FS#36212 - [gnutls] update to 3.2.2-1 breaks TLS handling in webkitgtk2
Attached to Project:
Arch Linux
Opened by Zulu (smoon) - Saturday, 20 July 2013, 19:06 GMT
Last edited by Laurent Carlier (lordheavy) - Wednesday, 31 July 2013, 07:26 GMT
Opened by Zulu (smoon) - Saturday, 20 July 2013, 19:06 GMT
Last edited by Laurent Carlier (lordheavy) - Wednesday, 31 July 2013, 07:26 GMT
|
Details
Description:
After the latest update of gnutls loading of (some) resources via https fails in webkitgtk2 based browsers (e. g. surf). The error message is "Error reading data from TLS socket: Decryption has failed." Additional info: * [PACMAN] upgraded gnutls (3.2.1-1 -> 3.2.2-1) Steps to reproduce: * Refresh your package list and do a sysupgrade: `pacman -Suy` * Install surf: `pacman -S surf` * Open Trello in surf: `surf https://trello.com/` * Instead of seeing the Trello homepage, you'll get an error message. * Open the Webkit-Inspector `Ctrl-Shift-o`, click the "Network" tab and refresh the page `Ctrl-r` * You'll notice how some resources fail to load with the message "Error reading data from TLS socket: Decryption has failed." * The same error occurs at other sites like outlook.com. |
This task depends upon
Closed by Laurent Carlier (lordheavy)
Wednesday, 31 July 2013, 07:26 GMT
Reason for closing: Fixed
Additional comments about closing: gnutls-3.2.3-1
Wednesday, 31 July 2013, 07:26 GMT
Reason for closing: Fixed
Additional comments about closing: gnutls-3.2.3-1
That is what Evolution tells me:
""
Detailed error message: Unable to connect to 'default': Cannot open book: Error reading data from TLS socket: Decryption has failed.
""
Sorry if thats wrong here, I'm new…
// update
I've written a short email to bugs@gnutls.org
Seems like, they didn't provide a bugtracker!?
there is a bug tracker at https://savannah.gnu.org/support/?group=gnutls
see https://savannah.gnu.org/support/index.php?108343
We should use a more clear communication :-)
Thanks for the link the savannah! Their website doesn't mention it, only the bug-mail. Does anyone have a savannah-account?
By the way, I remembered an old issue:
Two years ago webkit based browses failed to load the css for the wiki, after it started to use HTTPS and loading the CSS from another server.
Same like this time? Maybe we should take a look, what caused the problem in the past?
https://bbs.archlinux.org/viewtopic.php?pid=917766
https://bugs.archlinux.org/task/23678 (fixed in bitlbee, not gnutls)
I see there are several upgrades to webkitgtk and evolution-ews now available, I will install and test them. If the don't fix the issue I will downgrade gnutls.
// the bitlbee fix, from 2013-04-12:
http://git.savannah.gnu.org/cgit/weechat.git/commit/?id=d70532250bb679dd480afa8a231a293e9c43ffc3
Don't know if their is a realtion to our problem. Looks like some system-specific thing.
evolution-ews 3.8.4-1
Don't fix this issue.
`pacman -Q epiphany`
epiphany 3.8.2-1
`pacman -Q gnutls`
gnutls 3.2.2-1
`pacman -Q webkitgtk`
webkitgtk 2.0.4-1
@qh doe: Thanks for your bugreport :-)
https://savannah.gnu.org/support/?108343
> **** gnutls_record_recv: Decryption has failed.
Downgrade to gnutls-3.2.1-1 works.
- #make -k check
- make -j1 check
+ make -k check
+ #make -j1 check
I'm looking forward that this fixes the issue.
// update
Arrrgh. Nope. Looks like Ctrl+Shift+R isn't as trustworthy as it was...
http://lists.gnutls.org/pipermail/gnutls-devel/2013-July/006379.html
A patch was offered by Nikos : <http://lists.gnutls.org/pipermail/gnutls-devel/2013-July/006385.html>
I can confirm it works.
> irc: reading data on socket: error -24 Decryption has failed.
gnutls-3.2.2-2
weechat-0.4.1-2
Or ask Nikos, the upstream dev.
See post : <http://lists.gnutls.org/pipermail/gnutls-devel/2013-July/006393.html>
i have no idea how to debug this.
13:19:53 irc.feenode.net -- | irc: connecting to server irc.feenode.net/6667
| (SSL)...
13:19:53 irc.feenode.net =!= | irc: TLS handshake failed
13:19:53 irc.feenode.net =!= | irc: error: An unexpected TLS packet was
| received.
A recompilation of weechat 0.4.1-2 didn't fix the error.
I believe that this should be reported as a different bug though, I do not think it's affecting webkit anymore.
gnutls.install (0.5 KiB)
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6915