Bug 210295

Summary:	net-misc/curl with gnutls fails to validat some certificates
Product:	Gentoo Linux	Reporter:	Bertrand Jacquin <bertrand>
Component:	Current packages	Assignee:	Daniel Black (RETIRED) <dragonheart>
Status:	RESOLVED WONTFIX
Severity:	normal
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://lists.gnu.org/archive/html/help-gnutls/2008-02/msg00012.html
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	files/curl-correct-gnutls-madness.patch

Description Bertrand Jacquin 2008-02-15 23:19:25 UTC

Using curl with gnutls support fail with some certificates. As for exemple :

% curl https://www.net222.caisse-epargne.fr
curl: (35) server cert verify failed: -101
% curl -k https://www.net222.caisse-epargne.fr
curl: (35) server cert verify failed: -101

Bugs is both from curl & gnutls.

gnutls should not return -101 error as described on http://lists.gnu.org/archive/html/help-gnutls/2008-02/msg00012.html as certificate is good.

But curl should not failed using -k options (accept insecure ssl transactions).

% curl -V
curl 7.17.1 (i686-pc-linux-gnu) libcurl/7.17.1 GnuTLS/2.0.4 zlib/1.2.3
Protocols: tftp ftp telnet dict ldap http file https ftps 
Features: IPv6 Largefile SSL libz
% gnutls-cli -v
gnutls-cli (GnuTLS) 2.0.4

patch attached correct the curl bug.

Reproducible: Always

Comment 1 Bertrand Jacquin 2008-02-15 23:20:14 UTC

Created attachment 143614 [details]
files/curl-correct-gnutls-madness.patch

Comment 2 Daniel Stenberg 2008-02-15 23:27:34 UTC

FYI: the patch was written by me and that fix is committed to curl's CVS for inclusion in next release.

Comment 3 Daniel Stenberg 2008-02-20 20:53:34 UTC

the gnutls side of this bug has been fixed in their git tree

Comment 4 Daniel Black (RETIRED) gentoo-dev

2008-04-01 12:24:41 UTC

appreciate the bug report however I've tinkered with the 7.17.1 version enough. I'll be adding 7.18.1 soon which contains this fix.

Thanks for your comments Daniel.