Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 456250 - net-voip/telepathy-gabble please allow switching between gnutls and openssl
Summary: net-voip/telepathy-gabble please allow switching between gnutls and openssl
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Piotr Jaroszyński (RETIRED)
URL:
Whiteboard:
Keywords: InVCS
: 456258 (view as bug list)
Depends on:
Blocks:
 
Reported: 2013-02-09 01:09 UTC by Diego Elio Pettenò (RETIRED)
Modified: 2013-02-10 12:15 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
Ebuild patch (gabble.patch,1.09 KB, patch)
2013-02-09 12:36 UTC, Diego Elio Pettenò (RETIRED)
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Diego Elio Pettenò (RETIRED) gentoo-dev 2013-02-09 01:09:31 UTC
I've got hit by a problem today where trying to connect with GTalk through KTP failed to connect with a GNUTLS_E_DH_PRIME_UNACCEPTABLE error.

The solution was to EXTRA_ECONF when building telepathy-gabble so that wocky makes use of OpenSSL instead. The result has been positive, and it works fine now.

Just add a +gnutls USE flag and let me "downgrade" to OpenSSL (that works). Thanks.
Diego
Comment 1 Gilles Dartiguelongue gentoo-dev 2013-02-09 10:59:07 UTC
According to changelog:

  18 Feb 2011; Nirbheek Chauhan <nirbheek@gentoo.org>
  telepathy-gabble-0.10.5.ebuild:
  Fix libsoup dependency: after 2.33.1, libsoup started using
  glib-networking for ssl instead of gnutls, and it is now enabled
  unconditionally)

So it looks like this is something that can be revisited indeed.
Comment 2 Gilles Dartiguelongue gentoo-dev 2013-02-09 10:59:38 UTC
*** Bug 456258 has been marked as a duplicate of this bug. ***
Comment 3 Diego Elio Pettenò (RETIRED) gentoo-dev 2013-02-09 12:05:38 UTC
Note that the new version is connecting through a (bundled) libwocky, which is where the selection between GnuTLS/OpenSSL has to be made (./configure at top level will not let you spot any selection).
Comment 4 Diego Elio Pettenò (RETIRED) gentoo-dev 2013-02-09 12:21:27 UTC
I've reported the GnuTLS issue upstream, for what it's worth here's me trying to connect with gnutls-cli:

flame@saladin ~ % gnutls-cli -p 5223 talk.google.com 
Processed 160 CA certificate(s).
Resolving 'talk.google.com'...
Connecting to '173.194.65.125:5223'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
 - subject `C=US,ST=California,L=Mountain View,O=Google Inc,CN=talk.google.com', issuer `C=US,O=Google Inc,CN=Google Internet Authority', RSA key 1024 bits, signed using RSA-SHA1, activated `2012-06-05 00:53:35 UTC', expires `2013-06-05 01:03:35 UTC', SHA-1 fingerprint `7833da4b3a1642e680d7f8e58fd99ed31493b790'
        Public Key Id:
                92b4709209e60147dc572dc02c85c45cdc456ade
        Public key's random art:
                +--[ RSA 1024]----+
                |.+*=.B++.+o      |
                | +.o*o= o..      |
                |  . =oo o.       |
                |     = = .       |
                |      + S E      |
                |       .         |
                |                 |
                |                 |
                |                 |
                +-----------------+

- Certificate[1] info:
 - subject `C=US,O=Google Inc,CN=Google Internet Authority', issuer `C=US,O=Equifax,OU=Equifax Secure Certificate Authority', RSA key 1024 bits, signed using RSA-SHA1, activated `2009-06-08 20:43:27 UTC', expires `2013-06-07 19:43:27 UTC', SHA-1 fingerprint `dd7a7f131ddba33d3e8670179483e6fea6987d6a'
- Status: The certificate is trusted. 
*** Fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough).
*** Handshake has failed
GnuTLS error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough).
Comment 5 Diego Elio Pettenò (RETIRED) gentoo-dev 2013-02-09 12:36:30 UTC
Created attachment 338388 [details, diff]
Ebuild patch
Comment 6 Lee Trager 2013-02-10 06:00:18 UTC
Isn't the bug with telepathy-gabble, not gnutls or libsoup? Shouldn't telepathy-gabble be requesting telling libsoup to not require such a high prime number?
Comment 7 Lee Trager 2013-02-10 06:50:36 UTC
I've created bz #456392 for fixing the bug in net-voip-telepathy-gabble
Comment 8 Gilles Dartiguelongue gentoo-dev 2013-02-10 12:15:16 UTC
+  10 Feb 2013; Gilles Dartiguelongue <eva@gentoo.org>
+  -telepathy-gabble-0.16.3.ebuild, telepathy-gabble-0.16.4.ebuild:
+  Fix USE=jingle confusing file-transfer with voip, switch to EAPI=5 and
+  python-any-r1. Make tls backend configurable, bug #456250.
+

Thanks for reporting.