cURL / Mailing Lists / curl-library / Single Mail

curl-library

Bug#690551: libcurl3-gnutls: git fails for https repos (fwd)

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 15 Oct 2012 15:24:40 +0200 (CEST)

Ouch...

This was just posted to the debian bug tracker system. I figure some bisecting
could be a good excercise here:

From: Milan Broz
Package: libcurl3-gnutls
Version: 7.28.0-1
Severity: important

After updating to libcurl3-gnutls=7.28.0-1, all git commands fail for https repos.
Downgrade to 7.26.0-1 (only libcurl3-gnutls) solves the problem.
e.g.

$ GIT_CURL_VERBOSE=1 git clone https://code.google.com/p/cryptsetup/

Cloning into 'cryptsetup'...
* About to connect() to code.google.com port 443 (#0)
* Trying 173.194.69.102...
* 0x6df5a0 is at send pipe head!
* STATE: CONNECT => WAITCONNECT handle 0x6e83b0; (connection #0)
* Connected to code.google.com (173.194.69.102) port 443 (#0)
* Connected to code.google.com (173.194.69.102) port 443 (#0)
* found 152 certificates in /etc/ssl/certs/ca-certificates.crt
* STATE: WAITCONNECT => PROTOCONNECT handle 0x6e83b0; (connection #0)
* server certificate verification OK
* common name: *.google.com (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: C=US,ST=California,L=Mountain View,O=Google Inc,CN=*.google.com
* start date: Thu, 27 Sep 2012 01:23:05 GMT

* expire date: Fri, 07 Jun 2013 19:43:27 GMT

* issuer: C=US,O=Google Inc,CN=Google Internet Authority
* compression: NULL
* cipher: ARCFOUR-128
* MAC: SHA1
* STATE: PROTOCONNECT => DO handle 0x6e83b0; (connection #0)
> GET /p/cryptsetup/info/refs?service=git-upload-pack HTTP/1.1
User-Agent: git/1.7.10.4
Host: code.google.com
Accept: */*
Pragma: no-cache

* STATE: DO => DO_DONE handle 0x6e83b0; (connection #0)
* STATE: DO_DONE => WAITPERFORM handle 0x6e83b0; (connection #0)
* STATE: WAITPERFORM => PERFORM handle 0x6e83b0; (connection #0)
* additional stuff not fine transfer.c:1037: 0 0
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 200 OK
< Content-Type: application/x-git-upload-pack-advertisement
< Expires: Fri, 01 Jan 1980 00:00:00 GMT
< Pragma: no-cache
< Cache-Control: no-cache, max-age=0, must-revalidate
< X-Content-Type-Options: nosniff
< Date: Mon, 15 Oct 2012 12:53:06 GMT
< Server: git_frontend
< Content-Length: 1044
< X-XSS-Protection: 1; mode=block
<
* STATE: PERFORM => DONE handle 0x6e83b0; (connection #0)
* Connection #0 to host code.google.com left intact
* Expire cleared
* About to connect() to code.google.com port 443 (#0)
* Trying 173.194.69.139...
* connected
* Connected to code.google.com (173.194.69.139) port 443 (#0)
* found 152 certificates in /etc/ssl/certs/ca-certificates.crt
* SSL re-using session ID
* failed to get server cert
* Closing connection #0
error: RPC failed; result=51, HTTP code = 0
fatal: The remote end hung up unexpectedly

-- System Information:
Debian Release: wheezy/sid
   APT prefers unstable
   APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.5.4 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libcurl3-gnutls depends on:
ii libc6 2.13-35
ii libgcrypt11 1.5.0-3
ii libgnutls26 2.12.20-1
ii libgssapi-krb5-2 1.10.1+dfsg-2
ii libidn11 1.25-2
ii libldap-2.4-2 2.4.31-1
ii librtmp0 2.4+20111222.git4e06e21-1
ii libssh2-1 1.4.2-1.1
ii multiarch-support 2.13-35
ii zlib1g 1:1.2.7.dfsg-13

Versions of packages libcurl3-gnutls recommends:
ii ca-certificates 20120623

libcurl3-gnutls suggests no packages.

-- no debconf information
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-10-15