance_iter]:391
gnutls[3]: ASSERT: verify-high.c[gnutls_x509_trust_list_iter_get_ca]:485
gnutls[2]: system priority /etc/crypto-policies/back-ends/gnutls.config has not changed
gnutls[2]: resolved 'SYSTEM' to 'NONE:+MAC-ALL:-MD5:+GROUP-ALL:+SIGN-ALL:-SIGN-RSA-MD5:+SIGN-RSA-SHA1:+SIGN-DSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+CIPHER-ALL:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+DHE-DSS:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:+COMP-NULL:%PROFILE_LOW', next ''
gnutls[2]: selected priority string: NONE:+MAC-ALL:-MD5:+GROUP-ALL:+SIGN-ALL:-SIGN-RSA-MD5:+SIGN-RSA-SHA1:+SIGN-DSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+CIPHER-ALL:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+DHE-DSS:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:+COMP-NULL:%PROFILE_LOW:%COMPAT
gnutls[2]: added 6 protocols, 33 ciphersuites, 19 sig algos and 9 groups into priority list
gnutls[2]: system priority /etc/crypto-policies/back-ends/gnutls.config has not changed
gnutls[2]: resolved 'SYSTEM' to 'NONE:+MAC-ALL:-MD5:+GROUP-ALL:+SIGN-ALL:-SIGN-RSA-MD5:+SIGN-RSA-SHA1:+SIGN-DSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+CIPHER-ALL:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+DHE-DSS:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:+COMP-NULL:%PROFILE_LOW', next ''
gnutls[2]: selected priority string: NONE:+MAC-ALL:-MD5:+GROUP-ALL:+SIGN-ALL:-SIGN-RSA-MD5:+SIGN-RSA-SHA1:+SIGN-DSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+CIPHER-ALL:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+DHE-DSS:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:+COMP-NULL:%PROFILE_LOW:%COMPAT:%UNSAFE_RENEGOTIATION
gnutls[2]: added 6 protocols, 33 ciphersuites, 19 sig algos and 9 groups into priority list
gnutls[2]: system priority /etc/crypto-policies/back-ends/gnutls.config has not changed
gnutls[2]: resolved 'SYSTEM' to 'NONE:+MAC-ALL:-MD5:+GROUP-ALL:+SIGN-ALL:-SIGN-RSA-MD5:+SIGN-RSA-SHA1:+SIGN-DSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+CIPHER-ALL:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+DHE-DSS:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:+COMP-NULL:%PROFILE_LOW', next ''
gnutls[2]: selected priority string: NONE:+MAC-ALL:-MD5:+GROUP-ALL:+SIGN-ALL:-SIGN-RSA-MD5:+SIGN-RSA-SHA1:+SIGN-DSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+CIPHER-ALL:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+DHE-DSS:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:+COMP-NULL:%PROFILE_LOW:%COMPAT:%COMPAT:!VERS-TLS-ALL:+VERS-TLS1.0:%FALLBACK_SCSV
gnutls[2]: added 3 protocols, 33 ciphersuites, 16 sig algos and 9 groups into priority list
gnutls[2]: system priority /etc/crypto-policies/back-ends/gnutls.config has not changed
gnutls[2]: resolved 'SYSTEM' to 'NONE:+MAC-ALL:-MD5:+GROUP-ALL:+SIGN-ALL:-SIGN-RSA-MD5:+SIGN-RSA-SHA1:+SIGN-DSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+CIPHER-ALL:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+DHE-DSS:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:+COMP-NULL:%PROFILE_LOW', next ''
gnutls[2]: selected priority string: NONE:+MAC-ALL:-MD5:+GROUP-ALL:+SIGN-ALL:-SIGN-RSA-MD5:+SIGN-RSA-SHA1:+SIGN-DSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+CIPHER-ALL:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+DHE-DSS:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:+COMP-NULL:%PROFILE_LOW:%COMPAT:%COMPAT:!VERS-TLS-ALL:+VERS-TLS1.0:%FALLBACK_SCSV:%UNSAFE_RENEGOTIATION
gnutls[2]: added 3 protocols, 33 ciphersuites, 16 sig algos and 9 groups into priority list
gnutls[5]: REC[0x18525c0]: Allocating epoch #0
gnutls[5]: REC[0x18525c0]: Allocating epoch #1
gnutls[4]: HSK[0x18525c0]: Adv. version: 3.3
gnutls[2]: Keeping ciphersuite 13.02 (GNUTLS_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite 13.03 (GNUTLS_CHACHA20_POLY1305_SHA256)
gnutls[2]: Keeping ciphersuite 13.01 (GNUTLS_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite 13.04 (GNUTLS_AES_128_CCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.30 (GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite cc.a8 (GNUTLS_ECDHE_RSA_CHACHA20_POLY1305)
gnutls[2]: Keeping ciphersuite c0.14 (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite c0.2f (GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.13 (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1)
gnutls[2]: Keeping ciphersuite c0.2c (GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite cc.a9 (GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305)
gnutls[2]: Keeping ciphersuite c0.ad (GNUTLS_ECDHE_ECDSA_AES_256_CCM)
gnutls[2]: Keeping ciphersuite c0.0a (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite c0.2b (GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.ac (GNUTLS_ECDHE_ECDSA_AES_128_CCM)
gnutls[2]: Keeping ciphersuite c0.09 (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9d (GNUTLS_RSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite c0.9d (GNUTLS_RSA_AES_256_CCM)
gnutls[2]: Keeping ciphersuite 00.35 (GNUTLS_RSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9c (GNUTLS_RSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.9c (GNUTLS_RSA_AES_128_CCM)
gnutls[2]: Keeping ciphersuite 00.2f (GNUTLS_RSA_AES_128_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9f (GNUTLS_DHE_RSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite cc.aa (GNUTLS_DHE_RSA_CHACHA20_POLY1305)
gnutls[2]: Keeping ciphersuite c0.9f (GNUTLS_DHE_RSA_AES_256_CCM)
gnutls[2]: Keeping ciphersuite 00.39 (GNUTLS_DHE_RSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9e (GNUTLS_DHE_RSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.9e (GNUTLS_DHE_RSA_AES_128_CCM)
gnutls[2]: Keeping ciphersuite 00.33 (GNUTLS_DHE_RSA_AES_128_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.a3 (GNUTLS_DHE_DSS_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite 00.38 (GNUTLS_DHE_DSS_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.a2 (GNUTLS_DHE_DSS_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite 00.32 (GNUTLS_DHE_DSS_AES_128_CBC_SHA1)
gnutls[4]: EXT[0x18525c0]: Preparing extension (Maximum Record Size/1) for 'client hello'
gnutls[4]: EXT[0x18525c0]: Preparing extension (OCSP Status Request/5) for 'client hello'
gnutls[4]: EXT[0x18525c0]: Sending extension OCSP Status Request/5 (5 bytes)
gnutls[4]: EXT[0x18525c0]: Preparing extension (Client Certificate Type/19) for 'client hello'
gnutls[4]: EXT[0x18525c0]: Preparing extension (Server Certificate Type/20) for 'client hello'
gnutls[4]: EXT[0x18525c0]: Preparing extension (Supported Groups/10) for 'client hello'
gnutls[4]: EXT[0x18525c0]: Sent group SECP256R1 (0x17)
gnutls[4]: EXT[0x18525c0]: Sent group SECP384R1 (0x18)
gnutls[4]: EXT[0x18525c0]: Sent group SECP521R1 (0x19)
gnutls[4]: EXT[0x18525c0]: Sent group X25519 (0x1d)
gnutls[4]: EXT[0x18525c0]: Sent group FFDHE2048 (0x100)
gnutls[4]: EXT[0x18525c0]: Sent group FFDHE3072 (0x101)
gnutls[4]: EXT[0x18525c0]: Sent group FFDHE4096 (0x102)
gnutls[4]: EXT[0x18525c0]: Sent group FFDHE6144 (0x103)
gnutls[4]: EXT[0x18525c0]: Sent group FFDHE8192 (0x104)
gnutls[4]: EXT[0x18525c0]: Sending extension Supported Groups/10 (20 bytes)
gnutls[4]: EXT[0x18525c0]: Preparing extension (Supported EC Point Formats/11) for 'client hello'
gnutls[4]: EXT[0x18525c0]: Sending extension Supported EC Point Formats/11 (2 bytes)
gnutls[4]: EXT[0x18525c0]: Preparing extension (SRP/12) for 'client hello'
gnutls[4]: EXT[0x18525c0]: Preparing extension (Signature Algorithms/13) for 'client hello'
gnutls[4]: EXT[0x18525c0]: sent signature algo (4.1) RSA-SHA256
gnutls[4]: EXT[0x18525c0]: sent signature algo (8.9) RSA-PSS-SHA256
gnutls[4]: EXT[0x18525c0]: sent signature algo (8.4) RSA-PSS-RSAE-SHA256
gnutls[4]: EXT[0x18525c0]: sent signature algo (4.3) ECDSA-SHA256
gnutls[4]: EXT[0x18525c0]: sent signature algo (8.7) EdDSA-Ed25519
gnutls[4]: EXT[0x18525c0]: sent signature algo (5.1) RSA-SHA384
gnutls[4]: EXT[0x18525c0]: sent signature algo (8.10) RSA-PSS-SHA384
gnutls[4]: EXT[0x18525c0]: sent signature algo (8.5) RSA-PSS-RSAE-SHA384
gnutls[4]: EXT[0x18525c0]: sent signature algo (5.3) ECDSA-SHA384
gnutls[4]: EXT[0x18525c0]: sent signature algo (6.1) RSA-SHA512
gnutls[4]: EXT[0x18525c0]: sent signature algo (8.11) RSA-PSS-SHA512
gnutls[4]: EXT[0x18525c0]: sent signature algo (8.6) RSA-PSS-RSAE-SHA512
gnutls[4]: EXT[0x18525c0]: sent signature algo (6.3) ECDSA-SHA512
gnutls[4]: EXT[0x18525c0]: sent signature algo (2.1) RSA-SHA1
gnutls[4]: EXT[0x18525c0]: sent signature algo (2.3) ECDSA-SHA1
gnutls[4]: EXT[0x18525c0]: sent signature algo (2.2) DSA-SHA1
gnutls[4]: EXT[0x18525c0]: Sending extension Signature Algorithms/13 (34 bytes)
gnutls[4]: EXT[0x18525c0]: Preparing extension (SRTP/14) for 'client hello'
gnutls[4]: EXT[0x18525c0]: Preparing extension (Heartbeat/15) for 'client hello'
gnutls[4]: EXT[0x18525c0]: Preparing extension (ALPN/16) for 'client hello'
gnutls[4]: EXT[0x18525c0]: Preparing extension (Encrypt-then-MAC/22) for 'client hello'
gnutls[4]: EXT[0x18525c0]: Preparing extension (Extended Master Secret/23) for 'client hello'
gnutls[4]: EXT[0x18525c0]: Preparing extension (Session Ticket/35) for 'client hello'
gnutls[4]: EXT[0x18525c0]: Sending extension Session Ticket/35 (0 bytes)
gnutls[4]: EXT[0x18525c0]: Preparing extension (Key Share/51) for 'client hello'
gnutls[4]: EXT[0x18525c0]: sending key share for SECP256R1
gnutls[3]: ASSERT: mpi.c[wrap_nettle_mpi_print]:60
gnutls[3]: ASSERT: mpi.c[wrap_nettle_mpi_print]:60
gnutls[4]: EXT[0x18525c0]: sending key share for X25519
gnutls[4]: EXT[0x18525c0]: Sending extension Key Share/51 (107 bytes)
gnutls[4]: EXT[0x18525c0]: Preparing extension (Supported Versions/43) for 'client hello'
gnutls[2]: Advertizing version 3.4
gnutls[2]: Advertizing version 3.3
gnutls[2]: Advertizing version 3.2
gnutls[2]: Advertizing version 3.1
gnutls[4]: EXT[0x18525c0]: Sending extension Supported Versions/43 (9 bytes)
gnutls[4]: EXT[0x18525c0]: Preparing extension (Post Handshake Auth/49) for 'client hello'
gnutls[4]: EXT[0x18525c0]: Preparing extension (Safe Renegotiation/65281) for 'client hello'
gnutls[4]: EXT[0x18525c0]: Sending extension Safe Renegotiation/65281 (1 bytes)
gnutls[4]: EXT[0x18525c0]: Preparing extension (Server Name Indication/0) for 'client hello'
gnutls[2]: HSK[0x18525c0]: sent server name: 'tracker.debian.org'
gnutls[4]: EXT[0x18525c0]: Sending extension Server Name Indication/0 (23 bytes)
gnutls[4]: EXT[0x18525c0]: Preparing extension (Cookie/44) for 'client hello'
gnutls[4]: EXT[0x18525c0]: Preparing extension (Early Data/42) for 'client hello'
gnutls[4]: EXT[0x18525c0]: Preparing extension (PSK Key Exchange Modes/45) for 'client hello'
gnutls[4]: EXT[0x18525c0]: Sending extension PSK Key Exchange Modes/45 (3 bytes)
gnutls[4]: EXT[0x18525c0]: Preparing extension (Record Size Limit/28) for 'client hello'
gnutls[4]: EXT[0x18525c0]: Sending extension Record Size Limit/28 (2 bytes)
gnutls[4]: EXT[0x18525c0]: Preparing extension (ClientHello Padding/21) for 'client hello'
gnutls[4]: EXT[0x18525c0]: Sending extension ClientHello Padding/21 (147 bytes)
gnutls[4]: EXT[0x18525c0]: Preparing extension (Pre Shared Key/41) for 'client hello'
gnutls[4]: HSK[0x18525c0]: CLIENT HELLO was queued [512 bytes]
gnutls[5]: REC[0x18525c0]: Preparing Packet Handshake(22) with length: 512 and min pad: 0
gnutls[5]: REC[0x18525c0]: Sent Packet[1] Handshake(22) in epoch 0 and length: 517
gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171
gnutls[5]: REC[0x18525c0]: SSL 3.3 Handshake packet received. Epoch 0, length: 69
gnutls[5]: REC[0x18525c0]: Expected Packet Handshake(22)
gnutls[5]: REC[0x18525c0]: Received Packet Handshake(22) with length: 69
gnutls[5]: REC[0x18525c0]: Decrypted Packet[0] Handshake(22) with length: 69
gnutls[4]: HSK[0x18525c0]: SERVER HELLO (2) was received. Length 65[65], frag offset 0, frag length: 65, sequence: 0
gnutls[3]: ASSERT: buffers.c[get_last_packet]:1162
gnutls[3]: ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1413
gnutls[4]: HSK[0x18525c0]: Server's version: 3.3
gnutls[4]: HSK[0x18525c0]: SessionID length: 0
gnutls[4]: HSK[0x18525c0]: SessionID: c0
gnutls[4]: HSK[0x18525c0]: Selected cipher suite: GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256
gnutls[4]: EXT[0x18525c0]: Parsing extension 'Server Name Indication/0' (0 bytes)
gnutls[4]: EXT[0x18525c0]: Parsing extension 'Safe Renegotiation/65281' (1 bytes)
gnutls[4]: EXT[0x18525c0]: Parsing extension 'Supported EC Point Formats/11' (4 bytes)
gnutls[4]: EXT[0x18525c0]: Parsing extension 'Session Ticket/35' (0 bytes)
gnutls[4]: EXT[0x18525c0]: Parsing extension 'OCSP Status Request/5' (0 bytes)
gnutls[4]: HSK[0x18525c0]: Safe renegotiation succeeded
gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171
gnutls[5]: REC[0x18525c0]: SSL 3.3 Handshake packet received. Epoch 0, length: 2998
gnutls[5]: REC[0x18525c0]: Expected Packet Handshake(22)
gnutls[5]: REC[0x18525c0]: Received Packet Handshake(22) with length: 2998
gnutls[5]: REC[0x18525c0]: Decrypted Packet[1] Handshake(22) with length: 2998
gnutls[4]: HSK[0x18525c0]: CERTIFICATE (11) was received. Length 2994[2994], frag offset 0, frag length: 2994, sequence: 0
gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171
gnutls[5]: REC[0x18525c0]: SSL 3.3 Handshake packet received. Epoch 0, length: 535
gnutls[5]: REC[0x18525c0]: Expected Packet Handshake(22)
gnutls[5]: REC[0x18525c0]: Received Packet Handshake(22) with length: 535
gnutls[5]: REC[0x18525c0]: Decrypted Packet[2] Handshake(22) with length: 535
gnutls[4]: HSK[0x18525c0]: CERTIFICATE STATUS (22) was received. Length 531[531], frag offset 0, frag length: 531, sequence: 0
gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171
gnutls[5]: REC[0x18525c0]: SSL 3.3 Handshake packet received. Epoch 0, length: 589
gnutls[5]: REC[0x18525c0]: Expected Packet Handshake(22)
gnutls[5]: REC[0x18525c0]: Received Packet Handshake(22) with length: 589
gnutls[5]: REC[0x18525c0]: Decrypted Packet[3] Handshake(22) with length: 589
gnutls[4]: HSK[0x18525c0]: SERVER KEY EXCHANGE (12) was received. Length 585[585], frag offset 0, frag length: 585, sequence: 0
gnutls[2]: received curve SECP256R1
gnutls[4]: HSK[0x18525c0]: Selected group SECP256R1 (2)
gnutls[4]: HSK[0x18525c0]: verify TLS 1.2 handshake data: using RSA-SHA512
gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171
gnutls[5]: REC[0x18525c0]: SSL 3.3 Handshake packet received. Epoch 0, length: 4
gnutls[5]: REC[0x18525c0]: Expected Packet Handshake(22)
gnutls[5]: REC[0x18525c0]: Received Packet Handshake(22) with length: 4
gnutls[5]: REC[0x18525c0]: Decrypted Packet[4] Handshake(22) with length: 4
gnutls[4]: HSK[0x18525c0]: SERVER HELLO DONE (14) was received. Length 0[0], frag offset 0, frag length: 0, sequence: 0
gnutls[3]: ASSERT: buffers.c[get_last_packet]:1162
gnutls[3]: ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1413
gnutls[3]: ASSERT: mpi.c[wrap_nettle_mpi_print]:60
gnutls[3]: ASSERT: mpi.c[wrap_nettle_mpi_print]:60
gnutls[4]: HSK[0x18525c0]: CLIENT KEY EXCHANGE was queued [70 bytes]
gnutls[4]: REC[0x18525c0]: Sent ChangeCipherSpec
gnutls[5]: REC[0x18525c0]: Initializing epoch #1
gnutls[5]: REC[0x18525c0]: Epoch #1 ready
gnutls[4]: HSK[0x18525c0]: Cipher Suite: GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256
gnutls[4]: HSK[0x18525c0]: Initializing internal [write] cipher sessions
gnutls[4]: HSK[0x18525c0]: recording tls-unique CB (send)
gnutls[4]: HSK[0x18525c0]: FINISHED was queued [16 bytes]
gnutls[5]: REC[0x18525c0]: Preparing Packet Handshake(22) with length: 70 and min pad: 0
gnutls[5]: REC[0x18525c0]: Sent Packet[2] Handshake(22) in epoch 0 and length: 75
gnutls[5]: REC[0x18525c0]: Preparing Packet ChangeCipherSpec(20) with length: 1 and min pad: 0
gnutls[5]: REC[0x18525c0]: Sent Packet[3] ChangeCipherSpec(20) in epoch 0 and length: 6
gnutls[5]: REC[0x18525c0]: Preparing Packet Handshake(22) with length: 16 and min pad: 0
gnutls[5]: REC[0x18525c0]: Sent Packet[1] Handshake(22) in epoch 1 and length: 45
gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171
gnutls[5]: REC[0x18525c0]: SSL 3.3 Handshake packet received. Epoch 0, length: 218
gnutls[5]: REC[0x18525c0]: Expected Packet Handshake(22)
gnutls[5]: REC[0x18525c0]: Received Packet Handshake(22) with length: 218
gnutls[5]: REC[0x18525c0]: Decrypted Packet[5] Handshake(22) with length: 218
gnutls[4]: HSK[0x18525c0]: NEW SESSION TICKET (4) was received. Length 214[214], frag offset 0, frag length: 214, sequence: 0
gnutls[4]: HSK[0x18525c0]: received session ticket
gnutls[5]: REC[0x18525c0]: SSL 3.3 ChangeCipherSpec packet received. Epoch 0, length: 1
gnutls[5]: REC[0x18525c0]: Expected Packet ChangeCipherSpec(20)
gnutls[5]: REC[0x18525c0]: Received Packet ChangeCipherSpec(20) with length: 1
gnutls[5]: REC[0x18525c0]: Decrypted Packet[6] ChangeCipherSpec(20) with length: 1
gnutls[4]: HSK[0x18525c0]: Cipher Suite: GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256
gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171
gnutls[5]: REC[0x18525c0]: SSL 3.3 Handshake packet received. Epoch 1, length: 40
gnutls[5]: REC[0x18525c0]: Expected Packet Handshake(22)
gnutls[5]: REC[0x18525c0]: Received Packet Handshake(22) with length: 40
gnutls[5]: REC[0x18525c0]: Decrypted Packet[0] Handshake(22) with length: 16
gnutls[4]: HSK[0x18525c0]: FINISHED (20) was received. Length 12[12], frag offset 0, frag length: 12, sequence: 0
gnutls[5]: REC[0x18525c0]: Start of epoch cleanup
gnutls[5]: REC[0x18525c0]: Epoch #0 freed
gnutls[5]: REC[0x18525c0]: End of epoch cleanup
gnutls[3]: ASSERT: verify.c[verify_crt]:663
gnutls[3]: ASSERT: verify.c[verify_crt]:815
gnutls[3]: ASSERT: verify.c[_gnutls_verify_crt_status]:985
gnutls[2]: issuer in verification was not found or insecure; trying against trust list
gnutls[3]: ASSERT: verify.c[verify_crt]:663
gnutls[3]: ASSERT: verify.c[verify_crt]:815
gnutls[3]: ASSERT: verify.c[_gnutls_verify_crt_status]:985
gnutls[3]: ASSERT: verify-high.c[gnutls_x509_trust_list_verify_crt2]:1374
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033
gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only
gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4585
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033
gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4598
gnutls[2]: crt_is_known: did not find any cert
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033
gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only
gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4585
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033
gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4598
gnutls[2]: crt_is_known: did not find any cert
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033
gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only
gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4585
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033
gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4598
gnutls[2]: crt_is_known: did not find any cert
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033
gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only
gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4585
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033
gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4598
gnutls[2]: crt_is_known: did not find any cert
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[2]: p11: No login requested.
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033
gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only
gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4585
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033
gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4598
gnutls[2]: crt_is_known: did not find any cert
gnutls[3]: ASSERT: name_constraints.c[gnutls_x509_crt_get_name_constraints]:470
gnutls[3]: ASSERT: name_constraints.c[gnutls_x509_crt_get_name_constraints]:470
gnutls[5]: REC[0x18525c0]: Preparing Packet Application Data(23) with length: 186 and min pad: 0
gnutls[5]: REC[0x18525c0]: Sent Packet[2] Application Data(23) in epoch 1 and length: 215
gnutls[5]: REC[0x18525c0]: SSL 3.3 Handshake packet received. Epoch 1, length: 28
gnutls[5]: REC[0x18525c0]: Expected Packet Application Data(23)
gnutls[5]: REC[0x18525c0]: Received Packet Handshake(22) with length: 28
gnutls[5]: REC[0x18525c0]: Decrypted Packet[1] Handshake(22) with length: 4
gnutls[3]: ASSERT: record.c[_gnutls_recv_in_buffers]:1481
gnutls[3]: ASSERT: record.c[_gnutls_recv_int]:1656
gnutls[4]: HSK[0x18525c0]: sending key update (1)
gnutls[4]: HSK[0x18525c0]: KEY_UPDATE was queued [5 bytes]
gnutls[5]: REC[0x18525c0]: Preparing Packet Handshake(22) with length: 5 and min pad: 0
Segmentation fault (core dumped)

