Uninitialized "result" variable? Any time the code hits one of those "cleanup" gotos, it's probably returning nonzero unexpectedly?
Later: @filcab on Twitter points out the much dumber issue, which is that if issuer_version is < 0, the function returns issuer_version and not zero. Ow.
(Who uses GnuTLS?)
emacs + email/nntp
I had forgotten about libcurl3-gnutls. There are a lot of things that depend on the libcurl3-gnutls, that list is long and distinguished. But I feel a little icky listing things without actually verifying they are affected. Just because they depend on the libs does not mean they use the bad code in the lib.
If you want to see what depends on libgnutls26 or libcurl3-gnutls in debian:
$ apt-cache rdepends library-name
$ apt-cache --installed rdepends library-name
dfc@ronin:~$ apt-cache rdepends libgnutls26 libgnutls28 libcurl3-gnutls |wc
629 632 10661
dfc@ronin:~$ apt-cache rdepends libssl1.0.0|wc
751 752 11642
"However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable."
tl;dr: A conjunction of two old licenses, resulting in the advertising requirement that "every occurrence of the license with a different name required a separate acknowledgment", which is incompatible to GNU GPL.
A similar thing happened around 20 years ago, with a program called RIPEM. RIPEM was an implementation of S/MIME. It was distributed in source form, and to build it you needed two libraries (well, you probably needed more than two, but only two are relevant for this discussion).
1. You needed a library that implemented RSA cryptographic algorithms. RIPEM used the RSAREF library for this. RSAREF was a library distributed by RSA (the company) that was free to use, but was not free software. I believe that a copy of RSAREF was distributed with RIPEM, although I don't recall for sure.
2. You needed an arbitrary precision integer arithmetic library. No such library was included with RIPEM. You were expected to supply your own (or build RIPEM on a system that included one as part of the system).
The two most common arbitrary precision integer arithmetic libraries on Unix and Unix-like systems at the time were the Berkeley MP library and GNU MP. I'll call these BMP and GMP.
RIPEM could be compiled to work with with BMP or GMP. There were #ifdef statements in the code that selected the appropriate code for the library you wanted to compile for.
RSAREF was not under a GPL compatible license, so if you built a binary of RIPEM linked with GMP, you ended up with a binary that you could not distribute. RIPEM, however, was distributed in source form, not binary form, and did not include GMP in the distribution.
RMS, and someone else from the FSF, objected and told the RIPEM people that they were violating GPL. Their argument was that when you ship source code that uses an interface provided by GMP (even if that is only on option), some people will download GMP in order to build the program, and so your distribution of your source has induced the distribution of GPLed code. That induced distribution, they believe, made your source subject to GPL .
What finally happened was that to put an end to this nonsense the RIPEM people wrote a new arbitrary precision integer arithmetic library that had the same interface as GMP but was actually just a wrapper for BMP. That satisfied RMS/FSF, since now there was a non-GPL implementation of the GMP interface, and so now those who downloaded the RIPEM source and built with the "use GMP" option could be linking with either GMP or the new library, so this no longer counted as an induced GMP distribution.
 It is actually possible for one party to be liable for the copyright infringement of another party, and so if that infringement involved GPL code, then the first party could be subject to GPL. There are a couple ways this can happen.
One way is called "induced infringement", which happens when a party that is under your control infringes under your direction. This would not apply here because there is not a sufficient control relationship.
The other way is called "contributory infringement", and happens when one party helps another party infringe. This would not apply here because in order for party A to be a contributory infringer to party B's infringement, there has to be a direct infringement by party B. Since it does NOT violate the GPL for me to download GPL code and link it with non-GPL code to produce a binary that I run on my computer (it only becomes a violation if I distribute that binary to others), nothing you do to aid me in this can be contributory infringement.
According to this https://en.wikipedia.org/wiki/GnuTLS
Apache httpd (configurable), GNOME, wireshark
People who want IPv6, DTLS, decent cli tools (gnutls-cli), pkcs11.