Hi,
I generated a new EC client certificate to use with IRC. I can use it with
s_client, but gnutls-cli fails
gnutls 3.2.13
openssl 1.0.1.g
Here's what I've done:
$ openssl ecparam -name secp521r1 -genkey -out key
$ ls
key
$ openssl req -nodes -newkey ec:key -x509 -days 730 -out cert
$ ls
cert key privkey.pem
$ cat cert privkey.pem > foo.pem
$ openssl s_client -connect chat.freenode.net:7000 -state -debug
-no_ssl2 -ign_eof -CAfile /etc/ssl/certs/ca-certificates.crt
-cert ./foo.pem
CONNECTED(00000003)
depth=2 C = US, ST = UT, L = Salt Lake City, O = The USERTRUST Network,
OU = http://www.usertrust.com, CN = UTN-USERFirst-Hardware
verify return:1
depth=1 C = FR, O = GANDI SAS, CN = Gandi Standard SSL CA
verify return:1
depth=0 OU = Domain Control Validated, OU = Gandi Standard Wildcard SSL,
CN = *.freenode.net
verify return:1
---
Server certificate
<SNIP>
---
No client certificate CA names sent
---
SSL handshake has read 4007 bytes and written 1520 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
<SNIP>
Compression: 1 (zlib compression)
Start Time: 1397085510
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
:dickson.freenode.net NOTICE * :*** Looking up your hostname...
# WORKS!
$ gnutls --x509cafile /etc/ssl/certs/ca-certificates.crt --x509certfile
cert --x509keyfile ./key -p 7000 chat.freenode.net
Processed 167 CA certificate(s).
Processed 1 client X.509 certificates...
Resolving 'chat.freenode.net'...
Connecting to '185.30.166.38:7000'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
<SNIP>
- Certificate[1] info:
<SNIP>
- Status: The certificate is trusted.
- Server did not send us any trusted authorities names.
- Successfully sent 1 certificate(s) to server.
*** Fatal error: A TLS fatal alert has been received.
*** Received alert [51]: Decrypt error
*** Handshake has failed
GnuTLS error: A TLS fatal alert has been received.
I attached the full debug output from gnutls-cli.
$ gnutls-cli --debug 9999 --x509cafile /etc/ssl/certs/ca-certificates.crt
--x509certfile ./cert --x509keyfile ./key -p 7000 chat.freenode.net
|<2>| Intel SSSE3 was detected
|<2>| Intel AES accelerator was detected
|<2>| Intel GCM accelerator was detected
|<2>| p11: loaded provider 'p11-kit-trust'
|<2>| ASSERT: pkcs11.c:431
Processed 167 CA certificate(s).
|<2>| ASSERT: x509_b64.c:299
|<2>| Could not find '-----BEGIN RSA PRIVATE KEY'
|<2>| ASSERT: x509_b64.c:299
|<2>| Could not find '-----BEGIN DSA PRIVATE KEY'
Processed 1 client X.509 certificates...
Resolving 'chat.freenode.net'...
Connecting to '82.96.64.4:7000'...
