[Pkg-gnutls-maint] Bug#458817: /usr/bin/gnutls-cli: seems to eat first TLS line after starttls

Marc Haber mh+debian-bugs at zugschlus.de
Thu Jan 3 01:18:19 UTC 2008 

Package: gnutls-bin
Version: 2.0.4-1
Severity: normal
File: /usr/bin/gnutls-cli

When I use gnutls-cli to debug a SMTP/STARTTLS session, I usually do
not see the banner sent by the ESMTP server after the TLS session was
established. The session seems to be in an OK state though, since I
get an error message when I simply type <RETURN> after switching to TLS:

$ gnutls-cli -p 587 smtp.gmail.com -s
Resolving 'smtp.gmail.com'...
Connecting to '72.14.221.111:587'...

- Simple Client Mode:

220 mx.google.com ESMTP 4sm12205522fge.8
EHLO test.client.example
250-mx.google.com at your service, [77.1.33.179]
250-SIZE 28311552
250-8BITMIME
250-STARTTLS
250 ENHANCEDSTATUSCODES
STARTTLS
220 2.0.0 Ready to start TLS
*** Starting TLS handshake
- Certificate type: X.509
 - Got a certificate list of 1 certificates.

 - Certificate[0] info:
 # The hostname in the certificate matches 'smtp.gmail.com'.
 # valid since: Mon Jul 30 18:58:07 CEST 2007
 # expires at: Tue Jul 29 18:58:07 CEST 2008
 # fingerprint: 32:66:6C:0A:DC:4F:2D:F9:83:2E:B4:AA:22:A7:E0:E7
 # Subject's DN: C=US,ST=California,L=Mountain View,O=Google Inc,CN=smtp.gmail.com
 # Issuer's DN: C=ZA,ST=Western Cape,L=Cape Town,O=Thawte Consulting cc,OU=Certification Services Division,CN=Thawte Premium Server CA,EMAIL=premium-server at thawte.com


- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS 1.0
- Key Exchange: RSA
- Cipher: 3DES 168 CBC
- MAC: SHA
- Compression: NULL
<here, the session seems to hang. typing without waiting for the banner>
EHLO test.client.example
250-mx.google.com at your service, [77.1.33.179]
250-SIZE 28311552
250-8BITMIME
250-AUTH LOGIN PLAIN
250 ENHANCEDSTATUSCODES
quit
221 2.0.0 mx.google.com closing connection 4sm12205522fge.8
*** Fatal error: A TLS packet with unexpected length was received.
*** Server has terminated the connection abnormally.
$

I am not sure whether this is gnutls-cli's fault, but it would be
great to see the entire conversation.

Greetings
Marc

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.23.11-scyw00225 (PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages gnutls-bin depends on:
ii  libc6                         2.7-5      GNU C Library: Shared libraries
ii  libgcrypt11                   1.4.0-2    LGPL Crypto library - runtime libr
ii  libgnutls13                   2.0.4-1    the GNU TLS library - runtime libr
ii  libgpg-error0                 1.4-2      library for common error values an
ii  libtasn1-3                    1.2-1      Manage ASN.1 structures (runtime)

gnutls-bin recommends no packages.

-- no debconf information

More information about the Pkg-gnutls-maint mailing list