Bug#594150: apt-transport-https fail after squeeze upgrade
Package: apt-transport-https
Version: 0.7.25.3
Severity: grave
Justification: renders package unusable
*** Please type your report below this line ***
I have an apt https setup with client certs that has been working fine for lenny. After upgrading to squeeze, it fails.
Has anything changed in the configuration? I'm not really able to find any relevant documentation ...
I've created a test setup which is documented at:
http://apt-test.aviatis.com/
It runs apt-cacher (so you know what it will produce if it does ...). Clients need to specify a client cert to get access.
Client config instructions are at that URL. Please e-mail me with any questions or requests for changes in the setup.
Details:
----
Error message on client (that runs apt):
Err https://FOO foo/main Packages
SSL connection timeout
W: Failed to fetch https://FOO/FOO/dists/foo/main/binary-i386/Packages.gz SSL connection timeout
----
SSL log on the server (that runs apt-cacher):
squeeze:
[14/Aug/2010:19:05:19 +0000] 192.168.1.5 SSLv3 - - -
compare with lenny:
[14/Aug/2010:10:11:06 +0000] 192.168.1.6 SSLv3 DHE-RSA-AES128-SHA FOO FOO.com
----
/etc/apt/apt.conf.d/client-cert:
Acquire {
https {
Verify-Peer "false";
CaPath "/etc/ssl/certs";
Verify-Host "false";
AllowRedirect "true";
SslCert "/etc/FOO/FOO.crt";
SslKey "/etc/FOO/FOO.key";
SslForceVersion "SSLv3"; // Somehow it does not work unless we do this (this is a lenny comment, but changing it does not change matters in squeeze)
}
}
----
When I use the same client cert files with curl on squeeze, I can access the file that apt fails to access.
Reply to: