Bug#806426: Some TLS certificates not suppoprted

Daniel Kahn Gillmor dkg at fifthhorseman.net
Mon Nov 30 19:42:32 UTC 2015


On Mon 2015-11-30 20:44:31 +0200, Aleś Bułojčyk wrote:
> Hi Andres.
>
> On 30 November 2015 at 20:31, Andreas Metzler <ametzler at bebt.de> wrote:
>
>> I am stumped, could you plese post the output of
>> gnutls-cli -V -d 4711 freedns.afraid.org
>>
>>
>  $ gnutls-cli --version
> gnutls-cli 3.3.8
> ...
>
>
> $ gnutls-cli -V -d 4711 freedns.afraid.org
> Processed 173 CA certificate(s).
> Resolving 'freedns.afraid.org'...
 [...]
> |<11>| WRITE: wrote 281 bytes, 0 bytes left.
> |<3>| ASSERT: gnutls_buffers.c:1104
> |<10>| READ: Got 5 bytes from 0x4
> |<10>| READ: read 5 bytes from 0x4
> |<10>| RB: Have 0 bytes into buffer. Adding 5 bytes.
> |<10>| RB: Requested 5 bytes
> |<5>| REC[0x239b450]: SSL 84.84 Unknown Packet packet received. Epoch 0, length: 20527
> |<3>| ASSERT: gnutls_record.c:598
> |<1>| Received record packet of unknown type 72

This is bizarre and looks to me like a packet being tampered with on the wire.

It looks like it shows up again in your request for google.com as well.

Can you provide a packet capture of the TCP session?  What network is
this going through?

     --dkg



More information about the Pkg-gnutls-maint mailing list