Bug#514578: libgnutls26: LDAP STARTTLS is broken
Gabor Gombas
gombasg at sztaki.hu
Mon Feb 9 15:48:20 UTC 2009
On Mon, Feb 09, 2009 at 01:40:59PM +0100, Simon Josefsson wrote:
> Please provide output from:
>
> gnutls-cli -p 663 your.ldap.server -d 4711 --print-cert
Here it is:
|<3>| HSK[8a6c0b8]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1
|<3>| HSK[8a6c0b8]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[8a6c0b8]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1
|<3>| HSK[8a6c0b8]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[8a6c0b8]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[8a6c0b8]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1
|<3>| HSK[8a6c0b8]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1
|<3>| HSK[8a6c0b8]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1
|<3>| HSK[8a6c0b8]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1
|<3>| HSK[8a6c0b8]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[8a6c0b8]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1
|<3>| HSK[8a6c0b8]: Keeping ciphersuite: DHE_PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[8a6c0b8]: Keeping ciphersuite: DHE_PSK_SHA_AES_256_CBC_SHA1
|<3>| HSK[8a6c0b8]: Keeping ciphersuite: DHE_PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[8a6c0b8]: Keeping ciphersuite: DHE_PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[8a6c0b8]: Removing ciphersuite: SRP_SHA_RSA_AES_128_CBC_SHA1
|<3>| HSK[8a6c0b8]: Removing ciphersuite: SRP_SHA_RSA_AES_256_CBC_SHA1
|<3>| HSK[8a6c0b8]: Removing ciphersuite: SRP_SHA_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[8a6c0b8]: Removing ciphersuite: SRP_SHA_DSS_AES_128_CBC_SHA1
|<3>| HSK[8a6c0b8]: Removing ciphersuite: SRP_SHA_DSS_AES_256_CBC_SHA1
|<3>| HSK[8a6c0b8]: Removing ciphersuite: SRP_SHA_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[8a6c0b8]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1
|<3>| HSK[8a6c0b8]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[8a6c0b8]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1
|<3>| HSK[8a6c0b8]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[8a6c0b8]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[8a6c0b8]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
|<3>| HSK[8a6c0b8]: Keeping ciphersuite: RSA_ARCFOUR_MD5
|<3>| HSK[8a6c0b8]: Keeping ciphersuite: PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[8a6c0b8]: Keeping ciphersuite: PSK_SHA_AES_256_CBC_SHA1
|<3>| HSK[8a6c0b8]: Keeping ciphersuite: PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[8a6c0b8]: Keeping ciphersuite: PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[8a6c0b8]: Removing ciphersuite: SRP_SHA_AES_128_CBC_SHA1
|<3>| HSK[8a6c0b8]: Removing ciphersuite: SRP_SHA_AES_256_CBC_SHA1
|<3>| HSK[8a6c0b8]: Removing ciphersuite: SRP_SHA_3DES_EDE_CBC_SHA1
|<2>| EXT[8a6c0b8]: Sending extension CERT_TYPE
|<2>| EXT[8a6c0b8]: Sending extension SERVER_NAME
|<3>| HSK[8a6c0b8]: CLIENT HELLO was send [132 bytes]
|<6>| BUF[HSK]: Peeked 0 bytes of Data
|<6>| BUF[HSK]: Emptied buffer
|<4>| REC[8a6c0b8]: Sending Packet[0] Handshake(22) with length: 132
|<2>| ASSERT: gnutls_cipher.c:204
|<7>| WRITE: Will write 137 bytes to 4.
|<7>| WRITE: wrote 137 bytes to 4. Left 0 bytes. Total 137 bytes.