Comment 18 Yanko Kaneti 2018-10-03 07:22:00 UTC
BTW the above dump is with LEGACY crypto policy, not with DEFAULT like my f28 tests

Comment 19 Michael Catanzaro 2018-10-03 08:45:06 UTC
(In reply to Yanko Kaneti from comment #15)
> Errm, now I see that TLS 1.3 is actively disabled in the f28 build.

Yes, that's the difference.

(glib-networking is not yet prepared for TLS 1.3.)

Comment 20 Nikos Mavrogiannopoulos 2018-10-03 09:27:57 UTC
You shouldn't need significant changes for that (you can see the differences in [0]). My understanding is that this failure has to do with rehandshake which has different semantics under TLS1.3 (does rekey only, instead of reauthentication).
Other than that, no other changes should be required for functionality. Why is the crash happening though I do not know; it looks like attempting to send an alert while on a rekey? Is that example multi-threaded?

[0].
https://nikmav.blogspot.com/2018/05/gnutls-and-tls-13.html

Comment 21 Yanko Kaneti 2018-10-03 10:16:41 UTC
Ehm, if glib-networking is not ready for TLS1.3 perhaps we should just disable it there.

The exmple works fine with:
G_TLS_GNUTLS_PRIORITY=NORMAL:-VERS-TLS1.3:%COMPAT
comparad to the default NORMAL:%COMPAT

Comment 22 Michael Catanzaro 2018-10-03 12:27:16 UTC
Well that's one option, a good choice if we get stuck. I'd rather try to figure out what's wrong first.

(In reply to Nikos Mavrogiannopoulos from comment #20)
> Other than that, no other changes should be required for functionality. Why
> is the crash happening though I do not know; it looks like attempting to
> send an alert while on a rekey? Is that example multi-threaded?

I see multiple backtraces posted above:

 * The first one in comment #0 shows a crash when sending a close alert GNUTLS_A_CLOSE_NOTIFY. The close is occurring because soup_connection_disconnect() was called.
 * The second one in comment #2 shows a crash during the handshake (inside the re-key code). Looks quite different from the first trace.
 * The third one in comment #3 matches the trace in comment #2.

The handshake *always* occurs on a secondary thread to avoid blocking the main thread. There are likely unresolved threadsafety issues in the code that handles this.

Comment 23 Nikos Mavrogiannopoulos 2018-10-17 11:53:27 UTC
This seems to be identical to https://bugzilla.redhat.com/show_bug.cgi?id=1640062

Comment 24 Nikos Mavrogiannopoulos 2018-10-17 12:45:31 UTC
An interesting aspect is that if I run the reproducer I get:
```
(get:22014): GLib-Net-WARNING **: 14:39:15.705: G_TLS_GNUTLS_PRIORITY is invalid; ignoring!
(get:22014): GLib-Net-WARNING **: 14:39:15.705: (../tls/gnutls/gtlsconnection-gnutls.c:298):g_tls_connection_gnutls_init_priorities: runtime check failed: (ret == 0)
(get:22014): GLib-Net-WARNING **: 14:39:15.705: (../tls/gnutls/gtlsconnection-gnutls.c:303):g_tls_connection_gnutls_init_priorities: runtime check failed: (ret == 0)
```

Using G_TLS_GNUTLS_PRIORITY=NORMAL ./get ...
I get no crash but an internal error. Putting more debug info into gnutls I see the following:

1. Handshake completes and TLS1.2 is negotiated

2. A second handshake is called just after, but in that case it thinks that TLS1.3 is the actual version. It seems that glib-networking is calling the gnutls_priority_set_direct() over an established TLS session (ouch), and that confuses gnutls.

Applying:
```
diff --git a/lib/priority.c b/lib/priority.c
index afd4b1a68..087cf5d28 100644
--- a/lib/priority.c
+++ b/lib/priority.c
@@ -594,7 +594,7 @@ gnutls_priority_set(gnutls_session_t session, gnutls_priority_t priority)
         * This will be overridden later.
         */
        if (session->internals.priorities->protocol.algorithms > 0 &&
-           !session->internals.handshake_in_progress) {
+           !session->internals.handshake_in_progress && !session->internals.initial_negotiation_completed) {
                if (_gnutls_set_current_version(session,
                                            session->internals.priorities->
                                            protocol.priority[0]) < 0) {
```
on top of gnutls fixes the case where
`G_TLS_GNUTLS_PRIORITY=NORMAL ./get https://tracker.debian.org/pkg/acpi-support/rss` is called.

However the call to:
./get https://tracker.debian.org/pkg/acpi-support/rss

still crashes. I suspect that in that case an invalid priority string is used.

Comment 25 Nikos Mavrogiannopoulos 2018-10-17 12:59:25 UTC
Could you verify that this scratch-build addresses the issue?

https://koji.fedoraproject.org/koji/taskinfo?taskID=30288246

Comment 26 Nikos Mavrogiannopoulos 2018-10-17 13:05:11 UTC
Previous build failed. New link: https://koji.fedoraproject.org/koji/taskinfo?taskID=30288347

Comment 27 Yanko Kaneti 2018-10-17 13:58:15 UTC
Well, I am on rawhide. But I downgraded with the scratch build without any noticeable change in the crashing.

Comment 28 Michael Catanzaro 2018-10-17 15:49:08 UTC
(In reply to Nikos Mavrogiannopoulos from comment #24)
> An interesting aspect is that if I run the reproducer I get:
> ```
> (get:22014): GLib-Net-WARNING **: 14:39:15.705: G_TLS_GNUTLS_PRIORITY is
> invalid; ignoring!
> (get:22014): GLib-Net-WARNING **: 14:39:15.705:
> (../tls/gnutls/gtlsconnection-gnutls.c:298):
> g_tls_connection_gnutls_init_priorities: runtime check failed: (ret == 0)
> (get:22014): GLib-Net-WARNING **: 14:39:15.705:
> (../tls/gnutls/gtlsconnection-gnutls.c:303):
> g_tls_connection_gnutls_init_priorities: runtime check failed: (ret == 0)
> ```

I can't reproduce this issue. Have you modified your system crypto policy? When I run the example on Fedora 29 I just directly get the segfault with no warnings, just like Yanko reported:

$ ./get https://tracker.debian.org/pkg/acpi-support/rss
Segmentation fault (core dumped)

> Using G_TLS_GNUTLS_PRIORITY=NORMAL ./get ...
> I get no crash but an internal error.

This is really weird. I think you're hitting a completely different issue. Here's what I see:

$ G_TLS_GNUTLS_PRIORITY=NORMAL ./get https://tracker.debian.org/pkg/acpi-support/rss
Segmentation fault (core dumped)

In both cases the crash I'm seeing is the same as Yanko reported in comment #2 and comment #7, different from the crash reported in comment #0.

