Description of problem: gnutls-2.10.1-1.fc15 breaks the previously working xmpp connection with empathy. Somwhere in the empathy logs is this part of a connection error message: TLS handshake error: -59: GNUTLS_E_INTERNAL_ERROR Its a little hard for me to track whether this is an gnutls on empathy/telepathy issue. So I apologize if this is the wrong place for this.
Telepathy upstream indicate that this is gnutls's fault and that the following git commits should be backported: 98e0e3c400366ad8b4ba835b48f89e4e45c06acd 2a539ad961affeffee32cb6148f421c8e66ab693 18cff36027f8fc0f71a31b3b12dc989e0674a744
Are all of these commits really required? For example the third one is needed only on gnutls-2.11.x development and the first one also depends on some changes that are on the 2.11.x branch.
As I understand it, those three commits were all needed to fix this problem in 2.11. The necessary changes for 2.10 are likely to be different, but we won't know for sure until someone with enough gnutls knowledge backports them.
Please test the gnutls-2.10.1-2.fc15 in rawhide. It contains the 2a539ad961affeffee32cb6148f421c8e66ab693 backported patch.
Just installed gnutls-2.10.1-2.fc15 on an updated F14 and I'm getting the same error in the Gabble logs: TLS handshake error: -59: GNUTLS_E_INTERNAL_ERROR
gnutls-2.10.1-2.fc15.x86_64 didn't help empathy here either
That's bad because the remaining patches mentioned above are not really applicable to the 2.10.x branch. So the cause of the error on the 2.10.x branch must be something else. I will need a concrete reproducer to be able to investigate the problem further.
The NEEDINFO is addressed to me but can't give you any more info than what's already in the report. I have no idea about the telepathy internals.
I don't use Fedora myself, so I can't help with Fedora-specifics, but we (the Telepathy developers) have also seen this with the gnutls 2.10.1 in Debian experimental. Thank you for looking into this; we were hoping gnutls upstream would backport this to the 2.10 branch, but apparently not... A relatively self-contained test case, using Wocky, our XMPP library: - compile Wocky from git://git.collabora.co.uk/git/wocky.git - run: ./examples/wocky-connect USER@DOMAIN PASSWORD connector where USER@DOMAIN is a test account on an XMPP server that has TLS (e.g. any gmail.com or googlemail.com address will do) and PASSWORD is its password. A failing test looks like this: ** (process:32303): WARNING **: wocky-connector-error: 7: TLS handshake error: -59: GNUTLS_E_INTERNAL_ERROR A successful test looks like this: connected (smcv.co.uk/Wocky_6b8b4567) [4167139417]! On success, press Ctrl+C to exit. I've just confirmed that in Debian, gnutls 2.10.1 from experimental fails, and 2.8.6 from unstable succeeds. Steps to reproduce this in the real world (harder to debug but more realistic): - Have Empathy and telepathy-gabble >= 0.9 - Add an account on any XMPP server that offers TLS - Try to go online - Gabble should automatically try to use TLS whenever available, but you can force it with Advanced -> Encryption required in the Accounts window On failure, the debug log (<http://telepathy.freedesktop.org/wiki/Debugging>) should tell you: connector_error_disconnect: connection failed: WOCKY_CONNECTOR_ERROR_TLS_SESSION_FAILED (#7): TLS handshake error: -59: GNUTLS_E_INTERNAL_ERROR
Created attachment 449256 [details] patch for gnutls 2.10.x This makes wocky (and ∴ gabble) happy with gnutls 2.10.x again.
The fdo bug is here: https://bugs.freedesktop.org/show_bug.cgi?id=29364
Yup, gnutls-2.10.1-3.fc15.x86_64 works for me too. Thanks