Bug#679737: Handshake packets which span multiple records cause TLS handshake failure
snabb at epipe.com
Sun Jul 1 08:27:18 UTC 2012
GnuTLS 3.0.19 has a bug which causes a TLS handshake failure if a
handshake packet needs to be fragmented (if a packet is larger than 16
kB). This bug is fixed in 3.0.20 which is available in Debian "sid". I
am filing this bug report because I think this bug should be fixed in
debian "wheezy" release (it has currently 3.0.19).
The Debian package "ca-certificates" includes so many CA certificates
that if used together with GnuTLS 3.0.19 with all CA's enabled (the
default), it will always produce a failed TLS handshake.
The error message is: "Fatal error: A TLS packet with unexpected length
See the following for a discussion of the details, how to repeat, etc.
of this bug:
See the following for 3.0.20 release notes:
The specific commit which fixes this bug is here:
IMHO it would be good to get 3.0.20 in "wheezy" before the release.
Janne Snabb / EPIPE Communications
snabb at epipe.com - http://epipe.com/
More information about the Pkg-gnutls-maint