After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 615535 - GNUTLS_E_DH_PRIME_UNACCEPTABLE, etc
GNUTLS_E_DH_PRIME_UNACCEPTABLE, etc
Status: RESOLVED FIXED
Product: libsoup
Classification: Core
Component: HTTP Transport
unspecified
Other Linux
: Normal normal
: ---
Assigned To: libsoup-maint@gnome.bugs
libsoup-maint@gnome.bugs
Depends on:
Blocks:
 
 
Reported: 2010-04-12 15:00 UTC by Dan Winship
Modified: 2010-05-22 21:56 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description Dan Winship 2010-04-12 15:00:41 UTC 
Trying to connect to https://www.alecu.org/ causes an infinite loop. Trying to connect to *any* https site with the latest unstable gnutls does the same thing.

Multiple levels of bugs here...

  1. We need to be better about when we do and don't retry messages after
     an I/O failure, so we don't get into infinite loops. Most likely, we
     want to only retry if the first attempt was on a SoupConnection that
     had previously been successfully used. (If we get this wrong it's going
     to bring back "Connection terminated unexpectedly" though.)

  2. The "Unable to handshake" error in soup-gnutls.c should be
     SOUP_SSL_ERROR, not G_IO_CHANNEL_ERROR.

  3. Apparently gnutls requires that the server use a certain minimum key
     size, and refuses to talk if it's smaller than that. Apparently some
     stupid antiquated servers use smaller key sizes than that.
     http://lists.gnupg.org/pipermail/gnutls-dev/2003-September/000518.html
     suggests "gnutls_dh_set_prime_bits (session, 512)". (The default value
     has not changed in gnutls master though, so this doesn't seem to be
     the cause of "everything fails with gnutls unstable".)
Comment 1 Dan Winship 2010-05-22 21:56:49 UTC 
all 3 fixed in git