|<4>| REC[0xbd9e70]: Allocating epoch #0
|<2>| ASSERT: gnutls_constate.c:583
|<4>| REC[0xbd9e70]: Allocating epoch #1
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_GCM_SHA256 (C0.2B)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_GCM_SHA384 (C0.2C)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256
(C0.86)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384
(C0.87)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA1 (C0.09)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA256 (C0.23)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA1 (C0.0A)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA384 (C0.24)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256
(C0.72)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384
(C0.73)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: ECDHE_ECDSA_3DES_EDE_CBC_SHA1 (C0.08)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: ECDHE_ECDSA_ARCFOUR_128_SHA1 (C0.07)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: ECDHE_RSA_AES_128_GCM_SHA256 (C0.2F)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: ECDHE_RSA_AES_256_GCM_SHA384 (C0.30)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_128_GCM_SHA256
(C0.8A)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_256_GCM_SHA384
(C0.8B)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA1 (C0.13)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA256 (C0.27)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA1 (C0.14)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA384 (C0.28)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_128_CBC_SHA256
(C0.76)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_256_CBC_SHA384
(C0.77)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: ECDHE_RSA_3DES_EDE_CBC_SHA1 (C0.12)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: ECDHE_RSA_ARCFOUR_128_SHA1 (C0.11)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: RSA_AES_128_GCM_SHA256 (00.9C)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: RSA_AES_256_GCM_SHA384 (00.9D)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: RSA_CAMELLIA_128_GCM_SHA256 (C0.7A)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: RSA_CAMELLIA_256_GCM_SHA384 (C0.7B)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1 (00.2F)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: RSA_AES_128_CBC_SHA256 (00.3C)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1 (00.35)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: RSA_AES_256_CBC_SHA256 (00.3D)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1 (00.41)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA256 (00.BA)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1 (00.84)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA256 (00.C0)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1 (00.0A)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: RSA_ARCFOUR_128_SHA1 (00.05)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: RSA_ARCFOUR_128_MD5 (00.04)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: DHE_RSA_AES_128_GCM_SHA256 (00.9E)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: DHE_RSA_AES_256_GCM_SHA384 (00.9F)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_GCM_SHA256
(C0.7C)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_GCM_SHA384
(C0.7D)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1 (00.33)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA256 (00.67)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1 (00.39)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA256 (00.6B)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1 (00.45)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA256
(00.BE)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1 (00.88)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA256
(00.C4)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1 (00.16)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: DHE_DSS_AES_128_GCM_SHA256 (00.A2)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: DHE_DSS_AES_256_GCM_SHA384 (00.A3)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_GCM_SHA256
(C0.80)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_GCM_SHA384
(C0.81)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1 (00.32)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA256 (00.40)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1 (00.38)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA256 (00.6A)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1 (00.44)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA256
(00.BD)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1 (00.87)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA256
(00.C3)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1 (00.13)
|<3>| HSK[0xbd9e70]: Keeping ciphersuite: DHE_DSS_ARCFOUR_128_SHA1 (00.66)
|<3>| EXT[0xbd9e70]: Sending extension STATUS REQUEST (5 bytes)
|<3>| EXT[0xbd9e70]: Sending extension SERVER NAME (22 bytes)
|<3>| EXT[0xbd9e70]: Sending extension SAFE RENEGOTIATION (1 bytes)
|<3>| EXT[0xbd9e70]: Sending extension SESSION TICKET (0 bytes)
|<3>| EXT[0xbd9e70]: Sending extension SUPPORTED ECC (12 bytes)
|<3>| EXT[0xbd9e70]: Sending extension SUPPORTED ECC POINT FORMATS (2 bytes)
|<3>| EXT[0xbd9e70]: sent signature algo (4.1) RSA-SHA256
|<3>| EXT[0xbd9e70]: sent signature algo (4.2) DSA-SHA256
|<3>| EXT[0xbd9e70]: sent signature algo (4.3) ECDSA-SHA256
|<3>| EXT[0xbd9e70]: sent signature algo (5.1) RSA-SHA384
|<3>| EXT[0xbd9e70]: sent signature algo (5.3) ECDSA-SHA384
|<3>| EXT[0xbd9e70]: sent signature algo (6.1) RSA-SHA512
|<3>| EXT[0xbd9e70]: sent signature algo (6.3) ECDSA-SHA512
|<3>| EXT[0xbd9e70]: sent signature algo (3.1) RSA-SHA224
|<3>| EXT[0xbd9e70]: sent signature algo (3.2) DSA-SHA224
|<3>| EXT[0xbd9e70]: sent signature algo (3.3) ECDSA-SHA224
|<3>| EXT[0xbd9e70]: sent signature algo (2.1) RSA-SHA1
|<3>| EXT[0xbd9e70]: sent signature algo (2.2) DSA-SHA1
|<3>| EXT[0xbd9e70]: sent signature algo (2.3) ECDSA-SHA1
|<3>| EXT[0xbd9e70]: Sending extension SIGNATURE ALGORITHMS (28 bytes)
|<3>| HSK[0xbd9e70]: CLIENT HELLO was queued [275 bytes]
|<7>| HWRITE: enqueued [CLIENT HELLO] 275. Total 275 bytes.
|<7>| HWRITE FLUSH: 275 bytes in buffer.
|<4>| REC[0xbd9e70]: Preparing Packet Handshake(22) with length: 275 and min
pad: 0
|<9>| ENC[0xbd9e70]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
|<7>| WRITE: enqueued 280 bytes for 0x4. Total 280 bytes.
|<4>| REC[0xbd9e70]: Sent Packet[1] Handshake(22) in epoch 0 and length: 280
|<7>| HWRITE: wrote 1 bytes, 0 bytes left.
|<7>| WRITE FLUSH: 280 bytes in buffer.
|<7>| WRITE: wrote 280 bytes, 0 bytes left.
|<2>| ASSERT: gnutls_buffers.c:1075
|<7>| READ: Got 5 bytes from 0x4
|<7>| READ: read 5 bytes from 0x4
|<7>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<7>| RB: Requested 5 bytes
|<4>| REC[0xbd9e70]: SSL 3.1 Handshake packet received. Epoch 0, length: 53
|<4>| REC[0xbd9e70]: Expected Packet Handshake(22)
|<4>| REC[0xbd9e70]: Received Packet Handshake(22) with length: 53
|<7>| READ: Got 53 bytes from 0x4
|<7>| READ: read 53 bytes from 0x4
|<7>| RB: Have 5 bytes into buffer. Adding 53 bytes.
|<7>| RB: Requested 58 bytes
|<4>| REC[0xbd9e70]: Decrypted Packet[0] Handshake(22) with length: 53
|<6>| BUF[REC]: Inserted 53 bytes of Data(22)
|<3>| HSK[0xbd9e70]: SERVER HELLO (2) was received. Length 49[49], frag offset
0, frag length: 49, sequence: 0
|<3>| HSK[0xbd9e70]: Server's version: 3.1
|<3>| HSK[0xbd9e70]: SessionID length: 0
|<3>| HSK[0xbd9e70]: SessionID: 00
|<3>| HSK[0xbd9e70]: Selected cipher suite: DHE_RSA_AES_256_CBC_SHA1
|<3>| HSK[0xbd9e70]: Selected compression method: NULL (0)
|<3>| EXT[0xbd9e70]: Parsing extension 'SAFE RENEGOTIATION/65281' (1 bytes)
|<3>| EXT[0xbd9e70]: Parsing extension 'SESSION TICKET/35' (0 bytes)
|<3>| HSK[0xbd9e70]: Safe renegotiation succeeded
|<2>| ASSERT: gnutls_buffers.c:1075
|<7>| READ: Got 5 bytes from 0x4
|<7>| READ: read 5 bytes from 0x4
|<7>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<7>| RB: Requested 5 bytes
|<4>| REC[0xbd9e70]: SSL 3.1 Handshake packet received. Epoch 0, length: 2461
|<4>| REC[0xbd9e70]: Expected Packet Handshake(22)
|<4>| REC[0xbd9e70]: Received Packet Handshake(22) with length: 2461
|<7>| READ: Got 2461 bytes from 0x4
|<7>| READ: read 2461 bytes from 0x4
|<7>| RB: Have 5 bytes into buffer. Adding 2461 bytes.
