Hi, I get this: $ wget https://sede.dgt.gob.es/sede/faces/paginas/testra/testraIframe.xhtml?pagina=consulta.html --2013-05-23 19:02:18-- https://sede.dgt.gob.es/sede/faces/paginas/testra/testraIframe.xhtml?pagina=consulta.html Resolving sede.dgt.gob.es (sede.dgt.gob.es)... 213.4.59.219 Connecting to sede.dgt.gob.es (sede.dgt.gob.es)|213.4.59.219|:443... connected. [1157675.268577] wget[14792]: segfault at 1013c4ad4 ip 00007f0ece581fee sp 00007fff855b2670 error 4 in libgnutls.so.26.22.4[7f0ece564000+b9000] Segmentation fault
That clearly looks like a real bug somewhere, and still open against libgnutls26. Kurt On Thu, May 23, 2013 at 08:25:10AM +0100, Caronte Estigia wrote: > Good Morning Kurt, > > just one question. I think Alessandro reasigned the bug to both libssl and > libgnutls. Am I correct? > > Question is because specifying the protocol solves the problem with libssl, > not with libgnutls. When I test wget with --secure-protocol it works fine > when compiled with libssl but it keeps failing with libgnutls. > > Could you please confirm the fact that the case is still open in libgnutls or > should I file a new bug? > > Best regards. > Francisco. > > > ________________________________ > De: Debian Bug Tracking System <ow...@bugs.debian.org> > Para: rodrifra <sable_la...@yahoo.es> > Enviado: Miércoles 22 de Mayo de 2013 18:21 > Asunto: Bug#709292 closed by Kurt Roeckx <k...@roeckx.be> (Re: Bug#709292: > curl: Connection to https server produces SSL error.) > > > This is an automatic notification regarding your Bug report > which was filed against the libssl1.0.0 package: > > #709292: libssl1.0.0: "decryption failed or bad record mac" during handshake > > It has been closed by Kurt Roeckx <k...@roeckx.be>. > > Their explanation is attached below along with your original report. > If this explanation is unsatisfactory and you have not received a > better one in a separate message then please contact Kurt Roeckx > <k...@roeckx.be> by > replying to this email. > > > -- > 709292: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709292 > Debian Bug Tracking System > Contact ow...@bugs.debian.org with problems > On Wed, May 22, 2013 at 02:32:29PM +0200, Alessandro Ghedini wrote: > > reassign 709292 libssl1.0.0 > > retitle 709292 libssl1.0.0: "decryption failed or bad record mac" during > > handshake > > clone 709292 -1 > > reassign -1 libgnutls26 > > retitle -1 libgnutls26: segfaults during handshake > > severity -1 important > > affects -1 wget > > kthxbye > > > > On Wed, May 22, 2013 at 01:37:35PM +0200, rodrifra wrote: > > > Package: curl > > > Version: 7.26.0-1+wheezy2 > > > Severity: normal > > > > > > Dear Maintainer, > > > > > > Executing the following: > > > curl -o pruebacurl.html > > > https://sede.dgt.gob.es/sede/faces/paginas/testra/testraIframe.xhtml?pagina=consulta.html > > > Produced the next error: > > > error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad > > > record mac > > > > > > Forcing SSLv3 solves the problem: > > > curl -3 -o pruebacurl.html > > > https://sede.dgt.gob.es/sede/faces/paginas/testra/testraIframe.xhtml?pagina=consulta.html > > > > If there's any bug, it's probably in the server's SSL implementation, since > > it > > can't do a proper TLS handshake, in any case it's not curl's fault. I'm > > reassigning this to openssl (which is what curl uses) to make sure there's > > nothing wrong with it. > > Yes, this is the server's problems, nothing you can do about it > other than downgrading to a lower TLS version. TLS 1.0 > should work in most cases. About 1% of the servers are known to > have this problem. > > The problem is that we announce that we support TLS 1.2 to the server, > and the server should reply that it only supports 1.0, but just > closes the connection or does something else weird. This is why > you also see this with gnutls. > > There is nothing we can do in openssl or gnutls about this. What > could be done is that something like curl or wget tries to connect > again with a lower TLS version. But if you automate this, you > also need to think about version downgrade attacks. > > Since we can't actually fix anything, and curl and wget have > options to use a lower protocol version, I'm just going to > close this bug. > > > KurtPackage: curl > Version: 7.26.0-1+wheezy2 > Severity: normal > > Dear Maintainer, > > Executing the following: > curl -o pruebacurl.html > https://sede.dgt.gob.es/sede/faces/paginas/testra/testraIframe.xhtml?pagina=consulta.html > Produced the next error: > error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad > record mac > > Forcing SSLv3 solves the problem: > curl -3 -o pruebacurl.html > https://sede.dgt.gob.es/sede/faces/paginas/testra/testraIframe.xhtml?pagina=consulta.html > > wget has same problem in latest stable version, but oldstable works fine. > > > -- System Information: > Debian Release: 7.0 > APT prefers stable-updates > APT policy: (500, 'stable-updates'), (500, 'stable') > Architecture: amd64 (x86_64) > > Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core) > Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/bash > > Versions of packages curl depends on: > ii libc6 2.13-38 > ii libcurl3 7.26.0-1+wheezy2 > ii zlib1g 1:1.2.7.dfsg-13 > > curl recommends no packages. > > curl suggests no packages. > > -- no debconf information > _______________________________________________ > Pkg-openssl-devel mailing list > pkg-openssl-de...@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-openssl-devel -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org