Comment 16 for bug 292604

I believe it's still an open issue, based on the test I wrote at http://bazaar.launchpad.net/~ubuntu-bugcontrol/qa-regression-testing/master/revision/492?remember=490&compare_revid=490 . Basically, I (think I) can reproduce it by setting up a test server with the attached ca-certificates.crt file from an intrepid installation like so:

  gnutls-serv -p 4433 --x509keyfile /etc/ssl/private/ssl-cert-snakeoil.key --x509certfile /etc/ssl/certs/ssl-cert-snakeoil.pem --x509cafile lp292604-ca-certificate.crt

and then connecting to it with the gnutls client via:

  gnutls-cli -V 4433 --insecure [server]

This succeeded with the following gnutls clients:

  * intrepid
  * jaunty
  * gnutls-cli/libgnutls13 from hardy/2.0.4-1ubuntu2.4 (manually downloaded from the builds at https://launchpad.net/ubuntu/+source/gnutls13/2.0.4-1ubuntu2.4)

It failed with gnutls clients/libs from:

  * hardy/2.0.4-1ubuntu2
  * hardy-security/2.0.4-1ubuntu2.3
  * hardy-proposed/2.0.4-1ubuntu2.5

(In all of these, it didn't matter which release the gnutls-serv was from, the important bit was the ca-certificates.crt file.)

Also, if I removed the "--x509cafile lp292604-ca-certificate.crt" argument, all versions worked, even the ones that failed before. If I used the smaller ca-certificate.crt from a hardy installation, all versions succeeded as well.

Based on all of the above, I believe this is still an issue in 2.0.4-1ubuntu2.5, the current version in hardy-proposed.