After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 659233 - Cannot connect and sync my google calendar because connection is not terminated properly.
Cannot connect and sync my google calendar because connection is not terminat...
Product: glib
Classification: Platform
Component: network
Other Linux
: Normal normal
: ---
Assigned To: gtkdev
Depends on:
Reported: 2011-09-16 10:40 UTC by Frederic Bezies
Modified: 2012-03-18 19:17 UTC
See Also:
GNOME target: ---
GNOME version: ---

gnutls: fix G_TLS_ERROR_EOF handling with gnutls 3.0 (2.14 KB, patch)
2011-09-16 15:34 UTC, Dan Winship
committed Details | Review

Description Frederic Bezies 2011-09-16 10:40:44 UTC

It is kinda related to this invalid bug :

I reported the bug on gnutls bugtracker.

After using wireshark in order to see what happened, gnutls coder says it is related to a connection terminated not in a properly way.

"Indeed the server terminated the connection non-properly and this is what gnutls is reporting. This is reported via the GNUTLS_E_PREMATURE_TERMINATION error code (in gnutls 2.x the generic GNUTLS_E_UNEXPECTED_PACKET_LENGTH was used).Maybe you could report this to the evolution developers to report the error only without invalidating the already received data. I know that other libraries just ignore this error, but note that if you ignore it you'll never notice an attack that truncates the data sent by the server. From gnutls side there is not much we can do."

I got advice to report it to evolution coders in order to see if they can do something on their side.
Comment 1 Milan Crha 2011-09-16 13:19:02 UTC
Thanks for a bug report. I know this is like moving hot potato between peers, but evolution-data-server's CalDAV calendar backend is using libsoup, thus any workaround for the gnutls change would be done either there, or even in glib-networking. I do not know libsoup that well to be able to tell for sure. Anyway, when I tried to "ignore" the SOUP_STATUS_SSL_FAILED code, then it has no difference, except of different error message, which is afterwards "Permission denied", which only because the libsoup didn't return received body/headers and dropped everything. Thus there is no workaround for higher level applications, the change, if any, should be done lower in the stack.
Comment 2 Dan Winship 2011-09-16 15:34:13 UTC
Created attachment 196741 [details] [review]
gnutls: fix G_TLS_ERROR_EOF handling with gnutls 3.0

gnutls 3.0 has a new error code for "peer closed connection without
sending a Close packet", so add some #ifdefs to do the right thing
with either 2.x or 3.x.


can you try this patch against the glib-networking package and see if
it fixes the problem?
Comment 3 Frederic Bezies 2011-09-16 17:16:51 UTC
Applied patch, and rebuild both glib-networking and libsoup... Works perflectly ! Thanks for the quick fix !
Comment 4 Dan Winship 2011-09-16 17:52:43 UTC
Attachment 196741 [details] pushed as 9e2aaac - gnutls: fix G_TLS_ERROR_EOF handling with gnutls 3.0
Comment 5 Ian B. MacDonald 2012-03-14 19:10:59 UTC
I'm a bit confused about the version of gnutls for "RESOLVED" How can I tell if this has been fixed for the current Ubnutu 12.02 B1?  My packages are below.

Is the "26/xx27" = 2.26/27.x? .. 

This is being suggested as a root cause for

I just want to confirm this patch appears in the following downstream packages since it goes back a while now.

ii  libgnutls-dev                                 2.12.14-5ubuntu2                             GNU TLS library - development files
ii  libgnutls-openssl27                           2.12.14-5ubuntu2                             GNU TLS library - OpenSSL wrapper
ii  libgnutls26                                   2.12.14-5ubuntu2                             GNU TLS library - runtime library
ii  libgnutls26:i386                              2.12.14-5ubuntu2                             GNU TLS library - runtime library
ii  libgnutlsxx27                                 2.12.14-5ubuntu2                             GNU TLS library - C++ runtime library
Comment 6 Dan Winship 2012-03-14 19:15:55 UTC
This bug only affected gnutls 3.0. If you have a 2.x version of gnutls then your bug is something else.