=== modified file 'mandos'
--- mandos	2009-01-29 22:01:00 +0000
+++ mandos	2009-01-29 22:22:32 +0000
@@ -699,6 +699,7 @@
             session.bye()
             return
         logger.debug(u"Fingerprint: %s", fpr)
+        
         for c in self.server.clients:
             if c.fingerprint == fpr:
                 client = c
@@ -790,7 +791,7 @@
 
 def string_to_delta(interval):
     """Parse a string and return a datetime.timedelta
-
+    
     >>> string_to_delta('7d')
     datetime.timedelta(7)
     >>> string_to_delta('60s')
@@ -1022,12 +1023,25 @@
                 uid = 65534
                 gid = 65534
     try:
+        os.setgid(gid)
         os.setuid(uid)
-        os.setgid(gid)
     except OSError, error:
         if error[0] != errno.EPERM:
             raise error
     
+    # Enable all possible GnuTLS debugging
+    if debug:
+        # "Use a log level over 10 to enable all debugging options."
+        # - GnuTLS manual
+        gnutls.library.functions.gnutls_global_set_log_level(11)
+        
+        @gnutls.library.types.gnutls_log_func
+        def debug_gnutls(level, string):
+            logger.debug("GnuTLS: %s", string[:-1])
+        
+        (gnutls.library.functions
+         .gnutls_global_set_log_function(debug_gnutls))
+    
     global service
     service = AvahiService(name = server_settings["servicename"],
                            servicetype = "_mandos._tcp", )

=== modified file 'plugins.d/mandos-client.c'
--- plugins.d/mandos-client.c	2009-01-27 15:42:41 +0000
+++ plugins.d/mandos-client.c	2009-01-29 22:22:32 +0000
@@ -961,16 +961,16 @@
     uid = getuid();
     gid = getgid();
     
+    setgid(gid);
+    if(ret == -1){
+      perror("setgid");
+    }
+    
     ret = setuid(uid);
     if(ret == -1){
       perror("setuid");
     }
     
-    setgid(gid);
-    if(ret == -1){
-      perror("setgid");
-    }
-    
     ret = init_gnutls_global(&mc, pubkey, seckey);
     if(ret == -1){
       fprintf(stderr, "init_gnutls_global failed\n");