[Pkg-gnutls-maint] Bug#396867: gnutls-bin: does not seem to properly handle rehandshake request

Marc Haber mh+debian-bugs at zugschlus.de
Fri Nov 3 13:34:06 CET 2006 

Package: gnutls-bin
Version: 1.4.4-2
Severity: normal

Hi,

I have one internal https server (running IIS on Windows Server 2003)
which seems to request a rehandshake after the http request was
transmitted. This seems to badly confuse gnutls-cli:

| $ gnutls-cli -p 443 a.b.c.d
| Resolving 'a.b.c.d'...
| Connecting to 'a.b.c.d:443'...
| - Certificate type: X.509
|  - Got a certificate list of 1 certificates.
| 
|  - Certificate[0] info:
|  # The hostname in the certificate does NOT match 'a.b.c.d'.
|  # valid since: Wed Jul 20 12:23:32 CEST 2005
|  # expires at: Wed Sep  9 12:34:44 CEST 2009
|  # fingerprint: 6B:22:44:F3:22:CC:BA:36:64:70:0F:C0:D5:CD:87:9E
|  # Subject's DN:  C=DE,ST=BW,L=City,O=Site,OU=Site,CN=some.invalid.host.name.example
|  # Issuer's DN: CN=unqualifiedname
|
|
| - Peer's certificate issuer is unknown
| - Peer's certificate is NOT trusted
| - Version: TLS 1.0
| - Key Exchange: RSA
| - Cipher: ARCFOUR 128
| - MAC: MD5
| - Compression: NULL
| - Handshake was completed
|
| - Simple Client Mode:
|
| GET / HTTP/1.0
| 
| *** Non fatal error: Rehandshake was requested by the peer.

After this, nothing happens any more. Ctrl-C out.

Trying the same with openssl s_client -connect a.b.c.d:443 works fine.
With other servers (for example running apache on Linux), gnutls-cli
works fine as well.

Greetings
Marc

-- System Information:
Debian Release: 4.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18.1-scyw00225
Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1)

Versions of packages gnutls-bin depends on:
ii  libc6                        2.3.6.ds1-7 GNU C Library: Shared libraries
ii  libgcrypt11                  1.2.3-2     LGPL Crypto library - runtime libr
ii  libgnutls13                  1.4.4-2     the GNU TLS library - runtime libr
ii  libgpg-error0                1.4-1       library for common error values an
ii  libopencdk8                  0.5.9-2     Open Crypto Development Kit (OpenC
ii  libtasn1-3                   0.3.6-2     Manage ASN.1 structures (runtime)
ii  zlib1g                       1:1.2.3-13  compression library - runtime

gnutls-bin recommends no packages.

-- no debconf information


-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

More information about the Pkg-gnutls-maint mailing list