Bug#466477: bluepages.ibm.com
Richard A Nelson
cowboy at debian.org
Sat Oct 11 20:53:43 UTC 2008
On Sat, 11 Oct 2008, Simon Josefsson wrote:
> I believe we may be close to understanding this entire bug report now.
Cool ;)
> The remaining step is to check whether bluepages.ibm.com exhibits either
> one of the two last problems. However, the server isn't accessible on
> the Internet. Richard, can you test these two commands?
>
> gnutls-cli -p 636 bluepages.ibm.com -d 4711 --priority NORMAL:-VERS-TLS1.1
I had one success, out of >dozen tries - the rest returned
*** Fatal error: A TLS packet with unexpected length was received.
*** Handshake has failed
> gnutls-cli -p 636 bluepages.ibm.com -d 4711 --priority NORMAL:%COMPAT
no success at all
*** Fatal error: A TLS packet with unexpected length was received.
*** Handshake has failed
> You'll need a modern gnutls package, please let us know which package
> version you use.
gnutls-bin 2.4.2-1
> If either of these commands succeeds, let us know which. If so, I
> believe that shows the server to be buggy, and that you now know of a
> workaround. Then we can close the bug.
Well, the problem with, were it so - is the bug would then need to
re-assigned to openldap such that we have a way to specify the
workaround in the slapd.conf and ldap.conf files
> If neither of them succeeds, please post the output from both commands.
> Then we'll have to continue debug the problem...
Attached
>
> I really hope we can close this report.
Ditto, for the nonce, I've had to resorted to rebuilding openldap against
openssl :(
--
Rick Nelson
Linux! Guerrilla UNIX Development Venimus, Vidimus, Dolavimus.
(By mah at ka4ybr.com, Mark A. Horton KA4YBR)
-------------- next part --------------
Script started on Sat Oct 11 20:38:09 2008
�]0;root at el-ghor: ~��[01;32mroot at el-ghor�[00m:�[01;34m/root�[00m# export PS1=$��[K'$' #drop colouring
�]0;root at el-ghor: ~�$gnutls-cli -p 636 bluepages.ibm.com -d 4711 --priority NORMAL:-VERS-TLS1.1
Resolving 'bluepages.ibm.com'...
Connecting to '9.17.186.253:636'...
|<3>| HSK[1d25990]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1
|<3>| HSK[1d25990]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[1d25990]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1
|<3>| HSK[1d25990]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[1d25990]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[1d25990]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1
|<3>| HSK[1d25990]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1
|<3>| HSK[1d25990]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1
|<3>| HSK[1d25990]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1
|<3>| HSK[1d25990]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[1d25990]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1
|<3>| HSK[1d25990]: Keeping ciphersuite: DHE_PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[1d25990]: Keeping ciphersuite: DHE_PSK_SHA_AES_256_CBC_SHA1
|<3>| HSK[1d25990]: Keeping ciphersuite: DHE_PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[1d25990]: Keeping ciphersuite: DHE_PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[1d25990]: Removing ciphersuite: SRP_SHA_RSA_AES_128_CBC_SHA1
|<3>| HSK[1d25990]: Removing ciphersuite: SRP_SHA_RSA_AES_256_CBC_SHA1
|<3>| HSK[1d25990]: Removing ciphersuite: SRP_SHA_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[1d25990]: Removing ciphersuite: SRP_SHA_DSS_AES_128_CBC_SHA1
|<3>| HSK[1d25990]: Removing ciphersuite: SRP_SHA_DSS_AES_256_CBC_SHA1
|<3>| HSK[1d25990]: Removing ciphersuite: SRP_SHA_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[1d25990]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1
|<3>| HSK[1d25990]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[1d25990]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1
|<3>| HSK[1d25990]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[1d25990]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[1d25990]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
|<3>| HSK[1d25990]: Keeping ciphersuite: RSA_ARCFOUR_MD5
|<3>| HSK[1d25990]: Keeping ciphersuite: PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[1d25990]: Keeping ciphersuite: PSK_SHA_AES_256_CBC_SHA1
|<3>| HSK[1d25990]: Keeping ciphersuite: PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[1d25990]: Keeping ciphersuite: PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[1d25990]: Removing ciphersuite: SRP_SHA_AES_128_CBC_SHA1
|<3>| HSK[1d25990]: Removing ciphersuite: SRP_SHA_AES_256_CBC_SHA1
|<3>| HSK[1d25990]: Removing ciphersuite: SRP_SHA_3DES_EDE_CBC_SHA1
|<2>| EXT[1d25990]: Sending extension CERT_TYPE
|<2>| EXT[1d25990]: Sending extension SERVER_NAME
|<3>| HSK[1d25990]: CLIENT HELLO was send [130 bytes]
|<6>| BUF[HSK]: Peeked 0 bytes of Data
|<6>| BUF[HSK]: Emptied buffer
|<4>| REC[1d25990]: Sending Packet[0] Handshake(22) with length: 130
|<2>| ASSERT: gnutls_cipher.c:205
|<7>| WRITE: Will write 135 bytes to 4.
