Bug#658452: apt-transport-https: Apt https transport does not stop downloading, when host verification failed. Furthermore, no errors raised.

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#658452: apt-transport-https: Apt https transport does not stop downloading, when host verification failed. Furthermore, no errors raised.
From: Nikolay Bogdanov <nikolay.bogdanov@flant.ru>
Date: Fri, 03 Feb 2012 11:46:31 +0400
Message-id: <[🔎] 20120203074631.4319.48162.reportbug@gyrt-notebook.loc>
Reply-to: Nikolay Bogdanov <nikolay.bogdanov@flant.ru>, 658452@bugs.debian.org

Package: apt-transport-https
Version: 0.8.10.3+squeeze1
Severity: important

I create secure apt repository with https access.
When I start secutiry tests, I found this bug.
I attach my aptconfig and apt debug output.



-- System Information:
Debian Release: 6.0.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.39-bpo.2-amd64 (SMP w/4 CPU cores)
Locale: LANG=ru_RU.utf8, LC_CTYPE=ru_RU.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages apt-transport-https depends on:
ii  apt [libapt-pkg4.10] 0.8.10.3+squeeze1   Advanced front-end for dpkg
ii  libc6                2.11.3-2            Embedded GNU C Library: Shared lib
ii  libcurl3-gnutls      7.21.0-2.1+squeeze1 Multi-protocol file transfer libra
ii  libgcc1              1:4.4.5-8           GCC support library
ii  libstdc++6           4.4.5-8             The GNU Standard C++ Library v3

apt-transport-https recommends no packages.

apt-transport-https suggests no packages.

-- no debconf information

APT "";
APT::Architecture "amd64";
APT::Build-Essential "";
APT::Build-Essential:: "build-essential";
APT::Install-Recommends "1";
APT::Install-Suggests "0";
APT::Acquire "";
APT::Acquire::Translation "environment";
APT::Authentication "";
APT::Authentication::TrustCDROM "true";
APT::NeverAutoRemove "";
APT::NeverAutoRemove:: "^firmware-linux.*";
APT::NeverAutoRemove:: "^linux-firmware$";
APT::NeverAutoRemove:: "^linux-image.*";
APT::NeverAutoRemove:: "^kfreebsd-image.*";
APT::NeverAutoRemove:: "^linux-restricted-modules.*";
APT::NeverAutoRemove:: "^linux-ubuntu-modules-.*";
APT::Never-MarkAuto-Sections "";
APT::Never-MarkAuto-Sections:: "metapackages";
APT::Never-MarkAuto-Sections:: "restricted/metapackages";
APT::Never-MarkAuto-Sections:: "universe/metapackages";
APT::Never-MarkAuto-Sections:: "multiverse/metapackages";
APT::Never-MarkAuto-Sections:: "oldlibs";
APT::Never-MarkAuto-Sections:: "restricted/oldlibs";
APT::Never-MarkAuto-Sections:: "universe/oldlibs";
APT::Never-MarkAuto-Sections:: "multiverse/oldlibs";
APT::Periodic "";
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "0";
APT::Periodic::AutocleanInterval "0";
APT::Update "";
APT::Update::Post-Invoke "";
APT::Update::Post-Invoke:: "touch /var/lib/apt/periodic/update-success-stamp
2>/dev/null || true";
APT::Update::Post-Invoke-Success "";
APT::Update::Post-Invoke-Success:: "[ ! -f /var/run/dbus/system_bus_socket ] ||
/usr/bin/dbus-send --system --dest=org.debian.apt --type=signal /org/debian/apt
org.debian.apt.CacheChanged || true";
APT::Archives "";
APT::Archives::MaxAge "30";
APT::Archives::MinAge "2";
APT::Archives::MaxSize "500";
Dir "/";
Dir::State "var/lib/apt/";
Dir::State::lists "lists/";
Dir::State::cdroms "cdroms.list";
Dir::State::mirrors "mirrors/";
Dir::State::extended_states "extended_states";
Dir::State::status "/var/lib/dpkg/status";
Dir::Cache "var/cache/apt/";
Dir::Cache::archives "archives/";
Dir::Cache::srcpkgcache "srcpkgcache.bin";
Dir::Cache::pkgcache "pkgcache.bin";
Dir::Etc "etc/apt/";
Dir::Etc::sourcelist "sources.list";
Dir::Etc::sourceparts "sources.list.d";
Dir::Etc::vendorlist "vendors.list";
Dir::Etc::vendorparts "vendors.list.d";
Dir::Etc::main "apt.conf";
Dir::Etc::netrc "auth.conf";
Dir::Etc::parts "apt.conf.d";
Dir::Etc::preferences "preferences";
Dir::Etc::preferencesparts "preferences.d";
Dir::Etc::trusted "trusted.gpg";
Dir::Etc::trustedparts "trusted.gpg.d";
Dir::Bin "";
Dir::Bin::methods "/usr/lib/apt/methods";
Dir::Bin::dpkg "/usr/bin/dpkg";
Dir::Media "";
Dir::Media::MountPath "/media/cdrom";
Dir::Log "var/log/apt";
Dir::Log::Terminal "term.log";
Dir::Log::History "history.log";
Dir::Ignore-Files-Silently "";
Dir::Ignore-Files-Silently:: "~$";
Dir::Ignore-Files-Silently:: "\.disabled$";
Dir::Ignore-Files-Silently:: "\.bak$";
Dir::Ignore-Files-Silently:: "\.dpkg-[a-z]+$";
Acquire "";
Acquire::cdrom "";
Acquire::cdrom::mount "/media/cdrom";
Acquire::https "";
Acquire::https::Verify-Host "true";
Acquire::https::Verify-Peer "true";
DPkg "";
DPkg::Pre-Install-Pkgs "";
DPkg::Pre-Install-Pkgs:: "/usr/bin/apt-listchanges --apt || test $? -ne 10";
DPkg::Pre-Install-Pkgs:: "/usr/sbin/dpkg-preconfigure --apt || true";
DPkg::Tools "";
DPkg::Tools::Options "";
DPkg::Tools::Options::/usr/bin/apt-listchanges "";
DPkg::Tools::Options::/usr/bin/apt-listchanges::Version "2";
DPkg::Post-Invoke "";
DPkg::Post-Invoke:: "if [ -d /var/lib/update-notifier ]; then touch /var/lib
/update-notifier/dpkg-run-stamp; fi; if [ -e /var/lib/update-notifier/updates-
available ]; then echo > /var/lib/update-notifier/updates-available; fi ";
Unattended-Upgrade "";
Unattended-Upgrade::Allowed-Origins "";
Unattended-Upgrade::Allowed-Origins:: "${distro_id} stable";
Unattended-Upgrade::Allowed-Origins:: "${distro_id}
${distro_codename}-security";
Debug "";
Debug::Acquire "";
Debug::Acquire::Https "true";
CommandLine "";
CommandLine::AsString "apt-config dump";