|<7>| 0000 - 16 03 02 00 84 01 00 00 80 03 02 49 90 4e 7f 0b
|<7>| 0001 - bc b1 4e bf e1 12 b4 1f 73 3d 1a ab ba e9 2e 8f
|<7>| 0002 - a9 36 54 d0 4e 13 41 5f a4 25 a7 00 00 34 00 33
|<7>| 0003 - 00 45 00 39 00 88 00 16 00 32 00 44 00 38 00 87
|<7>| 0004 - 00 13 00 66 00 90 00 91 00 8f 00 8e 00 2f 00 41
|<7>| 0005 - 00 35 00 84 00 0a 00 05 00 04 00 8c 00 8d 00 8b
|<7>| 0006 - 00 8a 01 00 00 23 00 09 00 03 02 00 01 00 00 00
|<7>| 0007 - 18 00 16 00 00 13 64 69 72 65 63 74 6f 72 79 2e
|<7>| 0008 - 73 7a 74 61 6b 69 2e 68 75
|<4>| REC[8a6c0b8]: Sent Packet[1] Handshake(22) with length: 137
|<7>| READ: Got 5 bytes from 4
|<7>| READ: read 5 bytes from 4
|<7>| 0000 - 16 03 01 07 aa
|<7>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<7>| RB: Requested 5 bytes
|<4>| REC[8a6c0b8]: Expected Packet[0] Handshake(22) with length: 1
|<4>| REC[8a6c0b8]: Received Packet[0] Handshake(22) with length: 1962
|<7>| READ: Got 1962 bytes from 4
|<7>| READ: read 1962 bytes from 4
|<7>| 0000 - 02 00 00 46 03 01 00 17 79 81 1c fd e7 bb ef a4
|<7>| 0001 - ca d7 82 58 6d 37 6a 05 f2 cd 4a c3 d8 95 c8 fe
|<7>| 0002 - d5 9b 69 32 28 97 20 7c 46 79 c2 d3 6f 14 95 a5
|<7>| 0003 - 84 72 2c 57 51 06 5a 4c 51 46 e7 00 bc 0a 13 b2
|<7>| 0004 - a4 ab 33 67 e1 7b b5 00 04 00 0b 00 07 58 00 07
|<7>| 0005 - 55 00 03 a1 30 82 03 9d 30 82 03 06 a0 03 02 01
|<7>| 0006 - 02 02 01 3e 30 0d 06 09 2a 86 48 86 f7 0d 01 01
|<7>| 0007 - 04 05 00 30 81 9b 31 0b 30 09 06 03 55 04 06 13
|<7>| 0008 - 02 48 55 31 11 30 0f 06 03 55 04 08 13 08 42 75
|<7>| 0009 - 64 61 70 65 73 74 31 11 30 0f 06 03 55 04 07 13
|<7>| 000a - 08 42 75 64 61 70 65 73 74 31 13 30 11 06 03 55
|<7>| 000b - 04 0a 13 0a 4d 54 41 20 53 5a 54 41 4b 49 31 0d
|<7>| 000c - 30 0b 06 03 55 04 0b 13 04 49 54 41 4b 31 1e 30
|<7>| 000d - 1c 06 03 55 04 03 13 15 43 65 72 74 69 66 69 63
|<7>| 000e - 61 74 65 20 41 75 74 68 6f 72 69 74 79 31 22 30
|<7>| 000f - 20 06 09 2a 86 48 86 f7 0d 01 09 01 16 13 73 79
|<7>| 0010 - 73 2d 61 64 6d 69 6e 40 73 7a 74 61 6b 69 2e 68
|<7>| 0011 - 75 30 1e 17 0d 30 37 30 37 31 36 31 31 30 37 34
|<7>| 0012 - 36 5a 17 0d 31 37 30 37 31 33 31 31 30 37 34 36
|<7>| 0013 - 5a 30 62 31 0b 30 09 06 03 55 04 06 13 02 48 55
|<7>| 0014 - 31 11 30 0f 06 03 55 04 08 13 08 42 75 64 61 70
|<7>| 0015 - 65 73 74 31 13 30 11 06 03 55 04 0a 13 0a 4d 54
|<7>| 0016 - 41 20 53 5a 54 41 4b 49 31 0d 30 0b 06 03 55 04
|<7>| 0017 - 0b 13 04 49 54 41 4b 31 1c 30 1a 06 03 55 04 03
|<7>| 0018 - 13 13 64 69 72 65 63 74 6f 72 79 2e 73 7a 74 61
|<7>| 0019 - 6b 69 2e 68 75 30 81 9f 30 0d 06 09 2a 86 48 86
|<7>| 001a - f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81
|<7>| 001b - 81 00 bb 49 4c 6e cf 66 2c 69 8c 57 ed 48 05 94
|<7>| 001c - 6c d6 d9 85 76 2f 98 b3 8a 92 32 80 3c b7 12 88
|<7>| 001d - 79 0a f1 70 21 87 80 1d 7f 67 05 ee 63 e8 19 db
|<7>| 001e - 1d 0b 40 94 3e 3b f1 b0 4c 82 d3 19 9b 71 bb 41
