Summary: | net-voip/telepathy-gabble please allow switching between gnutls and openssl | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Diego Elio Pettenò (RETIRED) <flameeyes> |
Component: | New packages | Assignee: | Piotr Jaroszyński (RETIRED) <peper> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | gnome, kamil.kuduk, lee, markpariente, voip+disabled |
Priority: | Normal | Keywords: | InVCS |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=455800 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: | Ebuild patch |
Description
Diego Elio Pettenò (RETIRED)
2013-02-09 01:09:31 UTC
According to changelog: 18 Feb 2011; Nirbheek Chauhan <nirbheek@gentoo.org> telepathy-gabble-0.10.5.ebuild: Fix libsoup dependency: after 2.33.1, libsoup started using glib-networking for ssl instead of gnutls, and it is now enabled unconditionally) So it looks like this is something that can be revisited indeed. *** Bug 456258 has been marked as a duplicate of this bug. *** Note that the new version is connecting through a (bundled) libwocky, which is where the selection between GnuTLS/OpenSSL has to be made (./configure at top level will not let you spot any selection). I've reported the GnuTLS issue upstream, for what it's worth here's me trying to connect with gnutls-cli: flame@saladin ~ % gnutls-cli -p 5223 talk.google.com Processed 160 CA certificate(s). Resolving 'talk.google.com'... Connecting to '173.194.65.125:5223'... - Certificate type: X.509 - Got a certificate list of 2 certificates. - Certificate[0] info: - subject `C=US,ST=California,L=Mountain View,O=Google Inc,CN=talk.google.com', issuer `C=US,O=Google Inc,CN=Google Internet Authority', RSA key 1024 bits, signed using RSA-SHA1, activated `2012-06-05 00:53:35 UTC', expires `2013-06-05 01:03:35 UTC', SHA-1 fingerprint `7833da4b3a1642e680d7f8e58fd99ed31493b790' Public Key Id: 92b4709209e60147dc572dc02c85c45cdc456ade Public key's random art: +--[ RSA 1024]----+ |.+*=.B++.+o | | +.o*o= o.. | | . =oo o. | | = = . | | + S E | | . | | | | | | | +-----------------+ - Certificate[1] info: - subject `C=US,O=Google Inc,CN=Google Internet Authority', issuer `C=US,O=Equifax,OU=Equifax Secure Certificate Authority', RSA key 1024 bits, signed using RSA-SHA1, activated `2009-06-08 20:43:27 UTC', expires `2013-06-07 19:43:27 UTC', SHA-1 fingerprint `dd7a7f131ddba33d3e8670179483e6fea6987d6a' - Status: The certificate is trusted. *** Fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough). *** Handshake has failed GnuTLS error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough). Created attachment 338388 [details, diff]
Ebuild patch
Isn't the bug with telepathy-gabble, not gnutls or libsoup? Shouldn't telepathy-gabble be requesting telling libsoup to not require such a high prime number? I've created bz #456392 for fixing the bug in net-voip-telepathy-gabble + 10 Feb 2013; Gilles Dartiguelongue <eva@gentoo.org> + -telepathy-gabble-0.16.3.ebuild, telepathy-gabble-0.16.4.ebuild: + Fix USE=jingle confusing file-transfer with voip, switch to EAPI=5 and + python-any-r1. Make tls backend configurable, bug #456250. + Thanks for reporting. |