C. Dominik Bódi <dominik.b...@gmx.de> writes:
> mandos-client stopped working after having updated to mandos-client
> 1.6.9-1.
>
> Running the client as described in READE.Debian.gz, with --debug
> enabled shows that the client actually seems to communicate with the
> server, but then shows the following debug messages:
>
> Mandos plugin mandos-client: Check current_server if we should run it, or wait
> Mandos plugin mandos-client: Blocking for 10000 ms
>
> It then waits for 10 seconds, talks with the server again, shows the
> same "waiting" message again and thus loops around forever.
>
> The mandos-monitor on the server never says that the client "received
> its secret", though. The server runs 1.6.9-1 , as well.
I think I know what the problem is. The server and client do not run
the same release of Debian, right? Does the mandos-client --debug
output include this?
Mandos plugin mandos-client: *** GnuTLS Handshake failed ***
GnuTLS error: An unknown public key algorithm was encountered.
As we wrote in the release announcement for Mandos 1.6.9[1], Debian is
transitioning from one major version of GnuTLS to a newer one[2][3], and
the GnuTLS versions are *not* compatible when used in the way Mandos
uses them. Therefore, Mandos running on Debian jessie/unstable/sid
*cannot* give or receive passwords to or from Debian wheezy/stable, even
if the Mandos is backported to be the same version. Unfortunately, we
cannot do anything about this. The way we heard it, this is essentially
an unavoidable incompatible change in GnuTLS, and we'll all just have to
hold our breaths until we emerge on the other side of the transition.
If this is *not* the problem, please give some more details.
Specifically, you could run "mandos-monitor" on the server and see if
any log messages show up when the client connects.
1) http://mail.recompile.se/pipermail/mandos-dev/2014-October/000305.html
2) https://release.debian.org/transitions/html/gnutls28.html
3) https://wiki.debian.org/gnutls3
/Teddy Hogeborn
--
The Mandos Project
http://www.recompile.se/mandos
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