|<7>| 001f - 00 d3 e3 18 01 cd 79 ec 48 e8 93 65 81 2c 3a 2c
|<7>| 0020 - 07 ef 13 23 30 d4 3b e9 50 c1 4f 78 9c ac fc 86
|<7>| 0021 - e4 19 46 b2 7a 3c b8 83 fc 37 62 79 0a 95 7b b6
|<7>| 0022 - 4d 4f 93 9c 73 3c e4 42 5a e9 96 47 e9 d4 e7 23
|<7>| 0023 - 5f 49 02 03 01 00 01 a3 82 01 27 30 82 01 23 30
|<7>| 0024 - 09 06 03 55 1d 13 04 02 30 00 30 2c 06 09 60 86
|<7>| 0025 - 48 01 86 f8 42 01 0d 04 1f 16 1d 4f 70 65 6e 53
|<7>| 0026 - 53 4c 20 47 65 6e 65 72 61 74 65 64 20 43 65 72
|<7>| 0027 - 74 69 66 69 63 61 74 65 30 1d 06 03 55 1d 0e 04
|<7>| 0028 - 16 04 14 b8 5c ee bb d2 99 54 c8 7e cd 82 b5 09
|<7>| 0029 - b6 5d c9 63 9e 85 a6 30 81 c8 06 03 55 1d 23 04
|<7>| 002a - 81 c0 30 81 bd 80 14 19 1d 2a bf 23 b8 91 75 ff
|<7>| 002b - af 67 05 ef 8a f3 77 68 08 b2 bb a1 81 a1 a4 81
|<7>| 002c - 9e 30 81 9b 31 0b 30 09 06 03 55 04 06 13 02 48
|<7>| 002d - 55 31 11 30 0f 06 03 55 04 08 13 08 42 75 64 61
|<7>| 002e - 70 65 73 74 31 11 30 0f 06 03 55 04 07 13 08 42
|<7>| 002f - 75 64 61 70 65 73 74 31 13 30 11 06 03 55 04 0a
|<7>| 0030 - 13 0a 4d 54 41 20 53 5a 54 41 4b 49 31 0d 30 0b
|<7>| 0031 - 06 03 55 04 0b 13 04 49 54 41 4b 31 1e 30 1c 06
|<7>| 0032 - 03 55 04 03 13 15 43 65 72 74 69 66 69 63 61 74
|<7>| 0033 - 65 20 41 75 74 68 6f 72 69 74 79 31 22 30 20 06
|<7>| 0034 - 09 2a 86 48 86 f7 0d 01 09 01 16 13 73 79 73 2d
|<7>| 0035 - 61 64 6d 69 6e 40 73 7a 74 61 6b 69 2e 68 75 82
|<7>| 0036 - 01 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05
|<7>| 0037 - 00 03 81 81 00 09 6e ad e5 75 a9 21 2c 8b 01 8c
|<7>| 0038 - 17 45 28 bc e9 b9 e0 9d dc 0c be c7 af ca 9d 7c
|<7>| 0039 - 7a 57 e9 96 ab 38 bf 76 f8 50 d0 ae f0 5c 86 59
|<7>| 003a - 62 b2 38 e2 0a 0d 44 fb 73 17 e9 06 40 41 25 6d
|<7>| 003b - ef 8f 9c 77 31 93 68 1c a3 2c 01 be 9e 37 85 7e
|<7>| 003c - dc a4 b0 2f 50 d8 76 48 c8 06 d6 7d c8 ac 52 5d
|<7>| 003d - 9a 2c 11 aa 8c 56 52 f7 6e 60 64 1b c0 df c8 34
|<7>| 003e - 59 dd 7a c2 93 f9 28 86 c0 a6 2f 91 f8 63 10 b2
|<7>| 003f - b3 c1 e7 e6 94 00 03 ae 30 82 03 aa 30 82 03 13
|<7>| 0040 - a0 03 02 01 02 02 01 00 30 0d 06 09 2a 86 48 86
|<7>| 0041 - f7 0d 01 01 04 05 00 30 81 9b 31 0b 30 09 06 03
|<7>| 0042 - 55 04 06 13 02 48 55 31 11 30 0f 06 03 55 04 08
|<7>| 0043 - 13 08 42 75 64 61 70 65 73 74 31 11 30 0f 06 03
|<7>| 0044 - 55 04 07 13 08 42 75 64 61 70 65 73 74 31 13 30
|<7>| 0045 - 11 06 03 55 04 0a 13 0a 4d 54 41 20 53 5a 54 41
|<7>| 0046 - 4b 49 31 0d 30 0b 06 03 55 04 0b 13 04 49 54 41
|<7>| 0047 - 4b 31 1e 30 1c 06 03 55 04 03 13 15 43 65 72 74
|<7>| 0048 - 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74
|<7>| 0049 - 79 31 22 30 20 06 09 2a 86 48 86 f7 0d 01 09 01
|<7>| 004a - 16 13 73 79 73 2d 61 64 6d 69 6e 40 73 7a 74 61
|<7>| 004b - 6b 69 2e 68 75 30 1e 17 0d 30 36 30 31 31 30 30
|<7>| 004c - 39 34 37 35 39 5a 17 0d 31 36 30 31 30 38 30 39
|<7>| 004d - 34 37 35 39 5a 30 81 9b 31 0b 30 09 06 03 55 04