|<7>| WRITE: wrote 135 bytes to 4. Left 0 bytes. Total 135 bytes.
|<7>| 0000 - 16 03 01 00 82 01 00 00 7e 03 01 48 f1 0e cd 67
|<7>| 0001 - d1 27 1a 7a df 15 e6 c2 4b 22 b3 00 48 9f 10 34
|<7>| 0002 - b1 a3 90 97 a9 65 a7 04 2d dc b8 00 00 34 00 33
|<7>| 0003 - 00 45 00 39 00 88 00 16 00 32 00 44 00 38 00 87
|<7>| 0004 - 00 13 00 66 00 90 00 91 00 8f 00 8e 00 2f 00 41
|<7>| 0005 - 00 35 00 84 00 0a 00 05 00 04 00 8c 00 8d 00 8b
|<7>| 0006 - 00 8a 01 00 00 21 00 09 00 03 02 00 01 00 00 00
|<7>| 0007 - 16 00 14 00 00 11 62 6c 75 65 70 61 67 65 73 2e
|<7>| 0008 - 69 62 6d 2e 63 6f 6d
|<4>| REC[1d25990]: Sent Packet[1] Handshake(22) with length: 135
|<7>| READ: Got 0 bytes from 4
|<7>| READ: read 0 bytes from 4
|<7>| 0000 -
|<2>| ASSERT: gnutls_buffers.c:638
|<2>| ASSERT: gnutls_record.c:909
|<2>| ASSERT: gnutls_buffers.c:1152
|<2>| ASSERT: gnutls_handshake.c:1032
|<2>| ASSERT: gnutls_handshake.c:2331
|<6>| BUF[HSK]: Cleared Data from buffer
*** Fatal error: A TLS packet with unexpected length was received.
*** Handshake has failed
GNUTLS ERROR: A TLS packet with unexpected length was received.
�]0;root at el-ghor: ~�$
�]0;root at el-ghor: ~�$
�]0;root at el-ghor: ~�$gnutls-cli -p 636 bluepages.ibm.com -d 4711 --priority NORMAL:-VERS-TLS1.1��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K��[K�������gnutls-cli -p 636 bluepages.ibm.com -d 4711 --priority NORMAL:%COMPAT
Resolving 'bluepages.ibm.com'...
Connecting to '9.17.186.253:636'...