|<7>| RB: Requested 2466 bytes
|<4>| REC[0xbd9e70]: Decrypted Packet[1] Handshake(22) with length: 2461
|<6>| BUF[REC]: Inserted 2461 bytes of Data(22)
|<3>| HSK[0xbd9e70]: CERTIFICATE (11) was received. Length 2457[2457], frag
offset 0, frag length: 2457, sequence: 0
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
|<2>| ASSERT: dn.c:245
|<2>| ASSERT: dn.c:245
- subject `OU=Domain Control Validated,OU=Gandi Standard Wildcard
SSL,CN=*.freenode.net', issuer `C=FR,O=GANDI SAS,CN=Gandi Standard SSL CA', RSA
key 2048 bits, signed using RSA-SHA1, activated `2014-01-13 00:00:00 UTC',
expires `2015-01-14 23:59:59 UTC', SHA-1 fingerprint
`f664309a3e209eeff4e2eb0bbdd7a541fdc25e73'
Public Key ID:
4f8974db5bb33159e0a5810cc3ccfa2d6607d252
Public key's random art:
+--[ RSA 2048]----+
| +oo .o .|
| E.o. = |
| .+. o .|
| .+oo+ o |
| S++o. * |
| o= oo = |
| o.o. . |
| |
| |
+-----------------+
- Certificate[1] info:
|<2>| ASSERT: dn.c:245
|<2>| ASSERT: dn.c:245
- subject `C=FR,O=GANDI SAS,CN=Gandi Standard SSL CA', issuer
`C=US,ST=UT,L=Salt Lake City,O=The USERTRUST
Network,OU=http://www.usertrust.com,CN=UTN-USERFirst-Hardware', RSA key 2048
bits, signed using RSA-SHA1, activated `2008-10-23 00:00:00 UTC', expires
`2020-05-30 10:48:38 UTC', SHA-1 fingerprint
`a9f79883a075ce82d20d274d1368e876140d33b3'
|<2>| ASSERT: status_request.c:363
|<2>| ASSERT: dn.c:986
|<2>| ASSERT: dn.c:986
|<2>| ASSERT: dn.c:986
|<2>| ASSERT: dn.c:986
|<2>| ASSERT: dn.c:986
|<2>| ASSERT: dn.c:986
|<2>| ASSERT: dn.c:986
|<2>| ASSERT: dn.c:986
|<2>| ASSERT: dn.c:986
|<2>| ASSERT: dn.c:986
|<2>| ASSERT: dn.c:986
|<2>| ASSERT: dn.c:986
|<2>| ASSERT: dn.c:986
|<2>| ASSERT: dn.c:986
|<2>| ASSERT: dn.c:986
|<2>| ASSERT: dn.c:986
|<2>| ASSERT: dn.c:986
|<2>| ASSERT: mpi.c:238
|<2>| ASSERT: dn.c:986
|<2>| ASSERT: dn.c:986
- Status: The certificate is trusted.
|<2>| ASSERT: gnutls_buffers.c:1075
|<7>| READ: Got 5 bytes from 0x4
|<7>| READ: read 5 bytes from 0x4
|<7>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<7>| RB: Requested 5 bytes
|<4>| REC[0xbd9e70]: SSL 3.1 Handshake packet received. Epoch 0, length: 525
|<4>| REC[0xbd9e70]: Expected Packet Handshake(22)
|<4>| REC[0xbd9e70]: Received Packet Handshake(22) with length: 525
|<7>| READ: Got 525 bytes from 0x4
|<7>| READ: read 525 bytes from 0x4
|<7>| RB: Have 5 bytes into buffer. Adding 525 bytes.
|<7>| RB: Requested 530 bytes
|<4>| REC[0xbd9e70]: Decrypted Packet[2] Handshake(22) with length: 525
|<6>| BUF[REC]: Inserted 525 bytes of Data(22)
|<3>| HSK[0xbd9e70]: SERVER KEY EXCHANGE (12) was received. Length 521[521],
frag offset 0, frag length: 521, sequence: 0
|<2>| ASSERT: gnutls_buffers.c:1075
|<7>| READ: Got 5 bytes from 0x4
|<7>| READ: read 5 bytes from 0x4
|<7>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<7>| RB: Requested 5 bytes
|<4>| REC[0xbd9e70]: SSL 3.1 Handshake packet received. Epoch 0, length: 16
|<4>| REC[0xbd9e70]: Expected Packet Handshake(22)
|<4>| REC[0xbd9e70]: Received Packet Handshake(22) with length: 16
|<7>| READ: Got 16 bytes from 0x4
|<7>| READ: read 16 bytes from 0x4
|<7>| RB: Have 5 bytes into buffer. Adding 16 bytes.