|<7>| 004e - 06 13 02 48 55 31 11 30 0f 06 03 55 04 08 13 08
|<7>| 004f - 42 75 64 61 70 65 73 74 31 11 30 0f 06 03 55 04
|<7>| 0050 - 07 13 08 42 75 64 61 70 65 73 74 31 13 30 11 06
|<7>| 0051 - 03 55 04 0a 13 0a 4d 54 41 20 53 5a 54 41 4b 49
|<7>| 0052 - 31 0d 30 0b 06 03 55 04 0b 13 04 49 54 41 4b 31
|<7>| 0053 - 1e 30 1c 06 03 55 04 03 13 15 43 65 72 74 69 66
|<7>| 0054 - 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 31
|<7>| 0055 - 22 30 20 06 09 2a 86 48 86 f7 0d 01 09 01 16 13
|<7>| 0056 - 73 79 73 2d 61 64 6d 69 6e 40 73 7a 74 61 6b 69
|<7>| 0057 - 2e 68 75 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d
|<7>| 0058 - 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 00
|<7>| 0059 - cf 20 30 bc 1e a5 e8 ce c7 a1 4b 5b 8a f7 fd 0d
|<7>| 005a - 10 fd 63 d0 19 13 50 0f b6 93 b8 78 c3 ed 3e 7e
|<7>| 005b - 5a dc 47 7a d8 40 f4 cc 02 53 9a 7d 1b 76 f7 19
|<7>| 005c - f0 8d 54 ca 49 eb 41 ac 03 ac 0d 4a 8d f1 0e 1a
|<7>| 005d - 4d 5b 52 58 2e 06 42 5f 6c 0b 75 b5 31 61 a8 04
|<7>| 005e - c5 a1 d1 7b a8 60 5a 90 8e 3a 49 b3 62 6c b8 7a
|<7>| 005f - 78 11 e4 c2 9a 9a c7 b0 ee 9c a6 2d bd 0c 0e 7e
|<7>| 0060 - 96 65 ff 1f f7 bc a3 53 9b c1 3a 09 71 dd 03 ff
|<7>| 0061 - 02 03 01 00 01 a3 81 fb 30 81 f8 30 1d 06 03 55
|<7>| 0062 - 1d 0e 04 16 04 14 19 1d 2a bf 23 b8 91 75 ff af
|<7>| 0063 - 67 05 ef 8a f3 77 68 08 b2 bb 30 81 c8 06 03 55
|<7>| 0064 - 1d 23 04 81 c0 30 81 bd 80 14 19 1d 2a bf 23 b8
|<7>| 0065 - 91 75 ff af 67 05 ef 8a f3 77 68 08 b2 bb a1 81
|<7>| 0066 - a1 a4 81 9e 30 81 9b 31 0b 30 09 06 03 55 04 06
|<7>| 0067 - 13 02 48 55 31 11 30 0f 06 03 55 04 08 13 08 42
|<7>| 0068 - 75 64 61 70 65 73 74 31 11 30 0f 06 03 55 04 07
|<7>| 0069 - 13 08 42 75 64 61 70 65 73 74 31 13 30 11 06 03
|<7>| 006a - 55 04 0a 13 0a 4d 54 41 20 53 5a 54 41 4b 49 31
|<7>| 006b - 0d 30 0b 06 03 55 04 0b 13 04 49 54 41 4b 31 1e
|<7>| 006c - 30 1c 06 03 55 04 03 13 15 43 65 72 74 69 66 69
|<7>| 006d - 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 31 22
|<7>| 006e - 30 20 06 09 2a 86 48 86 f7 0d 01 09 01 16 13 73
|<7>| 006f - 79 73 2d 61 64 6d 69 6e 40 73 7a 74 61 6b 69 2e
|<7>| 0070 - 68 75 82 01 00 30 0c 06 03 55 1d 13 04 05 30 03
|<7>| 0071 - 01 01 ff 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04
|<7>| 0072 - 05 00 03 81 81 00 87 9e 19 b3 3d 4d 7d fa f0 53
|<7>| 0073 - 19 3e bd bb 0c 1d 13 4a 68 3f 3a b9 06 4c 35 73
|<7>| 0074 - 82 ae 6c 8f 43 c7 69 e7 04 c1 e5 8d c9 86 d8 df
|<7>| 0075 - e2 93 0b ac f4 d7 f0 9d a7 6f 6f 02 95 70 48 b8
|<7>| 0076 - 69 12 42 fc 3b e4 1f ef 7f ba 68 b0 39 a7 cc bf
|<7>| 0077 - d6 45 4b 59 f7 2f 81 86 b0 05 6c 09 02 80 c2 89
|<7>| 0078 - c3 36 f2 5e 6e 35 ad 2e df 9b b5 4d ed a0 81 4c
|<7>| 0079 - b2 37 e7 d0 9e 77 89 0f e8 16 e4 ae d7 a2 da 8b
|<7>| 007a - 76 f7 d6 d6 1e ca 0e 00 00 00
|<7>| RB: Have 5 bytes into buffer. Adding 1962 bytes.
