On 2014-07-03 Atsuhito Kohda <ko...@pm.tokushima-u.ac.jp> wrote: [...] > Okay, I'm building the package now.
Thanks for the quick upload. > But then I'm afraid libgnutls-dev should depends on > libgnutls28-dev. > I believe dependency on libgnutls-dev is much reasonable > than dependency on libgnutls28-dev. Yes, the current state is a little bit ugly, but could not be helped, due incompatiblities. > And I find that the new package seems to fix also #752610. > Is this correct? It might make reproducing the bug against the test-site irreproducible but there is a real bug in lynx that needs fixing. lynx does not do certification verification properly as it only fails if GNUTLS_CERT_SIGNER_NOT_FOUND is set. Compare what lynx does ... ----------------- ret = gnutls_certificate_verify_peers2(handle->gnutls_state, &tls_status); if (ret < 0 || (ret == 0 && tls_status & GNUTLS_CERT_SIGNER_NOT_FOUND)) { /* more checks to be done } / * otherwise we think we succeeded */ ----------------- with ex-rfc2818.c ----------------- ret = gnutls_certificate_verify_peers2 (session, &status); if (ret < 0) { printf ("Error\n"); return GNUTLS_E_CERTIFICATE_ERROR; } if (status & GNUTLS_CERT_INVALID) printf ("The certificate is not trusted.\n"); if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) printf ("The certificate hasn't got a known issuer.\n"); /* do the same for other gnutls errors */ ----------------- with gnutls >= 3.1.3 this can be simplified, using gnutls_certificate_verification_status_print(). cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org