> Putting more debug info into gnutls I
> see the following:
> 
> 1. Handshake completes and TLS1.2 is negotiated
> 
> 2. A second handshake is called just after, but in that case it thinks that
> TLS1.3 is the actual version. It seems that glib-networking is calling the
> gnutls_priority_set_direct() over an established TLS session (ouch), and
> that confuses gnutls.

We do this in the case of rehandshakes (well, I guess that would be rekeys in TLS 1.3) but never for the initial handshake. The only place where we set the priority is in g_tls_connection_gnutls_set_handshake_priority(), which is only called in handshake_thread() in gtlsconnection-gnutls.c. That occurs on a secondary thread immediately before a sync call to gnutls_handshake().

> I suspect that in that case an invalid priority string is
> used.

Do you know what the priority string is? Could it perhaps be related to a non-default system crypto policy? Also remember that Fedora has glib-networking patched to include %SYSTEM in the priority string, so it's incompatible with upstream GnuTLS and must be run against a Fedora GnuTLS.

Comment 29 Michael Catanzaro 2018-10-17 15:53:10 UTC
(In reply to Michael Catanzaro from comment #28)
> We do this in the case of rehandshakes (well, I guess that would be rekeys
> in TLS 1.3) but never for the initial handshake. The only place where we set
> the priority is in g_tls_connection_gnutls_set_handshake_priority(), which
> is only called in handshake_thread() in gtlsconnection-gnutls.c. That occurs
> on a secondary thread immediately before a sync call to gnutls_handshake().

BTW a speculative fix would be to change this code in handshake_thread():

  g_tls_connection_gnutls_set_handshake_priority (gnutls);

into:

  if (!priv->ever_handshaked)
    g_tls_connection_gnutls_set_handshake_priority (gnutls);

if calling it after a handshake is invalid (though that's never caused problems in the past).

Comment 30 Michael Catanzaro 2018-10-17 15:54:52 UTC
Should probably do that regardless, since there's no reason to muck with the priorities if they've already been set.

Comment 31 Nikos Mavrogiannopoulos 2018-10-17 18:45:41 UTC
(In reply to Michael Catanzaro from comment #28)
> (In reply to Nikos Mavrogiannopoulos from comment #24)
> > An interesting aspect is that if I run the reproducer I get:
> > ```
> > (get:22014): GLib-Net-WARNING **: 14:39:15.705: G_TLS_GNUTLS_PRIORITY is
> > invalid; ignoring!
> > (get:22014): GLib-Net-WARNING **: 14:39:15.705:
> > (../tls/gnutls/gtlsconnection-gnutls.c:298):
> > g_tls_connection_gnutls_init_priorities: runtime check failed: (ret == 0)
> > (get:22014): GLib-Net-WARNING **: 14:39:15.705:
> > (../tls/gnutls/gtlsconnection-gnutls.c:303):
> > g_tls_connection_gnutls_init_priorities: runtime check failed: (ret == 0)
> > ```
> I can't reproduce this issue. Have you modified your system crypto policy?
> When I run the example on Fedora 29 I just directly get the segfault with no
> warnings, just like Yanko reported:

Yes, it was actually a crypto policy issue (lib was compiled without it).

> > Putting more debug info into gnutls I
> > see the following:
> > 
> > 1. Handshake completes and TLS1.2 is negotiated
> > 
> > 2. A second handshake is called just after, but in that case it thinks that
> > TLS1.3 is the actual version. It seems that glib-networking is calling the
> > gnutls_priority_set_direct() over an established TLS session (ouch), and
> > that confuses gnutls.
> 
> We do this in the case of rehandshakes (well, I guess that would be rekeys
> in TLS 1.3) but never for the initial handshake. The only place where we set
> the priority is in g_tls_connection_gnutls_set_handshake_priority(), which
> is only called in handshake_thread() in gtlsconnection-gnutls.c. That occurs
> on a secondary thread immediately before a sync call to gnutls_handshake().

> > I suspect that in that case an invalid priority string is
> > used.
> 
> Do you know what the priority string is?

There was not. The only issue I found was the setting of the priorities before rehandshake.

Comment 32 Nikos Mavrogiannopoulos 2018-10-18 07:30:22 UTC
What about this build:
https://koji.fedoraproject.org/koji/taskinfo?taskID=30305397

Comment 33 Yanko Kaneti 2018-10-18 07:53:21 UTC
(In reply to Nikos Mavrogiannopoulos from comment #32)
> What about this build:
> https://koji.fedoraproject.org/koji/taskinfo?taskID=30305397

This one fixes the crash for me. The get also works as expected
Blow is the gnutls debug log of the negotiation I think.