|<7>| RB: Requested 1967 bytes
|<2>| ASSERT: gnutls_cipher.c:204
|<4>| REC[8a6c0b8]: Decrypted Packet[0] Handshake(22) with length: 1962
|<6>| BUF[HSK]: Inserted 1962 bytes of Data(22)
|<6>| BUF[REC][HD]: Read 1 bytes of Data(22)
|<6>| BUF[REC][HD]: Read 3 bytes of Data(22)
|<3>| HSK[8a6c0b8]: SERVER HELLO was received [74 bytes]
|<6>| BUF[REC][HD]: Read 70 bytes of Data(22)
|<6>| BUF[HSK]: Peeked 0 bytes of Data
|<6>| BUF[HSK]: Emptied buffer
|<6>| BUF[HSK]: Inserted 4 bytes of Data
|<6>| BUF[HSK]: Inserted 70 bytes of Data
|<3>| HSK[8a6c0b8]: Server's version: 3.1
|<3>| HSK[8a6c0b8]: SessionID length: 32
|<3>| HSK[8a6c0b8]: SessionID: 7c4679c2d36f1495a584722c5751065a4c5146e700bc0a13b2a4ab3367e17bb5
|<3>| HSK[8a6c0b8]: Selected cipher suite: RSA_ARCFOUR_MD5
|<2>| ASSERT: gnutls_extensions.c:124
|<6>| BUF[REC][HD]: Read 1 bytes of Data(22)
|<6>| BUF[REC][HD]: Read 3 bytes of Data(22)
|<3>| HSK[8a6c0b8]: CERTIFICATE was received [1884 bytes]
|<6>| BUF[REC][HD]: Read 1880 bytes of Data(22)
|<6>| BUF[HSK]: Peeked 74 bytes of Data
|<6>| BUF[HSK]: Emptied buffer
|<6>| BUF[HSK]: Inserted 4 bytes of Data
|<6>| BUF[HSK]: Inserted 1880 bytes of Data
|<6>| BUF[REC][HD]: Read 1 bytes of Data(22)
|<6>| BUF[REC][HD]: Read 3 bytes of Data(22)
|<3>| HSK[8a6c0b8]: SERVER HELLO DONE was received [4 bytes]
|<2>| ASSERT: gnutls_handshake.c:1123
|<6>| BUF[HSK]: Peeked 1884 bytes of Data
|<6>| BUF[HSK]: Emptied buffer
|<6>| BUF[HSK]: Inserted 4 bytes of Data
|<3>| HSK[8a6c0b8]: CLIENT KEY EXCHANGE was send [134 bytes]
|<6>| BUF[HSK]: Peeked 4 bytes of Data
|<6>| BUF[HSK]: Emptied buffer
|<4>| REC[8a6c0b8]: Sending Packet[1] Handshake(22) with length: 134
|<2>| ASSERT: gnutls_cipher.c:204
|<7>| WRITE: Will write 139 bytes to 4.
|<7>| WRITE: wrote 139 bytes to 4. Left 0 bytes. Total 139 bytes.
|<7>| 0000 - 16 03 01 00 86 10 00 00 82 00 80 1b 66 b4 da 89
|<7>| 0001 - 48 53 7d 8a 53 7d 7b d5 39 ef 42 d0 8b aa 13 d1
|<7>| 0002 - 86 73 e5 52 ee 92 bd ae a7 1a 9f cf e5 18 b4 46
|<7>| 0003 - 27 8f 06 d7 d6 50 ef a4 0e 33 25 da 51 0d c8 44
|<7>| 0004 - 19 de 4a 63 b6 3c 12 64 72 4f e4 6f 72 09 65 ef
|<7>| 0005 - 72 53 0d 62 cd 5c d1 03 c7 86 56 3e 80 4c 4c 7b
|<7>| 0006 - b0 b6 bf d0 66 b2 73 56 cd 6a ad dd 3b 27 b2 38
|<7>| 0007 - 09 81 44 20 fe 6c 8c 2e d4 3a 5e 9e 08 da 9d b1
|<7>| 0008 - d1 3d 1d 4e 04 d8 85 7a a8 7e c5
|<4>| REC[8a6c0b8]: Sent Packet[2] Handshake(22) with length: 139
|<3>| REC[8a6c0b8]: Sent ChangeCipherSpec
|<4>| REC[8a6c0b8]: Sending Packet[2] Change Cipher Spec(20) with length: 1
|<2>| ASSERT: gnutls_cipher.c:204
|<7>| WRITE: Will write 6 bytes to 4.