0% [Обработка]* About to connect() to apt.flant.ru port 443 (#0)
*   Trying 89.108.116.132... * connected
* Connected to apt.flant.ru (89.108.116.132) port 443 (#0)
Получить:1 http://mirror.yandex.ru/debian/ squeeze/main python-gtkspell
amd64 2.25.3-7 [35,5 kB]
31% [Обработка]* found 141 certificates in /etc/ssl/certs/ca-
certificates.crt
*        server certificate verification OK
*        common name: run.flant.ru (does not match 'apt.flant.ru')
*        server certificate expiration date OK
*        server certificate activation date OK
*        certificate public key: RSA
*        certificate version: #3
*        subject: C=RU,ST=Moscow,L=Moscow,O=CJSC Flant,CN=run.flant.ru
*        start date: Thu, 03 Nov 2011 00:00:00 GMT
*        expire date: Fri, 02 Nov 2012 23:59:59 GMT
*        issuer: C=US,O=Thawte\, Inc.,CN=Thawte SSL CA
*        compression: NULL
*        cipher: AES-256-CBC
*        MAC: SHA1
> GET /common/pool/main/h/htop/htop_1.0-squeeze1_amd64.deb HTTP/1.1
User-Agent: Debian APT-CURL/1.0 (0.8.10.3)
Host: apt.flant.ru
Accept: */*
Cache-Control: max-age=0

< HTTP/1.1 200 OK
< Server: nginx/0.7.65
< Date: Fri, 03 Feb 2012 07:25:37 GMT
< Content-Type: application/octet-stream
< Connection: keep-alive
< Keep-Alive: timeout=20
< Content-Length: 76792
< Last-Modified: Mon, 19 Dec 2011 10:28:56 GMT
< Accept-Ranges: bytes
<
Получить:2 https://apt.flant.ru/common/ squeeze/main htop amd64
1.0-squeeze1 [76,8 kB]
45% [2 htop 16127/76,8 kB 21%]* Connection #0 to host apt.flant.ru left intact

Reply to:

Follow-Ups:
- Bug#658452: apt-transport-https: Apt https transport does not stop downloading, when host verification failed. Furthermore, no errors raised.
  - From: Yuriy Kolesnikov <yurikoles@gmail.com>

Prev by Date: Bug#658346: APT does not work with a repository at Sourceforge
Next by Date: Bug#658452: apt-transport-https: Apt https transport does not stop downloading, when host verification failed. Furthermore, no errors raised.
Previous by thread: Please get back to me
Next by thread: Bug#658452: apt-transport-https: Apt https transport does not stop downloading, when host verification failed. Furthermore, no errors raised.
Index(es):
- Date
- Thread