|<7>| RB: Requested 21 bytes
|<4>| REC[0xbd9e70]: Decrypted Packet[3] Handshake(22) with length: 16
|<6>| BUF[REC]: Inserted 16 bytes of Data(22)
|<3>| HSK[0xbd9e70]: CERTIFICATE REQUEST (13) was received. Length 8[12], frag
offset 0, frag length: 8, sequence: 0
- Successfully sent 1 certificate(s) to server.
|<2>| ASSERT: gnutls_buffers.c:1075
|<3>| HSK[0xbd9e70]: SERVER HELLO DONE (14) was received. Length 0[0], frag
offset 0, frag length: 1, sequence: 0
|<2>| ASSERT: gnutls_buffers.c:1310
|<3>| HSK[0xbd9e70]: CERTIFICATE was queued [648 bytes]
|<7>| HWRITE: enqueued [CERTIFICATE] 648. Total 648 bytes.
|<3>| HSK[0xbd9e70]: CLIENT KEY EXCHANGE was queued [134 bytes]
|<7>| HWRITE: enqueued [CLIENT KEY EXCHANGE] 134. Total 782 bytes.
|<2>| ASSERT: pk.c:376
|<2>| Security level of algorithm requires hash SHA512(64) or better
|<3>| HSK[0xbd9e70]: CERTIFICATE VERIFY was queued [144 bytes]
|<7>| HWRITE: enqueued [CERTIFICATE VERIFY] 144. Total 926 bytes.
|<7>| HWRITE: enqueued [CHANGE CIPHER SPEC] 1. Total 927 bytes.
|<3>| REC[0xbd9e70]: Sent ChangeCipherSpec
|<9>| INT: PREMASTER SECRET[128]:
ae1a3136db928d7018254f451d06b31b82f26631d0e17c9f1f382a031ed99696dd0a1299ca2ee6da041445bcf72c2ac4cda69abc4c8ab5333abd5f7672d7c01ffe8c0faecca1d5e3e293683545f498a83e4c05de264b3833b75b9af85b5523aaca25a7205974274a43be0ee6fb1df70dd9c4491c3927a7f482245ebcd76fb733
|<9>| INT: CLIENT RANDOM[32]:
5345d7b6dbfeb5b0d2e505163ff4e2a7d0103a8d981852d89b6bc93bff51aca8
|<9>| INT: SERVER RANDOM[32]:
5345d71abf2e192ecc7ecc106a38a0f1db337255bd1823e97853730761f17d84
|<9>| INT: MASTER SECRET:
4a6724dd3f87a3defedcffb5316e9314b0808afe8acf90d7a4d5f506e8c3d2aef31e7abdb02de3b02f15631beb5c09d4
|<4>| REC[0xbd9e70]: Initializing epoch #1
|<9>| INT: KEY BLOCK[136]:
d18a7484163cc601c8fe240696b2b52582547c483756fa1e22a4aeff34b00d5d
|<9>| INT: CLIENT WRITE KEY [32]:
d767153dab05c584338237c0e7ce82e5a3e4cb46266958119e9f9a71a6399632
|<9>| INT: SERVER WRITE KEY [32]:
38007661d29b7b95cad656021394b6953c5b5e862ed9dd8986482141d221de40
|<4>| REC[0xbd9e70]: Epoch #1 ready
|<3>| HSK[0xbd9e70]: Cipher Suite: DHE_RSA_AES_256_CBC_SHA1
|<3>| HSK[0xbd9e70]: Initializing internal [write] cipher sessions
|<3>| HSK[0xbd9e70]: recording tls-unique CB (send)
|<3>| HSK[0xbd9e70]: FINISHED was queued [16 bytes]
|<7>| HWRITE: enqueued [FINISHED] 16. Total 943 bytes.
|<7>| HWRITE FLUSH: 943 bytes in buffer.
|<4>| REC[0xbd9e70]: Preparing Packet Handshake(22) with length: 648 and min
pad: 0
|<9>| ENC[0xbd9e70]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
|<7>| WRITE: enqueued 653 bytes for 0x4. Total 653 bytes.
|<4>| REC[0xbd9e70]: Sent Packet[2] Handshake(22) in epoch 0 and length: 653
|<7>| HWRITE: wrote 1 bytes, 295 bytes left.
