net-analyzer/openvas locks net-libs/gnutls into version 2.* (bug #525640). This prevents users of openvas to install the multilib-enabled net-libs/gnutls-3*. Attached is an attempt at a multilib-enabled net-libs/gnutls-2* ebuild. Reproducible: Always
Created attachment 398872 [details] gnutls-2.12.23-r7.ebuild
for one package in tree that has no actual reason why not to upgrade to gnutls-3, it does not worth the effort. gnutls-2 is obsolete upstream, we won't continue to maintain it soon. BTW: when attaching ebuilds, please attach diff, easier to review. Thanks!
... There seems to be an ArchLinux bug claiming that openvas does work with gnutls 3.3.10 ... OK, given I have no real idea what openvas does, I can't be certain it works, but that handshake failure from bug 525640 is not in the log after going through openvas-check-setup.
PS: BTW, it's data dir grows to nearly 1.5 GB in the process....why ??!!
(In reply to Rafał Mużyło from comment #3) > ... > There seems to be an ArchLinux bug claiming that openvas does work with > gnutls 3.3.10 > > > ... > > OK, given I have no real idea what openvas does, I can't be certain it > works, but that handshake failure from bug 525640 is not in the log after > going through openvas-check-setup. From all my tests it doesn't work with version 3*
(In reply to Rafał Mużyło from comment #4) > PS: BTW, it's data dir grows to nearly 1.5 GB in the process....why ??!! check patterns and similar.
(In reply to Justin Lecher from comment #5) > (In reply to Rafał Mużyło from comment #3) > > ... > > There seems to be an ArchLinux bug claiming that openvas does work with > > gnutls 3.3.10 > > > > > > ... > > > > OK, given I have no real idea what openvas does, I can't be certain it > > works, but that handshake failure from bug 525640 is not in the log after > > going through openvas-check-setup. > > From all my tests it doesn't work with version 3* To clarify: I don't mean 7.0, I mean latest openvas set still on 7.0 branch (7.0.9 for libraries, etc.)
... That is to say, what exactly would count as a valid test ?
(In reply to Rafał Mużyło from comment #8) > ... > That is to say, what exactly would count as a valid test ? Follow the README.gentoo and try to connect to the GSAD at port 9390 This is the error lib serv:WARNING:2015-03-15 10h16.18 utc:13872: Failed to shake hands with peer: An unexpected TLS packet was received. md main:CRITICAL:2015-03-15 10h16.18 utc:13872: serve_client: failed to attach client session to socket 9 lib serv:WARNING:2015-03-15 10h16.18 utc:13872: Failed to gnutls_bye: GnuTLS internal error. lib serv:WARNING:2015-03-15 10h16.18 utc:13872: Failed to gnutls_bye: Error in the push function.
(In reply to Justin Lecher from comment #9) > (In reply to Rafał Mużyło from comment #8) > > ... > > That is to say, what exactly would count as a valid test ? > > Follow the README.gentoo and try to connect to the GSAD at port 9390 > > This is the error > > lib serv:WARNING:2015-03-15 10h16.18 utc:13872: Failed to shake hands with > peer: An unexpected TLS packet was received. > md main:CRITICAL:2015-03-15 10h16.18 utc:13872: serve_client: failed to > attach client session to socket 9 > lib serv:WARNING:2015-03-15 10h16.18 utc:13872: Failed to gnutls_bye: > GnuTLS internal error. > lib serv:WARNING:2015-03-15 10h16.18 utc:13872: Failed to gnutls_bye: > Error in the push function. You could have mentioned that file was in the meta - I've installed just the 4 openvas packages + gsad. Anyway, a funny thing: openvas-check-setup already covered most README.gentoo did, but that's a side note, the important part is that while openvassd and openvasmd are running, I'm getting no message at all (both in openvasmd.log and openvassd.log) if I start gsad ('ps -elly | grep gsad' shows it as 'stopped') - don't known if it's a good or a bad thing in this context.
Never mind. The correct test should have been "go to https://127.0.0.1:9390 afterwards". Now I see the errors too... OK, let's see if google helps...
gnutls-2.x is obsoleted, unmaintained upstream.