After upgrading to gnutls-2.8.1 jabberd server stopped accepting TLS connectins, while plaintext connections still work OK. According to my (minor) investigation, connection drops right after TLS handshake request from client. I'm not sure which side terminates connection though. Reproducible: Always Steps to Reproduce: 1. Merge jabberd-1.6.1 with gnutls-2.8.1 and configure it to accept tls connections. 2. Try connecting with TLS enabled using any major jabber client (gajim, psi, pidgin to name a few) Actual Results: Connection drops right after client requests TLS handshake. PSI retries ad infinum wih same results, gajim reports tls error. Expected Results: Obviously, connection sholud be established, which is the case with gnutls-2.6.6 actually. It seems somehow related to bug #273756 I'm sorry for the lack of actual data on the bug, but I'm preoccuped atm, and there's not much time I can spend on the issue. I suppose gnutls just broke api and we'll need patch on jabberd for it to work
Could you please provide some errormessage in case you find any concerning this problme? Posting your "emerge --info" might be helpful, too.
I would suppose there's not much help in logs I could acquire. Here tey go anyways. Tue Jun 23 03:07:09 2009 mio_tls.cc:1270 Establishing TLS layer for incoming connection (we=(null), peer=/client ip/, identity=/servername/) Tue Jun 23 03:07:09 2009 mio_tls.cc:1278 Created new session 9D20E40 Tue Jun 23 03:07:09 2009 mio_tls.cc:1392 TLS layer needs to read data to complete handshake (mio 9D43F30, fd #16) Tue Jun 23 03:07:09 2009 mio_tls.cc:1179 TLS layer needs to write data to complete handshake (fd #16) Tue Jun 23 03:07:09 2009 mio_tls.cc:1184 TLS handshake failed for fd #16: GnuTLS internal error. Tue Jun 23 03:07:09 2009 mio_tls.cc:1050 GNU TLS session cleanup for 9D20E40 If you need more detailed log, which would include not only mio_tls, but mio output as well, I could provide that on request. Nothing interesting there I see though. Also, connection drops right after client and server exchange the following XML messages: client: <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/> server: <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/> And finally, emerge --info Portage 2.1.6.13 (default/linux/x86/2008.0, gcc-4.3.3, glibc-2.10.1-r0, 2.6.30-gentoo-r1 i686) ================================================================= System uname: Linux-2.6.30-gentoo-r1-i686-Intel-R-_Pentium-R-_Dual_CPU_E2160_@_1.80GHz-with-gentoo-2.0.1 Timestamp of tree: Mon, 22 Jun 2009 22:45:01 +0000 app-shells/bash: 4.0_p24 dev-lang/python: 2.6.2-r1 sys-apps/baselayout: 2.0.1 sys-apps/openrc: 0.4.3-r3 sys-apps/sandbox: 2.0 sys-devel/autoconf: 2.13, 2.63-r1 sys-devel/automake: 1.5, 1.9.6-r2, 1.10.2, 1.11 sys-devel/binutils: 2.19.1-r1 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6a virtual/os-headers: 2.6.29 ACCEPT_KEYWORDS="x86 ~x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=prescott -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /var/bind" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-O2 -march=prescott -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://mirror.yandex.ru/gentoo-distfiles/ " LC_ALL="ru_RU.UTF-8" LDFLAGS="-Wl,-O1" LINGUAS="ru" MAKEOPTS="-j5" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="acl alsa bash-completion berkdb bzip2 cli cracklib crypt cups dbus doc dri fortran gdbm gpm hal iconv ipv6 isdnlog midi mmx mudflap mysql ncurses nls nptl nptlonly openmp pam pcre perl pppd python qt4 readline reflection session spl sse sse2 ssl ssse3 sysfs tcpd threads unicode x86 xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="ru" USERLAND="GNU" VIDEO_CARDS="fbdev glint i810 intel mach64 mga neomagic nv r128 radeon savage sis tdfx trident vesa vga via vmware voodoo" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY and USEflags: net-libs/gnutls-2.8.1 USE="cxx doc lzo nls zlib -bindist -examples -guile" net-im/jabberd-1.6.1.1-r1 USE="ipv6 mysql -postgres" I should note though, that lzo flag has no impact on the issue, as does not ipv6.
Can you reproduce this bug with net-libs/gnutls-2.8.2?
Using gnutls-2.8.2 fixes the problem. I'm not sure which resolution should it be, FIXED or UPSTREAM, however :) Setting resolution to FIXED, correct me if I'm wrong.