On Wed, Nov 16, 2016 at 4:44 PM, Daniel P. Berrange <berrange@redhat.com> wrote:

NACK, the gnutls changes are being reverted by upstream and IMHO
if any distro is shipping 3.5.6 they should revert them too, as
the change was a semantic break in gnutls API that will in turn
break any libvirt deployments using this feature when upgraded

Thats kind of what I thought when seeing the effect of the change, but I didn't find that upstream reverted that yesterday.

Thanks for pointing this out as it makes more sense this way.

Explicitly looking for it I found the change in gnutls which is not yet released in any version:

commit 70bf8475bb0ab178fe36ee4c601a6cfec8e70a3f

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>

Date: Fri Nov 11 16:20:01 2016 +0100

Introduced new functions to allow multiple DN parsing modes

The old DN parsing functions are changed to return the original

non-fully compliant with RFC4514 string format, while the new

ones return the compliant string by default. This allows applications

which relied on the previous format to continue functioning without

changes.

Christian Ehrhardt

Software Engineer, Ubuntu Server

Canonical Ltd