Bug#703932: apt-transport-https not sending a certificate to the server
Package: apt-transport-https
Version: 0.9.7.8
Severity: important
Dear Maintainer,
I have configured apache to require client certificates, I have a CA,
a client key and client crt. I can use both curl and gnutls-cli to connect
to my server. I have configured apt to use these keys, in strace I see
that the ca.crt, client1.crt and client1.key are read. In the wireshark
trace I see that an empty "client" is sent to the server.
$ cat /etc/apt/apt.conf.d/trust
Debug::Acquire::https "true";
Acquire::https::system {
Verify-Peer "true";
Verify-Host "true";
CaInfo "/home/ich/cert/ca.crt";
SslCert "/home/ich/cert/client1.crt";
SslKey "/home/ich/cert/client1.key";
};
$ cat /etc/apt/sources.list.d/system.list
deb https://system:2335/Debian_6.0/ ./
$ aptitude update
....
gnutls_handshake() failed: Handshake failed
On squeeze the issue is worth.. the server is closing the connection and
the https transports reads zero from the socket and tries it again.
holger
-- System Information:
Debian Release: 7.0
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 3.6.9+ (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages apt-transport-https depends on:
ii libapt-pkg4.12 0.9.7.7
ii libc6 2.13-38
ii libcurl3-gnutls 7.29.0-1
ii libgcc1 1:4.7.2-5
ii libstdc++6 4.7.2-5
apt-transport-https recommends no packages.
apt-transport-https suggests no packages.
-- no debconf information
Reply to: