Your message dated Tue, 26 Sep 2006 19:58:29 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Bug#389590: gnutls-bin: Illegal packet received
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: gnutls-bin
Version: 1.4.4-1
Severity: grave
I recently upgraded the gnutls-bin package, and I can no longer
use gnutls to connect over TLS to the SMTP server I use. starttls
works fine with the same server. Below is the output from gnutls-cli.
gnutls-cli -d 2 smtp.mail.gatech.edu -p 25
Resolving 'smtp.mail.gatech.edu'...
|<2>| EXT[8071cc8]: Sending extension CERT_TYPE
|<2>| EXT[8071cc8]: Sending extension SERVER_NAME
|<2>| ASSERT: gnutls_record.c:494
|<2>| ASSERT: gnutls_record.c:908
|<2>| ASSERT: gnutls_buffers.c:1087
|<2>| ASSERT: gnutls_handshake.c:949
|<2>| ASSERT: gnutls_handshake.c:2209
*** Fatal error: A record packet with illegal version was received.
*** Handshake has failed
GNUTLS ERROR: A record packet with illegal version was received.
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-2-686-smp
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8)
Versions of packages gnutls-bin depends on:
ii libc6 2.3.6.ds1-4 GNU C Library: Shared libraries
ii libgcrypt11 1.2.3-2 LGPL Crypto library - runtime libr
ii libgnutls13 1.4.4-1 the GNU TLS library - runtime libr
ii libgpg-error0 1.2-1 library for common error values an
ii libopencdk8 0.5.9-1 Open Crypto Development Kit (OpenC
ii libtasn1-3 0.3.5-2 Manage ASN.1 structures (runtime)
ii zlib1g 1:1.2.3-13 compression library - runtime
gnutls-bin recommends no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
On 2006-09-26 Ivan Raikov <[EMAIL PROTECTED]> wrote:
> Package: gnutls-bin
> Version: 1.4.4-1
> Severity: grave
> I recently upgraded the gnutls-bin package, and I can no longer
> use gnutls to connect over TLS to the SMTP server I use. starttls
> works fine with the same server. Below is the output from gnutls-cli.
> gnutls-cli -d 2 smtp.mail.gatech.edu -p 25
> Resolving 'smtp.mail.gatech.edu'...
> |<2>| EXT[8071cc8]: Sending extension CERT_TYPE
> |<2>| EXT[8071cc8]: Sending extension SERVER_NAME
> |<2>| ASSERT: gnutls_record.c:494
> |<2>| ASSERT: gnutls_record.c:908
> |<2>| ASSERT: gnutls_buffers.c:1087
> |<2>| ASSERT: gnutls_handshake.c:949
> |<2>| ASSERT: gnutls_handshake.c:2209
> *** Fatal error: A record packet with illegal version was received.
> *** Handshake has failed
> GNUTLS ERROR: A record packet with illegal version was received.
Hello,
you are trying to connect by using ssl-on-connect but the server
expects a cleartext handshake followed by STARTTLS.
There is no bug. You cannot connect to a cleartext-handshake service
by using ssl-on-connect and OTOH you cannot connect to a service
expecting ssl-on-connect by doing a cleartext handshake and STARTTLS.
--------------------
(SID)[EMAIL PROTECTED]:~$ gnutls-cli -s smtp.mail.gatech.edu -p 25
Resolving 'smtp.mail.gatech.edu'...
Connecting to '130.207.165.103:25'...
- Simple Client Mode:
ehlo foo
220 mailprx1.gatech.edu ESMTP
250-mailprx1.gatech.edu
250-PIPELINING
250-SIZE 73400320
250-VRFY
250-ETRN
250-STARTTLS
250-XVERP
250 8BITMIME
starttls
220 Ready to start TLS
<<*Press <Ctrl>-d now>>
*** Starting TLS handshake
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
# The hostname in the certificate matches 'smtp.mail.gatech.edu'.
# valid since: Tue Jan 17 00:00:00 UTC 2006
# expires at: Wed Jan 17 23:59:59 UTC 2007
# fingerprint: E4:7C:E9:70:88:DA:2B:FD:12:AC:DA:F8:CC:31:5F:D4
# Subject's DN: C=US,ST=Georgia,L=Atlanta,O=Georgia Institute of
Technology,OU=Office of Information Technology,CN=smtp.mail.gatech.edu
# Issuer's DN: C=US,O=RSA Data Security\, Inc.,OU=Secure Server Certification
Authority
- Certificate[1] info:
# valid since: Wed Nov 9 00:00:00 UTC 1994
# expires at: Thu Jan 7 23:59:59 UTC 2010
# fingerprint: 74:7B:82:03:43:F0:00:9E:6B:B3:EC:47:BF:85:A5:93
# Subject's DN: C=US,O=RSA Data Security\, Inc.,OU=Secure Server Certification
Authority
# Issuer's DN: C=US,O=RSA Data Security\, Inc.,OU=Secure Server Certification
Authority
- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS 1.0
- Key Exchange: DHE RSA
- Cipher: 3DES 168 CBC
- MAC: SHA
- Compression: NULL
quit
221 Bye
-----------------------
cu andreas
--
The 'Galactic Cleaning' policy undertaken by Emperor Zhark is a personal
vision of the emperor's, and its inclusion in this work does not constitute
tacit approval by the author or the publisher for any such projects,
howsoever undertaken. (c) Jasper Ffforde
--- End Message ---