$ GNUTLS_DEBUG_LEVEL=6 ./get -s   'https://tracker.debian.org/pkg/acpi-support/rss' > /dev/null
gnutls[2]: Enabled GnuTLS 3.6.4 logging...
gnutls[2]: getrandom random generator was detected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator (AVX) was detected
gnutls[2]: cached system priority /etc/crypto-policies/back-ends/gnutls.config mtime 1537867831
gnutls[2]: Initializing needed PKCS #11 modules
gnutls[2]: p11: Initializing module: p11-kit-trust
gnutls[2]: p11: No login requested.
gnutls[3]: p11 attrs: CKA_CLASS (CERT), CKA_CERTIFICATE_TYPE
gnutls[3]: p11 attrs: CKA_TRUSTED
gnutls[3]: p11 attrs: CKA_CERTIFICATE_CATEGORY=CA
gnutls[2]: p11: No login requested.
gnutls[3]: p11 attrs: CKA_CLASS (CERT), CKA_CERTIFICATE_TYPE
gnutls[3]: p11 attrs: CKA_TRUSTED
gnutls[3]: p11 attrs: CKA_CERTIFICATE_CATEGORY=CA
gnutls[3]: ASSERT: pkcs11.c[find_multi_objs_cb]:3090
gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_obj_list_import_url3]:3411
gnutls[2]: p11: No login requested.
gnutls[3]: p11 attrs: CKA_CLASS (CERT), CKA_CERTIFICATE_TYPE
gnutls[3]: p11 attrs: CKA_TRUSTED
gnutls[3]: p11 attrs: CKA_CERTIFICATE_CATEGORY=CA
gnutls[2]: p11: No login requested.
gnutls[3]: p11 attrs: CKA_CLASS (CERT), CKA_CERTIFICATE_TYPE
gnutls[3]: p11 attrs: CKA_TRUSTED
gnutls[3]: p11 attrs: CKA_CERTIFICATE_CATEGORY=CA
gnutls[3]: ASSERT: pkcs11.c[find_multi_objs_cb]:3090
gnutls[3]: ASSERT: common.c[_gnutls_x509_get_raw_field2]:1566
gnutls[3]: ASSERT: x509.c[gnutls_x509_crt_get_subject_unique_id]:3895
gnutls[3]: ASSERT: x509.c[gnutls_x509_crt_get_issuer_unique_id]:3945
gnutls[3]: ASSERT: common.c[_gnutls_x509_get_raw_field2]:1566
gnutls[3]: ASSERT: x509.c[gnutls_x509_crt_get_subject_unique_id]:3895
gnutls[3]: ASSERT: x509.c[gnutls_x509_crt_get_issuer_unique_id]:3945
gnutls[3]: ASSERT: common.c[_gnutls_x509_get_raw_field2]:1566
gnutls[3]: ASSERT: x509.c[gnutls_x509_crt_get_subject_unique_id]:3895
gnutls[3]: ASSERT: x509.c[gnutls_x509_crt_get_issuer_unique_id]:3945
gnutls[3]: ASSERT: verify-high.c[advance_iter]:391
gnutls[3]: ASSERT: verify-high.c[gnutls_x509_trust_list_iter_get_ca]:485
gnutls[2]: system priority /etc/crypto-policies/back-ends/gnutls.config has not changed
gnutls[2]: resolved 'SYSTEM' to 'NONE:+MAC-ALL:-MD5:+GROUP-ALL:+SIGN-ALL:-SIGN-RSA-MD5:+SIGN-RSA-SHA1:+SIGN-DSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+CIPHER-ALL:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+DHE-DSS:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:+COMP-NULL:%PROFILE_LOW', next ''
gnutls[2]: selected priority string: NONE:+MAC-ALL:-MD5:+GROUP-ALL:+SIGN-ALL:-SIGN-RSA-MD5:+SIGN-RSA-SHA1:+SIGN-DSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+CIPHER-ALL:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+DHE-DSS:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:+COMP-NULL:%PROFILE_LOW:%COMPAT
gnutls[2]: added 6 protocols, 33 ciphersuites, 19 sig algos and 9 groups into priority list
gnutls[2]: system priority /etc/crypto-policies/back-ends/gnutls.config has not changed
gnutls[2]: resolved 'SYSTEM' to 'NONE:+MAC-ALL:-MD5:+GROUP-ALL:+SIGN-ALL:-SIGN-RSA-MD5:+SIGN-RSA-SHA1:+SIGN-DSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+CIPHER-ALL:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+DHE-DSS:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:+COMP-NULL:%PROFILE_LOW', next ''
gnutls[2]: selected priority string: NONE:+MAC-ALL:-MD5:+GROUP-ALL:+SIGN-ALL:-SIGN-RSA-MD5:+SIGN-RSA-SHA1:+SIGN-DSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+CIPHER-ALL:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+DHE-DSS:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:+COMP-NULL:%PROFILE_LOW:%COMPAT:%UNSAFE_RENEGOTIATION
gnutls[2]: added 6 protocols, 33 ciphersuites, 19 sig algos and 9 groups into priority list
gnutls[2]: system priority /etc/crypto-policies/back-ends/gnutls.config has not changed
gnutls[2]: resolved 'SYSTEM' to 'NONE:+MAC-ALL:-MD5:+GROUP-ALL:+SIGN-ALL:-SIGN-RSA-MD5:+SIGN-RSA-SHA1:+SIGN-DSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+CIPHER-ALL:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+DHE-DSS:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:+COMP-NULL:%PROFILE_LOW', next ''
gnutls[2]: selected priority string: NONE:+MAC-ALL:-MD5:+GROUP-ALL:+SIGN-ALL:-SIGN-RSA-MD5:+SIGN-RSA-SHA1:+SIGN-DSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+CIPHER-ALL:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+DHE-DSS:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:+COMP-NULL:%PROFILE_LOW:%COMPAT:%COMPAT:!VERS-TLS-ALL:+VERS-TLS1.0:%FALLBACK_SCSV
gnutls[2]: added 3 protocols, 33 ciphersuites, 16 sig algos and 9 groups into priority list
gnutls[2]: system priority /etc/crypto-policies/back-ends/gnutls.config has not changed
gnutls[2]: resolved 'SYSTEM' to 'NONE:+MAC-ALL:-MD5:+GROUP-ALL:+SIGN-ALL:-SIGN-RSA-MD5:+SIGN-RSA-SHA1:+SIGN-DSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+CIPHER-ALL:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+DHE-DSS:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:+COMP-NULL:%PROFILE_LOW', next ''
gnutls[2]: selected priority string: NONE:+MAC-ALL:-MD5:+GROUP-ALL:+SIGN-ALL:-SIGN-RSA-MD5:+SIGN-RSA-SHA1:+SIGN-DSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+CIPHER-ALL:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+DHE-DSS:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:+COMP-NULL:%PROFILE_LOW:%COMPAT:%COMPAT:!VERS-TLS-ALL:+VERS-TLS1.0:%FALLBACK_SCSV:%UNSAFE_RENEGOTIATION
gnutls[2]: added 3 protocols, 33 ciphersuites, 16 sig algos and 9 groups into priority list
gnutls[5]: REC[0x1773af0]: Allocating epoch #0
gnutls[5]: REC[0x1773af0]: Allocating epoch #1
gnutls[4]: HSK[0x1773af0]: Adv. version: 3.3
gnutls[2]: Keeping ciphersuite 13.02 (GNUTLS_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite 13.03 (GNUTLS_CHACHA20_POLY1305_SHA256)
gnutls[2]: Keeping ciphersuite 13.01 (GNUTLS_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite 13.04 (GNUTLS_AES_128_CCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.30 (GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite cc.a8 (GNUTLS_ECDHE_RSA_CHACHA20_POLY1305)
gnutls[2]: Keeping ciphersuite c0.14 (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite c0.2f (GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.13 (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1)
gnutls[2]: Keeping ciphersuite c0.2c (GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite cc.a9 (GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305)
gnutls[2]: Keeping ciphersuite c0.ad (GNUTLS_ECDHE_ECDSA_AES_256_CCM)
gnutls[2]: Keeping ciphersuite c0.0a (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite c0.2b (GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.ac (GNUTLS_ECDHE_ECDSA_AES_128_CCM)
gnutls[2]: Keeping ciphersuite c0.09 (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9d (GNUTLS_RSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite c0.9d (GNUTLS_RSA_AES_256_CCM)
gnutls[2]: Keeping ciphersuite 00.35 (GNUTLS_RSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9c (GNUTLS_RSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.9c (GNUTLS_RSA_AES_128_CCM)
gnutls[2]: Keeping ciphersuite 00.2f (GNUTLS_RSA_AES_128_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9f (GNUTLS_DHE_RSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite cc.aa (GNUTLS_DHE_RSA_CHACHA20_POLY1305)
gnutls[2]: Keeping ciphersuite c0.9f (GNUTLS_DHE_RSA_AES_256_CCM)
gnutls[2]: Keeping ciphersuite 00.39 (GNUTLS_DHE_RSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9e (GNUTLS_DHE_RSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.9e (GNUTLS_DHE_RSA_AES_128_CCM)
gnutls[2]: Keeping ciphersuite 00.33 (GNUTLS_DHE_RSA_AES_128_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.a3 (GNUTLS_DHE_DSS_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite 00.38 (GNUTLS_DHE_DSS_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.a2 (GNUTLS_DHE_DSS_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite 00.32 (GNUTLS_DHE_DSS_AES_128_CBC_SHA1)
gnutls[4]: EXT[0x1773af0]: Preparing extension (Maximum Record Size/1) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Preparing extension (OCSP Status Request/5) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Sending extension OCSP Status Request/5 (5 bytes)
gnutls[4]: EXT[0x1773af0]: Preparing extension (Client Certificate Type/19) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Preparing extension (Server Certificate Type/20) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Preparing extension (Supported Groups/10) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Sent group SECP256R1 (0x17)
gnutls[4]: EXT[0x1773af0]: Sent group SECP384R1 (0x18)
gnutls[4]: EXT[0x1773af0]: Sent group SECP521R1 (0x19)
gnutls[4]: EXT[0x1773af0]: Sent group X25519 (0x1d)
gnutls[4]: EXT[0x1773af0]: Sent group FFDHE2048 (0x100)
gnutls[4]: EXT[0x1773af0]: Sent group FFDHE3072 (0x101)
gnutls[4]: EXT[0x1773af0]: Sent group FFDHE4096 (0x102)
gnutls[4]: EXT[0x1773af0]: Sent group FFDHE6144 (0x103)
gnutls[4]: EXT[0x1773af0]: Sent group FFDHE8192 (0x104)
gnutls[4]: EXT[0x1773af0]: Sending extension Supported Groups/10 (20 bytes)
gnutls[4]: EXT[0x1773af0]: Preparing extension (Supported EC Point Formats/11) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Sending extension Supported EC Point Formats/11 (2 bytes)
gnutls[4]: EXT[0x1773af0]: Preparing extension (SRP/12) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Preparing extension (Signature Algorithms/13) for 'client hello'
gnutls[4]: EXT[0x1773af0]: sent signature algo (4.1) RSA-SHA256
gnutls[4]: EXT[0x1773af0]: sent signature algo (8.9) RSA-PSS-SHA256
gnutls[4]: EXT[0x1773af0]: sent signature algo (8.4) RSA-PSS-RSAE-SHA256
gnutls[4]: EXT[0x1773af0]: sent signature algo (4.3) ECDSA-SHA256
gnutls[4]: EXT[0x1773af0]: sent signature algo (8.7) EdDSA-Ed25519
gnutls[4]: EXT[0x1773af0]: sent signature algo (5.1) RSA-SHA384
gnutls[4]: EXT[0x1773af0]: sent signature algo (8.10) RSA-PSS-SHA384
gnutls[4]: EXT[0x1773af0]: sent signature algo (8.5) RSA-PSS-RSAE-SHA384
gnutls[4]: EXT[0x1773af0]: sent signature algo (5.3) ECDSA-SHA384