|<7>| WRITE: wrote 6 bytes to 4. Left 0 bytes. Total 6 bytes.
|<7>| 0000 - 14 03 01 00 01 01
|<4>| REC[8a6c0b8]: Sent Packet[3] Change Cipher Spec(20) with length: 6
|<9>| INT: PREMASTER SECRET[48]: 03029cf0f66ecdfcf58c0d9ae88a15000b3e8d786c0c3a53672973c37c69ee665ea2104f7c71f380259c91b34d04b620
|<9>| INT: CLIENT RANDOM[32]: 49904e7f0bbcb14ebfe112b41f733d1aabbae92e8fa93654d04e13415fa425a7
|<9>| INT: SERVER RANDOM[32]: 001779811cfde7bbefa4cad782586d376a05f2cd4ac3d895c8fed59b69322897
|<9>| INT: MASTER SECRET: 72c75c00977042d2ada3213384cd291440b4a295ac0d3711eee4bb368a3057819f9c190dc403473157c9c5b4d14eeaec
|<9>| INT: KEY BLOCK[64]: 894a4d8a6926efc4b75e73920121668b9aeebe1036382728a9ba9baee58b4e6c
|<9>| INT: CLIENT WRITE KEY [16]: 2af2a5d3cd731c3de63ec42a18aff59f
|<9>| INT: SERVER WRITE KEY [16]: c35c3590a46d44ebf1d92dace973f534
|<3>| HSK[8a6c0b8]: Cipher Suite: RSA_ARCFOUR_MD5
|<3>| HSK[8a6c0b8]: Initializing internal [write] cipher sessions
|<6>| BUF[HSK]: Peeked 0 bytes of Data
|<6>| BUF[HSK]: Emptied buffer
|<3>| HSK[8a6c0b8]: FINISHED was send [16 bytes]
|<6>| BUF[HSK]: Peeked 0 bytes of Data
|<6>| BUF[HSK]: Emptied buffer
|<4>| REC[8a6c0b8]: Sending Packet[0] Handshake(22) with length: 16
|<7>| WRITE: Will write 37 bytes to 4.
|<7>| WRITE: wrote 37 bytes to 4. Left 0 bytes. Total 37 bytes.
|<7>| 0000 - 16 03 01 00 20 74 78 66 44 36 c7 65 3b d8 27 86
|<7>| 0001 - bf f6 05 30 71 dc 19 41 64 b3 20 c1 78 95 86 23
|<7>| 0002 - 73 9c db 7e 91
|<4>| REC[8a6c0b8]: Sent Packet[1] Handshake(22) with length: 37
|<7>| READ: Got 5 bytes from 4
|<7>| READ: read 5 bytes from 4
|<7>| 0000 - 14 03 01 00 01
|<7>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<7>| RB: Requested 5 bytes
|<4>| REC[8a6c0b8]: Expected Packet[1] Change Cipher Spec(20) with length: 1
|<4>| REC[8a6c0b8]: Received Packet[1] Change Cipher Spec(20) with length: 1
|<7>| READ: Got 1 bytes from 4
|<7>| READ: read 1 bytes from 4
|<7>| 0000 - 01
|<7>| RB: Have 5 bytes into buffer. Adding 1 bytes.
|<7>| RB: Requested 6 bytes
|<2>| ASSERT: gnutls_cipher.c:204
|<4>| REC[8a6c0b8]: ChangeCipherSpec Packet was received
|<3>| HSK[8a6c0b8]: Cipher Suite: RSA_ARCFOUR_MD5
|<3>| HSK[8a6c0b8]: Initializing internal [read] cipher sessions
|<7>| READ: Got 5 bytes from 4
|<7>| READ: read 5 bytes from 4
|<7>| 0000 - 16 03 01 00 20
|<7>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<7>| RB: Requested 5 bytes
|<4>| REC[8a6c0b8]: Expected Packet[0] Handshake(22) with length: 1
|<4>| REC[8a6c0b8]: Received Packet[0] Handshake(22) with length: 32
|<7>| READ: Got 32 bytes from 4
|<7>| READ: read 32 bytes from 4
|<7>| 0000 - 4b 2e ca 1a ac f8 09 38 73 4c 4f 6e e3 bf 03 dd
|<7>| 0001 - 67 4f da 21 6b 3f 86 6b a7 84 fa 70 21 95 a4 8b
|<7>| 0002 -
|<7>| RB: Have 5 bytes into buffer. Adding 32 bytes.
