2016-08-25 13:25 GMT-04:00 Andreas Metzler <ametz...@bebt.de>: > On 2016-08-24 "marcelomen...@gmail.com" <marcelomen...@gmail.com> wrote: >> Package: libgnutls30 >> Version: 3.5.3-2 >> Severity: important >> Tags: upstream > >> Dear Maintainer, > >> Trying to git clone a github repo using libgnutls30 3.5.3-2 throw the >> following error: > >> fatal: unable to access 'https://github.com/xxx/yyy/': gnutls_handshake() >> failed: Public key signature verification has failed. > >> Same happens for curl: > >> curl https://duckduckgo.com >> curl: (35) gnutls_handshake() failed: Public key signature verification has >> failed. > > Hello, > Are you able to reproduce either of these errors with gnutls-cli?
First, let me say I'm behind a proxy server. Both versions of gnutls-bin (3.5.3-3 and the old 3.5.2-3) have the same behavior: gnutls-cli -V --port 443 duckduckgo.com Processed 173 CA certificate(s). Resolving 'duckduckgo.com:443'... Connecting to '107.21.1.61:443'... Connecting to '184.72.106.52:443'... Connecting to '184.72.115.86:443'... and stay there for some quit some time until I ctrl+c But, with the old version of libgnutls30 (3.5.2-3) got from here: http://snapshot.debian.org/package/gnutls28/3.5.2-3/#libgnutls30_3.5.2-3 commands like git clone/pull works and curl -I https://... works too. I tried from my vps and this issue doesn't happen with either version, thats a weird thing :) Out of curiosity, the commands worked from inside a ubuntu-xenial vagrant box (virtualbox vms) with older versions of libgnutls30 (3.4.x) >> Downgrading to libgnutls30 3.5.2-2 solves the issue > >> PS.: For some reason I can't find this version on the debian repository >> anymore, but I did on another machine previously and it worked as stated >> above: > > The Debian mirrors only carry packages which are part of release > (stable, unstable, testing, etc.). 3.5.2-2 is not. Old versions can be > found on http://snapshot.debian.org/ > > cu Andreas > -- > `What a good friend you are to him, Dr. Maturin. His other friends are > so grateful to you.' > `I sew his ears on from time to time, sure' -- "Free Software is not the only way, but it's a correct way." Marcelo Mendes http://underlabs.org mmendes @ IRC [OFTC-Freenode] Gtalk: marcelomendes at gmail dot com