gnutls[4]: EXT[0x1773af0]: sent signature algo (6.1) RSA-SHA512
gnutls[4]: EXT[0x1773af0]: sent signature algo (8.11) RSA-PSS-SHA512
gnutls[4]: EXT[0x1773af0]: sent signature algo (8.6) RSA-PSS-RSAE-SHA512
gnutls[4]: EXT[0x1773af0]: sent signature algo (6.3) ECDSA-SHA512
gnutls[4]: EXT[0x1773af0]: sent signature algo (2.1) RSA-SHA1
gnutls[4]: EXT[0x1773af0]: sent signature algo (2.3) ECDSA-SHA1
gnutls[4]: EXT[0x1773af0]: sent signature algo (2.2) DSA-SHA1
gnutls[4]: EXT[0x1773af0]: Sending extension Signature Algorithms/13 (34 bytes)
gnutls[4]: EXT[0x1773af0]: Preparing extension (SRTP/14) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Preparing extension (Heartbeat/15) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Preparing extension (ALPN/16) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Preparing extension (Encrypt-then-MAC/22) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Preparing extension (Extended Master Secret/23) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Preparing extension (Session Ticket/35) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Sending extension Session Ticket/35 (0 bytes)
gnutls[4]: EXT[0x1773af0]: Preparing extension (Key Share/51) for 'client hello'
gnutls[4]: EXT[0x1773af0]: sending key share for SECP256R1
gnutls[3]: ASSERT: mpi.c[wrap_nettle_mpi_print]:60
gnutls[3]: ASSERT: mpi.c[wrap_nettle_mpi_print]:60
gnutls[4]: EXT[0x1773af0]: sending key share for X25519
gnutls[4]: EXT[0x1773af0]: Sending extension Key Share/51 (107 bytes)
gnutls[4]: EXT[0x1773af0]: Preparing extension (Supported Versions/43) for 'client hello'
gnutls[2]: Advertizing version 3.4
gnutls[2]: Advertizing version 3.3
gnutls[2]: Advertizing version 3.2
gnutls[2]: Advertizing version 3.1
gnutls[4]: EXT[0x1773af0]: Sending extension Supported Versions/43 (9 bytes)
gnutls[4]: EXT[0x1773af0]: Preparing extension (Post Handshake Auth/49) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Preparing extension (Safe Renegotiation/65281) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Sending extension Safe Renegotiation/65281 (1 bytes)
gnutls[4]: EXT[0x1773af0]: Preparing extension (Server Name Indication/0) for 'client hello'
gnutls[2]: HSK[0x1773af0]: sent server name: 'tracker.debian.org'
gnutls[4]: EXT[0x1773af0]: Sending extension Server Name Indication/0 (23 bytes)
gnutls[4]: EXT[0x1773af0]: Preparing extension (Cookie/44) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Preparing extension (Early Data/42) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Preparing extension (PSK Key Exchange Modes/45) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Sending extension PSK Key Exchange Modes/45 (3 bytes)
gnutls[4]: EXT[0x1773af0]: Preparing extension (Record Size Limit/28) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Sending extension Record Size Limit/28 (2 bytes)
gnutls[4]: EXT[0x1773af0]: Preparing extension (ClientHello Padding/21) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Sending extension ClientHello Padding/21 (147 bytes)
gnutls[4]: EXT[0x1773af0]: Preparing extension (Pre Shared Key/41) for 'client hello'
gnutls[4]: HSK[0x1773af0]: CLIENT HELLO was queued [512 bytes]
gnutls[5]: REC[0x1773af0]: Preparing Packet Handshake(22) with length: 512 and min pad: 0
gnutls[5]: REC[0x1773af0]: Sent Packet[1] Handshake(22) in epoch 0 and length: 517
gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171
gnutls[5]: REC[0x1773af0]: SSL 3.3 Handshake packet received. Epoch 0, length: 69
gnutls[5]: REC[0x1773af0]: Expected Packet Handshake(22)
gnutls[5]: REC[0x1773af0]: Received Packet Handshake(22) with length: 69
gnutls[5]: REC[0x1773af0]: Decrypted Packet[0] Handshake(22) with length: 69
gnutls[4]: HSK[0x1773af0]: SERVER HELLO (2) was received. Length 65[65], frag offset 0, frag length: 65, sequence: 0
gnutls[3]: ASSERT: buffers.c[get_last_packet]:1162
gnutls[3]: ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1413
gnutls[4]: HSK[0x1773af0]: Server's version: 3.3
gnutls[4]: HSK[0x1773af0]: SessionID length: 0
gnutls[4]: HSK[0x1773af0]: SessionID: c0
gnutls[4]: HSK[0x1773af0]: Selected cipher suite: GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256
gnutls[4]: EXT[0x1773af0]: Parsing extension 'Server Name Indication/0' (0 bytes)
gnutls[4]: EXT[0x1773af0]: Parsing extension 'Safe Renegotiation/65281' (1 bytes)
gnutls[4]: EXT[0x1773af0]: Parsing extension 'Supported EC Point Formats/11' (4 bytes)
gnutls[4]: EXT[0x1773af0]: Parsing extension 'Session Ticket/35' (0 bytes)
gnutls[4]: EXT[0x1773af0]: Parsing extension 'OCSP Status Request/5' (0 bytes)
gnutls[4]: HSK[0x1773af0]: Safe renegotiation succeeded
gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171
gnutls[5]: REC[0x1773af0]: SSL 3.3 Handshake packet received. Epoch 0, length: 2998
gnutls[5]: REC[0x1773af0]: Expected Packet Handshake(22)
gnutls[5]: REC[0x1773af0]: Received Packet Handshake(22) with length: 2998
gnutls[5]: REC[0x1773af0]: Decrypted Packet[1] Handshake(22) with length: 2998
gnutls[4]: HSK[0x1773af0]: CERTIFICATE (11) was received. Length 2994[2994], frag offset 0, frag length: 2994, sequence: 0
gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171
gnutls[5]: REC[0x1773af0]: SSL 3.3 Handshake packet received. Epoch 0, length: 535
gnutls[5]: REC[0x1773af0]: Expected Packet Handshake(22)
gnutls[5]: REC[0x1773af0]: Received Packet Handshake(22) with length: 535
gnutls[5]: REC[0x1773af0]: Decrypted Packet[2] Handshake(22) with length: 535
gnutls[4]: HSK[0x1773af0]: CERTIFICATE STATUS (22) was received. Length 531[531], frag offset 0, frag length: 531, sequence: 0
gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171
gnutls[5]: REC[0x1773af0]: SSL 3.3 Handshake packet received. Epoch 0, length: 589
gnutls[5]: REC[0x1773af0]: Expected Packet Handshake(22)
gnutls[5]: REC[0x1773af0]: Received Packet Handshake(22) with length: 589
gnutls[5]: REC[0x1773af0]: Decrypted Packet[3] Handshake(22) with length: 589
gnutls[4]: HSK[0x1773af0]: SERVER KEY EXCHANGE (12) was received. Length 585[585], frag offset 0, frag length: 585, sequence: 0
gnutls[2]: received curve SECP256R1
gnutls[4]: HSK[0x1773af0]: Selected group SECP256R1 (2)
gnutls[4]: HSK[0x1773af0]: verify TLS 1.2 handshake data: using RSA-SHA512
gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171
gnutls[5]: REC[0x1773af0]: SSL 3.3 Handshake packet received. Epoch 0, length: 4
gnutls[5]: REC[0x1773af0]: Expected Packet Handshake(22)
gnutls[5]: REC[0x1773af0]: Received Packet Handshake(22) with length: 4
gnutls[5]: REC[0x1773af0]: Decrypted Packet[4] Handshake(22) with length: 4
gnutls[4]: HSK[0x1773af0]: SERVER HELLO DONE (14) was received. Length 0[0], frag offset 0, frag length: 0, sequence: 0
gnutls[3]: ASSERT: buffers.c[get_last_packet]:1162
gnutls[3]: ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1413
gnutls[3]: ASSERT: mpi.c[wrap_nettle_mpi_print]:60
gnutls[3]: ASSERT: mpi.c[wrap_nettle_mpi_print]:60
gnutls[4]: HSK[0x1773af0]: CLIENT KEY EXCHANGE was queued [70 bytes]
gnutls[4]: REC[0x1773af0]: Sent ChangeCipherSpec
gnutls[5]: REC[0x1773af0]: Initializing epoch #1
gnutls[5]: REC[0x1773af0]: Epoch #1 ready
gnutls[4]: HSK[0x1773af0]: Cipher Suite: GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256
gnutls[4]: HSK[0x1773af0]: Initializing internal [write] cipher sessions
gnutls[4]: HSK[0x1773af0]: recording tls-unique CB (send)
gnutls[4]: HSK[0x1773af0]: FINISHED was queued [16 bytes]
gnutls[5]: REC[0x1773af0]: Preparing Packet Handshake(22) with length: 70 and min pad: 0
gnutls[5]: REC[0x1773af0]: Sent Packet[2] Handshake(22) in epoch 0 and length: 75
gnutls[5]: REC[0x1773af0]: Preparing Packet ChangeCipherSpec(20) with length: 1 and min pad: 0
gnutls[5]: REC[0x1773af0]: Sent Packet[3] ChangeCipherSpec(20) in epoch 0 and length: 6
gnutls[5]: REC[0x1773af0]: Preparing Packet Handshake(22) with length: 16 and min pad: 0
gnutls[5]: REC[0x1773af0]: Sent Packet[1] Handshake(22) in epoch 1 and length: 45
gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171
gnutls[5]: REC[0x1773af0]: SSL 3.3 Handshake packet received. Epoch 0, length: 218
gnutls[5]: REC[0x1773af0]: Expected Packet Handshake(22)
gnutls[5]: REC[0x1773af0]: Received Packet Handshake(22) with length: 218
gnutls[5]: REC[0x1773af0]: Decrypted Packet[5] Handshake(22) with length: 218
gnutls[4]: HSK[0x1773af0]: NEW SESSION TICKET (4) was received. Length 214[214], frag offset 0, frag length: 214, sequence: 0
gnutls[4]: HSK[0x1773af0]: received session ticket
gnutls[5]: REC[0x1773af0]: SSL 3.3 ChangeCipherSpec packet received. Epoch 0, length: 1
gnutls[5]: REC[0x1773af0]: Expected Packet ChangeCipherSpec(20)
gnutls[5]: REC[0x1773af0]: Received Packet ChangeCipherSpec(20) with length: 1
gnutls[5]: REC[0x1773af0]: Decrypted Packet[6] ChangeCipherSpec(20) with length: 1
gnutls[4]: HSK[0x1773af0]: Cipher Suite: GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256
gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171
gnutls[5]: REC[0x1773af0]: SSL 3.3 Handshake packet received. Epoch 1, length: 40
gnutls[5]: REC[0x1773af0]: Expected Packet Handshake(22)
gnutls[5]: REC[0x1773af0]: Received Packet Handshake(22) with length: 40
gnutls[5]: REC[0x1773af0]: Decrypted Packet[0] Handshake(22) with length: 16
gnutls[4]: HSK[0x1773af0]: FINISHED (20) was received. Length 12[12], frag offset 0, frag length: 12, sequence: 0
gnutls[5]: REC[0x1773af0]: Start of epoch cleanup
gnutls[5]: REC[0x1773af0]: Epoch #0 freed
gnutls[5]: REC[0x1773af0]: End of epoch cleanup
gnutls[3]: ASSERT: verify.c[verify_crt]:663
gnutls[3]: ASSERT: verify.c[verify_crt]:815
gnutls[3]: ASSERT: verify.c[_gnutls_verify_crt_status]:985
gnutls[2]: issuer in verification was not found or insecure; trying against trust list
gnutls[3]: ASSERT: verify.c[verify_crt]:663
gnutls[3]: ASSERT: verify.c[verify_crt]:815
gnutls[3]: ASSERT: verify.c[_gnutls_verify_crt_status]:985
gnutls[3]: ASSERT: verify-high.c[gnutls_x509_trust_list_verify_crt2]:1374
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033
gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only
gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4585