|<7>| RB: Requested 37 bytes
|<4>| REC[8a6c0b8]: Decrypted Packet[0] Handshake(22) with length: 16
|<6>| BUF[HSK]: Inserted 16 bytes of Data(22)
|<6>| BUF[REC][HD]: Read 1 bytes of Data(22)
|<6>| BUF[REC][HD]: Read 3 bytes of Data(22)
|<3>| HSK[8a6c0b8]: FINISHED was received [16 bytes]
|<6>| BUF[REC][HD]: Read 12 bytes of Data(22)
|<6>| BUF[HSK]: Peeked 0 bytes of Data
|<6>| BUF[HSK]: Emptied buffer
|<6>| BUF[HSK]: Inserted 4 bytes of Data
|<6>| BUF[HSK]: Inserted 12 bytes of Data
|<6>| BUF[HSK]: Cleared Data from buffer
|<2>| ASSERT: ext_server_name.c:257
|<2>| ASSERT: verify.c:237
|<2>| ASSERT: verify.c:411
Resolving 'directory.sztaki.hu'...
Connecting to '193.6.200.1:636'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
-----BEGIN CERTIFICATE-----
MIIDnTCCAwagAwIBAgIBPjANBgkqhkiG9w0BAQQFADCBmzELMAkGA1UEBhMCSFUx
ETAPBgNVBAgTCEJ1ZGFwZXN0MREwDwYDVQQHEwhCdWRhcGVzdDETMBEGA1UEChMK
TVRBIFNaVEFLSTENMAsGA1UECxMESVRBSzEeMBwGA1UEAxMVQ2VydGlmaWNhdGUg
QXV0aG9yaXR5MSIwIAYJKoZIhvcNAQkBFhNzeXMtYWRtaW5Ac3p0YWtpLmh1MB4X
DTA3MDcxNjExMDc0NloXDTE3MDcxMzExMDc0NlowYjELMAkGA1UEBhMCSFUxETAP
BgNVBAgTCEJ1ZGFwZXN0MRMwEQYDVQQKEwpNVEEgU1pUQUtJMQ0wCwYDVQQLEwRJ
VEFLMRwwGgYDVQQDExNkaXJlY3Rvcnkuc3p0YWtpLmh1MIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQC7SUxuz2YsaYxX7UgFlGzW2YV2L5izipIygDy3Eoh5CvFw
IYeAHX9nBe5j6BnbHQtAlD478bBMgtMZm3G7QQDT4xgBzXnsSOiTZYEsOiwH7xMj
MNQ76VDBT3icrPyG5BlGsno8uIP8N2J5CpV7tk1Pk5xzPORCWumWR+nU5yNfSQID
AQABo4IBJzCCASMwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBH
ZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFLhc7rvSmVTIfs2CtQm2Xclj
noWmMIHIBgNVHSMEgcAwgb2AFBkdKr8juJF1/69nBe+K83doCLK7oYGhpIGeMIGb
MQswCQYDVQQGEwJIVTERMA8GA1UECBMIQnVkYXBlc3QxETAPBgNVBAcTCEJ1ZGFw
ZXN0MRMwEQYDVQQKEwpNVEEgU1pUQUtJMQ0wCwYDVQQLEwRJVEFLMR4wHAYDVQQD
ExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxIjAgBgkqhkiG9w0BCQEWE3N5cy1hZG1p
