FS#40075 - [nzbget] TLS handshake failed: Error in the system's randomness device.

Attached to Project: Community Packages
Opened by beta990 (beta990) - Thursday, 24 April 2014, 19:50 GMT
Last edited by Jaroslav Lichtblau (Dragonlord) - Sunday, 25 May 2014, 18:55 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Jaroslav Lichtblau (Dragonlord)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 3
Private No

Details

nzbget 12.0-1

Link to solution: http://nzbget.net/forum/viewtopic.php?f=3&t=1184

"Discussed in the fourth topic on this page.
The problem is in GnuTLS, probably after updating of GnuTLS package.

A solution is to build NZBGet to use OpenSSL instead of GnuTLS:
./configure --with-tlslib=OpenSSL"
This task depends upon

Closed by  Jaroslav Lichtblau (Dragonlord)
Sunday, 25 May 2014, 18:55 GMT
Reason for closing:  Implemented
Additional comments about closing:  in nzbget-12.0-2
Comment by Jay Scott (beardyjay) - Monday, 28 April 2014, 07:42 GMT
Can confirm that the fix linked does work by adding --with-tlslib=OpenSSL to the build script.
Comment by David J. Haines (dhaines) - Monday, 28 April 2014, 14:02 GMT
Oddly, the error seems to appear only when run in daemon mode. If you run it as a foreground server (-s), it works just fine.
Comment by Davy Kager (dkager) - Friday, 09 May 2014, 14:45 GMT
I just ran into this same issue. I used to compile myself (with OpenSSL) but figured I'd try the package before doing that on my new server install. Obviously I'm also running in daemon-mode, with a systemd service:
...
ExecStart=/usr/bin/nzbget -D -c /etc/nzbget.conf
ExecReload=/usr/bin/nzbget -O
ExecStop=/usr/bin/nzbget -Q
...
This seems the most "native" way to run the daemon, but alas it throws the GnuTLS error.
Comment by Leonard de Ruijter (leonardder) - Friday, 09 May 2014, 15:29 GMT
nzbget depends on python, which itself depends on openssl. Even without this issue a switch to openssl would save us a dependency. There's therefore no need to include openssl as a dependency as it is provided by python.
Comment by Davy Kager (dkager) - Saturday, 10 May 2014, 13:58 GMT
Yet another reason to want this change: on my server OpenSSL seems to perform considerably better than GnuTLS (18.5 MB/s versus 14.5 MB/s) with the same cipher. Plus what Leonard said makes a lot of sense.

Loading...