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033
gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4598
gnutls[2]: crt_is_known: did not find any cert
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033
gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only
gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4585
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033
gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4598
gnutls[2]: crt_is_known: did not find any cert
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033
gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only
gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4585
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033
gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4598
gnutls[2]: crt_is_known: did not find any cert
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033
gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only
gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4585
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033
gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4598
gnutls[2]: crt_is_known: did not find any cert
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[2]: p11: No login requested.
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033
gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only
gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4585
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033
gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4598
gnutls[2]: crt_is_known: did not find any cert
gnutls[3]: ASSERT: name_constraints.c[gnutls_x509_crt_get_name_constraints]:470
gnutls[3]: ASSERT: name_constraints.c[gnutls_x509_crt_get_name_constraints]:470
gnutls[5]: REC[0x1773af0]: Preparing Packet Application Data(23) with length: 186 and min pad: 0
gnutls[5]: REC[0x1773af0]: Sent Packet[2] Application Data(23) in epoch 1 and length: 215
gnutls[5]: REC[0x1773af0]: SSL 3.3 Handshake packet received. Epoch 1, length: 28
gnutls[5]: REC[0x1773af0]: Expected Packet Application Data(23)
gnutls[5]: REC[0x1773af0]: Received Packet Handshake(22) with length: 28
gnutls[5]: REC[0x1773af0]: Decrypted Packet[1] Handshake(22) with length: 4
gnutls[3]: ASSERT: record.c[_gnutls_recv_in_buffers]:1481
gnutls[3]: ASSERT: record.c[_gnutls_recv_int]:1656
gnutls[5]: REC[0x1773af0]: Allocating epoch #2
gnutls[4]: HSK[0x1773af0]: Adv. version: 3.3
gnutls[2]: Keeping ciphersuite 13.02 (GNUTLS_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite 13.03 (GNUTLS_CHACHA20_POLY1305_SHA256)
gnutls[2]: Keeping ciphersuite 13.01 (GNUTLS_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite 13.04 (GNUTLS_AES_128_CCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.30 (GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite cc.a8 (GNUTLS_ECDHE_RSA_CHACHA20_POLY1305)
gnutls[2]: Keeping ciphersuite c0.14 (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite c0.2f (GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.13 (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1)
gnutls[2]: Keeping ciphersuite c0.2c (GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite cc.a9 (GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305)
gnutls[2]: Keeping ciphersuite c0.ad (GNUTLS_ECDHE_ECDSA_AES_256_CCM)
gnutls[2]: Keeping ciphersuite c0.0a (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite c0.2b (GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.ac (GNUTLS_ECDHE_ECDSA_AES_128_CCM)
gnutls[2]: Keeping ciphersuite c0.09 (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9d (GNUTLS_RSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite c0.9d (GNUTLS_RSA_AES_256_CCM)
gnutls[2]: Keeping ciphersuite 00.35 (GNUTLS_RSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9c (GNUTLS_RSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.9c (GNUTLS_RSA_AES_128_CCM)
gnutls[2]: Keeping ciphersuite 00.2f (GNUTLS_RSA_AES_128_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9f (GNUTLS_DHE_RSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite cc.aa (GNUTLS_DHE_RSA_CHACHA20_POLY1305)
gnutls[2]: Keeping ciphersuite c0.9f (GNUTLS_DHE_RSA_AES_256_CCM)
gnutls[2]: Keeping ciphersuite 00.39 (GNUTLS_DHE_RSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9e (GNUTLS_DHE_RSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.9e (GNUTLS_DHE_RSA_AES_128_CCM)
gnutls[2]: Keeping ciphersuite 00.33 (GNUTLS_DHE_RSA_AES_128_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.a3 (GNUTLS_DHE_DSS_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite 00.38 (GNUTLS_DHE_DSS_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.a2 (GNUTLS_DHE_DSS_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite 00.32 (GNUTLS_DHE_DSS_AES_128_CBC_SHA1)
gnutls[4]: EXT[0x1773af0]: Preparing extension (Maximum Record Size/1) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Preparing extension (OCSP Status Request/5) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Sending extension OCSP Status Request/5 (5 bytes)
gnutls[4]: EXT[0x1773af0]: Preparing extension (Client Certificate Type/19) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Preparing extension (Server Certificate Type/20) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Preparing extension (Supported Groups/10) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Sent group SECP256R1 (0x17)
gnutls[4]: EXT[0x1773af0]: Sent group SECP384R1 (0x18)
gnutls[4]: EXT[0x1773af0]: Sent group SECP521R1 (0x19)
gnutls[4]: EXT[0x1773af0]: Sent group X25519 (0x1d)
gnutls[4]: EXT[0x1773af0]: Sent group FFDHE2048 (0x100)
gnutls[4]: EXT[0x1773af0]: Sent group FFDHE3072 (0x101)
gnutls[4]: EXT[0x1773af0]: Sent group FFDHE4096 (0x102)
gnutls[4]: EXT[0x1773af0]: Sent group FFDHE6144 (0x103)
gnutls[4]: EXT[0x1773af0]: Sent group FFDHE8192 (0x104)
gnutls[4]: EXT[0x1773af0]: Sending extension Supported Groups/10 (20 bytes)
gnutls[4]: EXT[0x1773af0]: Preparing extension (Supported EC Point Formats/11) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Sending extension Supported EC Point Formats/11 (2 bytes)
gnutls[4]: EXT[0x1773af0]: Preparing extension (SRP/12) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Preparing extension (Signature Algorithms/13) for 'client hello'
gnutls[4]: EXT[0x1773af0]: sent signature algo (4.1) RSA-SHA256
gnutls[4]: EXT[0x1773af0]: sent signature algo (8.9) RSA-PSS-SHA256
gnutls[4]: EXT[0x1773af0]: sent signature algo (8.4) RSA-PSS-RSAE-SHA256
gnutls[4]: EXT[0x1773af0]: sent signature algo (4.3) ECDSA-SHA256
gnutls[4]: EXT[0x1773af0]: sent signature algo (8.7) EdDSA-Ed25519
gnutls[4]: EXT[0x1773af0]: sent signature algo (5.1) RSA-SHA384
gnutls[4]: EXT[0x1773af0]: sent signature algo (8.10) RSA-PSS-SHA384
gnutls[4]: EXT[0x1773af0]: sent signature algo (8.5) RSA-PSS-RSAE-SHA384
gnutls[4]: EXT[0x1773af0]: sent signature algo (5.3) ECDSA-SHA384
gnutls[4]: EXT[0x1773af0]: sent signature algo (6.1) RSA-SHA512
gnutls[4]: EXT[0x1773af0]: sent signature algo (8.11) RSA-PSS-SHA512
gnutls[4]: EXT[0x1773af0]: sent signature algo (8.6) RSA-PSS-RSAE-SHA512
gnutls[4]: EXT[0x1773af0]: sent signature algo (6.3) ECDSA-SHA512
gnutls[4]: EXT[0x1773af0]: sent signature algo (2.1) RSA-SHA1
gnutls[4]: EXT[0x1773af0]: sent signature algo (2.3) ECDSA-SHA1
gnutls[4]: EXT[0x1773af0]: sent signature algo (2.2) DSA-SHA1
gnutls[4]: EXT[0x1773af0]: Sending extension Signature Algorithms/13 (34 bytes)
gnutls[4]: EXT[0x1773af0]: Preparing extension (SRTP/14) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Preparing extension (Heartbeat/15) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Preparing extension (ALPN/16) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Preparing extension (Encrypt-then-MAC/22) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Preparing extension (Extended Master Secret/23) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Preparing extension (Session Ticket/35) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Sending extension Session Ticket/35 (208 bytes)
gnutls[4]: EXT[0x1773af0]: Preparing extension (Key Share/51) for 'client hello'
gnutls[4]: EXT[0x1773af0]: sending key share for SECP256R1
gnutls[3]: ASSERT: mpi.c[wrap_nettle_mpi_print]:60
gnutls[3]: ASSERT: mpi.c[wrap_nettle_mpi_print]:60
gnutls[4]: EXT[0x1773af0]: sending key share for X25519
gnutls[4]: EXT[0x1773af0]: Sending extension Key Share/51 (107 bytes)
gnutls[4]: EXT[0x1773af0]: Preparing extension (Supported Versions/43) for 'client hello'
gnutls[2]: Advertizing version 3.4
gnutls[2]: Advertizing version 3.3
gnutls[2]: Advertizing version 3.2
gnutls[2]: Advertizing version 3.1
gnutls[4]: EXT[0x1773af0]: Sending extension Supported Versions/43 (9 bytes)
gnutls[4]: EXT[0x1773af0]: Preparing extension (Post Handshake Auth/49) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Preparing extension (Safe Renegotiation/65281) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Sending extension Safe Renegotiation/65281 (13 bytes)
gnutls[4]: EXT[0x1773af0]: Preparing extension (Server Name Indication/0) for 'client hello'
gnutls[2]: HSK[0x1773af0]: sent server name: 'tracker.debian.org'
gnutls[4]: EXT[0x1773af0]: Sending extension Server Name Indication/0 (23 bytes)
gnutls[4]: EXT[0x1773af0]: Preparing extension (Cookie/44) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Preparing extension (Early Data/42) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Preparing extension (PSK Key Exchange Modes/45) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Sending extension PSK Key Exchange Modes/45 (3 bytes)
gnutls[4]: EXT[0x1773af0]: Preparing extension (Record Size Limit/28) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Sending extension Record Size Limit/28 (2 bytes)
gnutls[4]: EXT[0x1773af0]: Preparing extension (ClientHello Padding/21) for 'client hello'
gnutls[4]: EXT[0x1773af0]: Preparing extension (Pre Shared Key/41) for 'client hello'
gnutls[4]: HSK[0x1773af0]: CLIENT HELLO was queued [613 bytes]
gnutls[5]: REC[0x1773af0]: Preparing Packet Handshake(22) with length: 613 and min pad: 0
gnutls[5]: REC[0x1773af0]: Sent Packet[3] Handshake(22) in epoch 1 and length: 642
gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171
gnutls[5]: REC[0x1773af0]: SSL 3.3 Handshake packet received. Epoch 1, length: 117
gnutls[5]: REC[0x1773af0]: Expected Packet Handshake(22)
gnutls[5]: REC[0x1773af0]: Received Packet Handshake(22) with length: 117
gnutls[5]: REC[0x1773af0]: Decrypted Packet[2] Handshake(22) with length: 93
gnutls[4]: HSK[0x1773af0]: SERVER HELLO (2) was received. Length 89[89], frag offset 0, frag length: 89, sequence: 0
gnutls[3]: ASSERT: buffers.c[get_last_packet]:1162
gnutls[3]: ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1413
gnutls[4]: HSK[0x1773af0]: Server's version: 3.3
gnutls[4]: HSK[0x1773af0]: SessionID length: 0
gnutls[4]: HSK[0x1773af0]: SessionID: c0
gnutls[4]: HSK[0x1773af0]: Selected cipher suite: GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256
gnutls[4]: EXT[0x1773af0]: Parsing extension 'Server Name Indication/0' (0 bytes)
gnutls[4]: EXT[0x1773af0]: Parsing extension 'Safe Renegotiation/65281' (25 bytes)
gnutls[4]: EXT[0x1773af0]: Parsing extension 'Supported EC Point Formats/11' (4 bytes)
gnutls[4]: EXT[0x1773af0]: Parsing extension 'Session Ticket/35' (0 bytes)
gnutls[4]: EXT[0x1773af0]: Parsing extension 'OCSP Status Request/5' (0 bytes)
gnutls[4]: HSK[0x1773af0]: Safe renegotiation succeeded
gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171
gnutls[5]: REC[0x1773af0]: SSL 3.3 Handshake packet received. Epoch 1, length: 3022
gnutls[5]: REC[0x1773af0]: Expected Packet Handshake(22)
gnutls[5]: REC[0x1773af0]: Received Packet Handshake(22) with length: 3022
gnutls[5]: REC[0x1773af0]: Decrypted Packet[3] Handshake(22) with length: 2998
gnutls[4]: HSK[0x1773af0]: CERTIFICATE (11) was received. Length 2994[2994], frag offset 0, frag length: 2994, sequence: 0
gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171
gnutls[5]: REC[0x1773af0]: SSL 3.3 Handshake packet received. Epoch 1, length: 559
gnutls[5]: REC[0x1773af0]: Expected Packet Handshake(22)
gnutls[5]: REC[0x1773af0]: Received Packet Handshake(22) with length: 559
gnutls[5]: REC[0x1773af0]: Decrypted Packet[4] Handshake(22) with length: 535
gnutls[4]: HSK[0x1773af0]: CERTIFICATE STATUS (22) was received. Length 531[531], frag offset 0, frag length: 531, sequence: 0
gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171
gnutls[5]: REC[0x1773af0]: SSL 3.3 Handshake packet received. Epoch 1, length: 613
gnutls[5]: REC[0x1773af0]: Expected Packet Handshake(22)
gnutls[5]: REC[0x1773af0]: Received Packet Handshake(22) with length: 613
gnutls[5]: REC[0x1773af0]: Decrypted Packet[5] Handshake(22) with length: 589
gnutls[4]: HSK[0x1773af0]: SERVER KEY EXCHANGE (12) was received. Length 585[585], frag offset 0, frag length: 585, sequence: 0
gnutls[2]: received curve SECP256R1
gnutls[4]: HSK[0x1773af0]: Selected group SECP256R1 (2)
gnutls[4]: HSK[0x1773af0]: verify TLS 1.2 handshake data: using RSA-SHA512
gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171
gnutls[5]: REC[0x1773af0]: SSL 3.3 Handshake packet received. Epoch 1, length: 142
gnutls[5]: REC[0x1773af0]: Expected Packet Handshake(22)
gnutls[5]: REC[0x1773af0]: Received Packet Handshake(22) with length: 142
gnutls[5]: REC[0x1773af0]: Decrypted Packet[6] Handshake(22) with length: 118
gnutls[4]: HSK[0x1773af0]: CERTIFICATE REQUEST (13) was received. Length 110[114], frag offset 0, frag length: 110, sequence: 0
gnutls[4]: EXT[0x1773af0]: rcvd signature algo (6.1) RSA-SHA512
gnutls[4]: EXT[0x1773af0]: rcvd signature algo (6.2) (null)
gnutls[4]: EXT[0x1773af0]: rcvd signature algo (6.3) ECDSA-SHA512
gnutls[4]: EXT[0x1773af0]: rcvd signature algo (5.1) RSA-SHA384
gnutls[4]: EXT[0x1773af0]: rcvd signature algo (5.2) (null)
gnutls[4]: EXT[0x1773af0]: rcvd signature algo (5.3) ECDSA-SHA384
gnutls[4]: EXT[0x1773af0]: rcvd signature algo (4.1) RSA-SHA256
gnutls[4]: EXT[0x1773af0]: rcvd signature algo (4.2) (null)
gnutls[4]: EXT[0x1773af0]: rcvd signature algo (4.3) ECDSA-SHA256
gnutls[4]: EXT[0x1773af0]: rcvd signature algo (3.1) (null)
gnutls[4]: EXT[0x1773af0]: rcvd signature algo (3.2) (null)
gnutls[4]: EXT[0x1773af0]: rcvd signature algo (3.3) (null)
gnutls[4]: EXT[0x1773af0]: rcvd signature algo (2.1) RSA-SHA1
gnutls[4]: EXT[0x1773af0]: rcvd signature algo (2.2) DSA-SHA1
gnutls[4]: EXT[0x1773af0]: rcvd signature algo (2.3) ECDSA-SHA1
gnutls[3]: Peer requested CA: O=Debian SSO client certificate,CN=SSO CA 2015-08-21
gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171
gnutls[4]: HSK[0x1773af0]: SERVER HELLO DONE (14) was received. Length 0[0], frag offset 0, frag length: 0, sequence: 0
gnutls[3]: ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1431
gnutls[4]: HSK[0x1773af0]: CERTIFICATE was queued [7 bytes]
gnutls[3]: ASSERT: mpi.c[wrap_nettle_mpi_print]:60
gnutls[3]: ASSERT: mpi.c[wrap_nettle_mpi_print]:60
gnutls[4]: HSK[0x1773af0]: CLIENT KEY EXCHANGE was queued [70 bytes]
gnutls[4]: REC[0x1773af0]: Sent ChangeCipherSpec
gnutls[5]: REC[0x1773af0]: Initializing epoch #2
gnutls[5]: REC[0x1773af0]: Epoch #2 ready
gnutls[4]: HSK[0x1773af0]: Cipher Suite: GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256
gnutls[4]: HSK[0x1773af0]: Initializing internal [write] cipher sessions
gnutls[4]: HSK[0x1773af0]: recording tls-unique CB (send)
gnutls[4]: HSK[0x1773af0]: FINISHED was queued [16 bytes]
gnutls[5]: REC[0x1773af0]: Preparing Packet Handshake(22) with length: 7 and min pad: 0
gnutls[5]: REC[0x1773af0]: Sent Packet[4] Handshake(22) in epoch 1 and length: 36
gnutls[5]: REC[0x1773af0]: Preparing Packet Handshake(22) with length: 70 and min pad: 0
gnutls[5]: REC[0x1773af0]: Sent Packet[5] Handshake(22) in epoch 1 and length: 99
gnutls[5]: REC[0x1773af0]: Preparing Packet ChangeCipherSpec(20) with length: 1 and min pad: 0
gnutls[5]: REC[0x1773af0]: Sent Packet[6] ChangeCipherSpec(20) in epoch 1 and length: 30
gnutls[5]: REC[0x1773af0]: Preparing Packet Handshake(22) with length: 16 and min pad: 0
gnutls[5]: REC[0x1773af0]: Sent Packet[1] Handshake(22) in epoch 2 and length: 45
gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171
gnutls[5]: REC[0x1773af0]: SSL 3.3 Handshake packet received. Epoch 1, length: 226
gnutls[5]: REC[0x1773af0]: Expected Packet Handshake(22)
gnutls[5]: REC[0x1773af0]: Received Packet Handshake(22) with length: 226
gnutls[5]: REC[0x1773af0]: Decrypted Packet[7] Handshake(22) with length: 202
gnutls[4]: HSK[0x1773af0]: NEW SESSION TICKET (4) was received. Length 198[198], frag offset 0, frag length: 198, sequence: 0
gnutls[4]: HSK[0x1773af0]: received session ticket
gnutls[5]: REC[0x1773af0]: SSL 3.3 ChangeCipherSpec packet received. Epoch 1, length: 25
gnutls[5]: REC[0x1773af0]: Expected Packet ChangeCipherSpec(20)
gnutls[5]: REC[0x1773af0]: Received Packet ChangeCipherSpec(20) with length: 25
gnutls[5]: REC[0x1773af0]: Decrypted Packet[8] ChangeCipherSpec(20) with length: 1
gnutls[4]: HSK[0x1773af0]: Cipher Suite: GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256
gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171
gnutls[5]: REC[0x1773af0]: SSL 3.3 Handshake packet received. Epoch 2, length: 40
gnutls[5]: REC[0x1773af0]: Expected Packet Handshake(22)
gnutls[5]: REC[0x1773af0]: Received Packet Handshake(22) with length: 40
gnutls[5]: REC[0x1773af0]: Decrypted Packet[0] Handshake(22) with length: 16
gnutls[4]: HSK[0x1773af0]: FINISHED (20) was received. Length 12[12], frag offset 0, frag length: 12, sequence: 0
gnutls[5]: REC[0x1773af0]: Start of epoch cleanup
gnutls[5]: REC[0x1773af0]: Epoch #1 freed
gnutls[5]: REC[0x1773af0]: End of epoch cleanup
gnutls[3]: ASSERT: verify.c[verify_crt]:663
gnutls[3]: ASSERT: verify.c[verify_crt]:815
gnutls[3]: ASSERT: verify.c[_gnutls_verify_crt_status]:985
gnutls[2]: issuer in verification was not found or insecure; trying against trust list
gnutls[3]: ASSERT: verify.c[verify_crt]:663
gnutls[3]: ASSERT: verify.c[verify_crt]:815
gnutls[3]: ASSERT: verify.c[_gnutls_verify_crt_status]:985
gnutls[3]: ASSERT: verify-high.c[gnutls_x509_trust_list_verify_crt2]:1374
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033
gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only
gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4585
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033
gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4598
gnutls[2]: crt_is_known: did not find any cert
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033
gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only
gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4585
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033
gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4598
gnutls[2]: crt_is_known: did not find any cert
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033
gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only
gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4585
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033
gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4598
gnutls[2]: crt_is_known: did not find any cert
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033
gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only
gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4585
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033
gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4598
gnutls[2]: crt_is_known: did not find any cert
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[2]: p11: No login requested.
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033
gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only
gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4585
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[2]: p11: No login requested.
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4208
gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:4033
gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4598
gnutls[2]: crt_is_known: did not find any cert
gnutls[3]: ASSERT: name_constraints.c[gnutls_x509_crt_get_name_constraints]:470
gnutls[3]: ASSERT: name_constraints.c[gnutls_x509_crt_get_name_constraints]:470
gnutls[5]: REC[0x1773af0]: SSL 3.3 Application Data packet received. Epoch 2, length: 741
...........