bkBzenRha2kuaHWCAQAwDQYJKoZIhvcNAQEEBQADgYEACW6t5XWpISyLAYwXRSi8
6bngndwMvsevyp18elfplqs4v3b4UNCu8FyGWWKyOOIKDUT7cxfpBkBBJW3vj5x3
MZNoHKMsAb6eN4V+3KSwL1DYdkjIBtZ9yKxSXZosEaqMVlL3bmBkG8DfyDRZ3XrC
k/kohsCmL5H4YxCys8Hn5pQ=
-----END CERTIFICATE-----
# The hostname in the certificate matches 'directory.sztaki.hu'.
# valid since: Mon Jul 16 13:07:46 CEST 2007
# expires at: Thu Jul 13 13:07:46 CEST 2017
# fingerprint: F9:0D:3C:06:8A:DC:B7:38:44:06:7B:4A:CC:DC:8D:6B
# Subject's DN: C=HU,ST=Budapest,O=MTA SZTAKI,OU=ITAK,CN=directory.sztaki.hu
# Issuer's DN: C=HU,ST=Budapest,L=Budapest,O=MTA SZTAKI,OU=ITAK,CN=Certificate Authority,EMAIL=sys-admin at sztaki.hu
- Certificate[1] info:
-----BEGIN CERTIFICATE-----
MIIDqjCCAxOgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBmzELMAkGA1UEBhMCSFUx
ETAPBgNVBAgTCEJ1ZGFwZXN0MREwDwYDVQQHEwhCdWRhcGVzdDETMBEGA1UEChMK
TVRBIFNaVEFLSTENMAsGA1UECxMESVRBSzEeMBwGA1UEAxMVQ2VydGlmaWNhdGUg
QXV0aG9yaXR5MSIwIAYJKoZIhvcNAQkBFhNzeXMtYWRtaW5Ac3p0YWtpLmh1MB4X
DTA2MDExMDA5NDc1OVoXDTE2MDEwODA5NDc1OVowgZsxCzAJBgNVBAYTAkhVMREw
DwYDVQQIEwhCdWRhcGVzdDERMA8GA1UEBxMIQnVkYXBlc3QxEzARBgNVBAoTCk1U
QSBTWlRBS0kxDTALBgNVBAsTBElUQUsxHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1
dGhvcml0eTEiMCAGCSqGSIb3DQEJARYTc3lzLWFkbWluQHN6dGFraS5odTCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzyAwvB6l6M7HoUtbivf9DRD9Y9AZE1AP
tpO4eMPtPn5a3Ed62ED0zAJTmn0bdvcZ8I1UyknrQawDrA1KjfEOGk1bUlguBkJf
bAt1tTFhqATFodF7qGBakI46SbNibLh6eBHkwpqax7DunKYtvQwOfpZl/x/3vKNT
m8E6CXHdA/8CAwEAAaOB+zCB+DAdBgNVHQ4EFgQUGR0qvyO4kXX/r2cF74rzd2gI
srswgcgGA1UdIwSBwDCBvYAUGR0qvyO4kXX/r2cF74rzd2gIsruhgaGkgZ4wgZsx
CzAJBgNVBAYTAkhVMREwDwYDVQQIEwhCdWRhcGVzdDERMA8GA1UEBxMIQnVkYXBl
c3QxEzARBgNVBAoTCk1UQSBTWlRBS0kxDTALBgNVBAsTBElUQUsxHjAcBgNVBAMT
FUNlcnRpZmljYXRlIEF1dGhvcml0eTEiMCAGCSqGSIb3DQEJARYTc3lzLWFkbWlu
QHN6dGFraS5odYIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA4GBAIee
GbM9TX368FMZPr27DB0TSmg/OrkGTDVzgq5sj0PHaecEweWNyYbY3+KTC6z01/Cd
p29vApVwSLhpEkL8O+Qf73+6aLA5p8y/1kVLWfcvgYawBWwJAoDCicM28l5uNa0u
35u1Te2ggUyyN+fQnneJD+gW5K7XotqLdvfW1h7K
-----END CERTIFICATE-----
# valid since: Tue Jan 10 10:47:59 CET 2006
# expires at: Fri Jan 8 10:47:59 CET 2016
# fingerprint: 09:D0:DD:42:40:F1:7E:18:2D:34:47:81:17:CC:DA:0D
# Subject's DN: C=HU,ST=Budapest,L=Budapest,O=MTA SZTAKI,OU=ITAK,CN=Certificate Authority,EMAIL=sys-admin at sztaki.hu
# Issuer's DN: C=HU,ST=Budapest,L=Budapest,O=MTA SZTAKI,OU=ITAK,CN=Certificate Authority,EMAIL=sys-admin at sztaki.hu
- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS1.0
- Key Exchange: RSA
- Cipher: ARCFOUR-128
- MAC: MD5
- Compression: NULL
- Handshake was completed
- Simple Client Mode:
random usage: poolsize=600 mixed=21 polls=25/86 added=459/10584
outmix=4 getlvl1=4/134 getlvl2=0/0
|<4>| REC: Sending Alert[1|0] - Close notify
|<4>| REC[8a6c0b8]: Sending Packet[1] Alert(21) with length: 2
|<7>| WRITE: Will write 23 bytes to 4.
|<7>| WRITE: wrote 23 bytes to 4. Left 0 bytes. Total 23 bytes.
|<7>| 0000 - 15 03 01 00 12 e1 4e b8 b0 c8 53 b0 c6 ee 16 79
|<7>| 0001 - 14 f7 1e ac c6 43 79
|<4>| REC[8a6c0b8]: Sent Packet[2] Alert(21) with length: 23
>
> Replacing your.ldap.server as appropriate.
>
> I suspect your chain contains a certificate signed with RSA-MD5, if so
> you need to trust an intermediary certificate directly to work around
> the problem. You'll need 2.4.2-6 for this to work.
There is no intermediary certificate. The server's cert is signed by the
top-level CA directly, and TLS_CACERT in ldap.conf points to the CA
certificate. I can't point TLS_CACERT to the server's certificate since
then I couldn't use different LDAP servers.
Gabor
--
---------------------------------------------------------
MTA SZTAKI Computer and Automation Research Institute
Hungarian Academy of Sciences
---------------------------------------------------------
More information about the Pkg-gnutls-maint
mailing list