|<3>| HSK[c32990]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1
|<3>| HSK[c32990]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[c32990]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1
|<3>| HSK[c32990]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[c32990]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[c32990]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1
|<3>| HSK[c32990]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1
|<3>| HSK[c32990]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1
|<3>| HSK[c32990]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1
|<3>| HSK[c32990]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[c32990]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1
|<3>| HSK[c32990]: Keeping ciphersuite: DHE_PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[c32990]: Keeping ciphersuite: DHE_PSK_SHA_AES_256_CBC_SHA1
|<3>| HSK[c32990]: Keeping ciphersuite: DHE_PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[c32990]: Keeping ciphersuite: DHE_PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[c32990]: Removing ciphersuite: SRP_SHA_RSA_AES_128_CBC_SHA1
|<3>| HSK[c32990]: Removing ciphersuite: SRP_SHA_RSA_AES_256_CBC_SHA1
|<3>| HSK[c32990]: Removing ciphersuite: SRP_SHA_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[c32990]: Removing ciphersuite: SRP_SHA_DSS_AES_128_CBC_SHA1
|<3>| HSK[c32990]: Removing ciphersuite: SRP_SHA_DSS_AES_256_CBC_SHA1
|<3>| HSK[c32990]: Removing ciphersuite: SRP_SHA_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[c32990]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1
|<3>| HSK[c32990]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[c32990]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1
|<3>| HSK[c32990]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[c32990]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[c32990]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
|<3>| HSK[c32990]: Keeping ciphersuite: RSA_ARCFOUR_MD5
|<3>| HSK[c32990]: Keeping ciphersuite: PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[c32990]: Keeping ciphersuite: PSK_SHA_AES_256_CBC_SHA1
|<3>| HSK[c32990]: Keeping ciphersuite: PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[c32990]: Keeping ciphersuite: PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[c32990]: Removing ciphersuite: SRP_SHA_AES_128_CBC_SHA1
|<3>| HSK[c32990]: Removing ciphersuite: SRP_SHA_AES_256_CBC_SHA1
|<3>| HSK[c32990]: Removing ciphersuite: SRP_SHA_3DES_EDE_CBC_SHA1
|<2>| EXT[c32990]: Sending extension CERT_TYPE
|<2>| EXT[c32990]: Sending extension SERVER_NAME
|<3>| HSK[c32990]: CLIENT HELLO was send [130 bytes]
|<6>| BUF[HSK]: Peeked 0 bytes of Data
|<6>| BUF[HSK]: Emptied buffer
|<4>| REC[c32990]: Sending Packet[0] Handshake(22) with length: 130
|<2>| ASSERT: gnutls_cipher.c:205
|<7>| WRITE: Will write 135 bytes to 4.
|<7>| WRITE: wrote 135 bytes to 4. Left 0 bytes. Total 135 bytes.
|<7>| 0000 - 16 03 02 00 82 01 00 00 7e 03 02 48 f1 11 61 b0
|<7>| 0001 - c4 e9 39 1b e7 c9 23 bd 03 e6 90 03 13 0e 04 ac
|<7>| 0002 - ff f3 93 1e c8 9d cf 8f da 18 7e 00 00 34 00 33
|<7>| 0003 - 00 45 00 39 00 88 00 16 00 32 00 44 00 38 00 87
|<7>| 0004 - 00 13 00 66 00 90 00 91 00 8f 00 8e 00 2f 00 41
|<7>| 0005 - 00 35 00 84 00 0a 00 05 00 04 00 8c 00 8d 00 8b
|<7>| 0006 - 00 8a 01 00 00 21 00 09 00 03 02 00 01 00 00 00
|<7>| 0007 - 16 00 14 00 00 11 62 6c 75 65 70 61 67 65 73 2e
|<7>| 0008 - 69 62 6d 2e 63 6f 6d
|<4>| REC[c32990]: Sent Packet[1] Handshake(22) with length: 135
|<7>| READ: Got 0 bytes from 4
|<7>| READ: read 0 bytes from 4
|<7>| 0000 -
|<2>| ASSERT: gnutls_buffers.c:638
|<2>| ASSERT: gnutls_record.c:909
|<2>| ASSERT: gnutls_buffers.c:1152
|<2>| ASSERT: gnutls_handshake.c:1032
|<2>| ASSERT: gnutls_handshake.c:2331
|<6>| BUF[HSK]: Cleared Data from buffer
*** Fatal error: A TLS packet with unexpected length was received.
*** Handshake has failed
GNUTLS ERROR: A TLS packet with unexpected length was received.
�]0;root at el-ghor: ~�$exit
exit
Script done on Sat Oct 11 20:50:01 2008
More information about the Pkg-gnutls-maint
mailing list