Comment 34 Nikos Mavrogiannopoulos 2018-10-18 09:32:42 UTC
*** Bug 1640062 has been marked as a duplicate of this bug. ***

Comment 35 Fedora Update System 2018-10-18 12:27:47 UTC
gnutls-3.6.4-3.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-4a56319e68

Comment 36 Fedora Update System 2018-10-18 15:32:17 UTC
gnutls-3.6.4-3.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-4a56319e68

Comment 37 Michael Catanzaro 2018-10-19 01:23:14 UTC
Thanks a bunch, Nikos!

I'll also push my change to only set the priority once (before the first handshake, instead of before every handshake).

Comment 38 Fedora Update System 2018-10-19 15:29:04 UTC
asterisk-16.0.0-1.fc29 getdns-1.4.2-4.fc29 gnutls-3.6.4-4.fc29 libreswan-3.27-1.fc29 netresolve-0.0.1-0.22.20160317git.fc29 unbound-1.8.1-1.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-7be27ff1d8

Comment 39 Fedora Update System 2018-10-20 19:21:12 UTC
asterisk-16.0.0-1.fc29, getdns-1.4.2-4.fc29, gnutls-3.6.4-4.fc29, libreswan-3.27-1.fc29, netresolve-0.0.1-0.22.20160317git.fc29, unbound-1.8.1-1.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-7be27ff1d8

Comment 40 Fedora Update System 2018-11-03 00:00:40 UTC
asterisk-16.0.0-1.fc29, getdns-1.4.2-4.fc29, gnutls-3.6.4-4.fc29, libreswan-3.27-1.fc29, netresolve-0.0.1-0.22.20160317git.fc29, unbound-1.8.1-1.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.