|<4>| REC[0xbd9e70]: Preparing Packet Handshake(22) with length: 134 and min
pad: 0
|<9>| ENC[0xbd9e70]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
|<7>| WRITE: enqueued 139 bytes for 0x4. Total 792 bytes.
|<4>| REC[0xbd9e70]: Sent Packet[3] Handshake(22) in epoch 0 and length: 139
|<7>| HWRITE: wrote 1 bytes, 161 bytes left.
|<4>| REC[0xbd9e70]: Preparing Packet Handshake(22) with length: 144 and min
pad: 0
|<9>| ENC[0xbd9e70]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
|<7>| WRITE: enqueued 149 bytes for 0x4. Total 941 bytes.
|<4>| REC[0xbd9e70]: Sent Packet[4] Handshake(22) in epoch 0 and length: 149
|<7>| HWRITE: wrote 1 bytes, 17 bytes left.
|<4>| REC[0xbd9e70]: Preparing Packet ChangeCipherSpec(20) with length: 1 and
min pad: 0
|<9>| ENC[0xbd9e70]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
|<7>| WRITE: enqueued 6 bytes for 0x4. Total 947 bytes.
|<4>| REC[0xbd9e70]: Sent Packet[5] ChangeCipherSpec(20) in epoch 0 and length:
6
|<7>| HWRITE: wrote 1 bytes, 16 bytes left.
|<4>| REC[0xbd9e70]: Preparing Packet Handshake(22) with length: 16 and min
pad: 0
|<9>| ENC[0xbd9e70]: cipher: AES-256-CBC, MAC: SHA1, Epoch: 1
|<7>| WRITE: enqueued 53 bytes for 0x4. Total 1000 bytes.
|<4>| REC[0xbd9e70]: Sent Packet[1] Handshake(22) in epoch 1 and length: 53
|<7>| HWRITE: wrote 1 bytes, 0 bytes left.
|<7>| WRITE FLUSH: 1000 bytes in buffer.
|<7>| WRITE: wrote 1000 bytes, 0 bytes left.
|<2>| ASSERT: gnutls_buffers.c:1075
|<7>| READ: Got 5 bytes from 0x4
|<7>| READ: read 5 bytes from 0x4
|<7>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<7>| RB: Requested 5 bytes
|<4>| REC[0xbd9e70]: SSL 3.1 Alert packet received. Epoch 0, length: 2
|<4>| REC[0xbd9e70]: Expected Packet Handshake(22)
|<4>| REC[0xbd9e70]: Received Packet Alert(21) with length: 2
|<7>| READ: Got 2 bytes from 0x4
|<7>| READ: read 2 bytes from 0x4
|<7>| RB: Have 5 bytes into buffer. Adding 2 bytes.
|<7>| RB: Requested 7 bytes
|<4>| REC[0xbd9e70]: Decrypted Packet[4] Alert(21) with length: 2
|<4>| REC[0xbd9e70]: Alert[2|51] - Decrypt error - was received
|<2>| ASSERT: gnutls_record.c:771
|<2>| ASSERT: gnutls_record.c:778
|<2>| ASSERT: gnutls_record.c:1306
|<2>| ASSERT: gnutls_buffers.c:1326
|<2>| ASSERT: gnutls_handshake.c:1412
|<2>| ASSERT: session_ticket.c:649
|<2>| ASSERT: gnutls_handshake.c:2796
*** Fatal error: A TLS fatal alert has been received.
*** Received alert [51]: Decrypt error
|<4>| REC: Sending Alert[2|80] - Internal error
|<4>| REC[0xbd9e70]: Preparing Packet Alert(21) with length: 2 and min pad: 0
|<9>| ENC[0xbd9e70]: cipher: AES-256-CBC, MAC: SHA1, Epoch: 1
|<7>| WRITE: enqueued 37 bytes for 0x4. Total 37 bytes.
|<7>| WRITE FLUSH: 37 bytes in buffer.
|<7>| WRITE: wrote 37 bytes, 0 bytes left.
|<4>| REC[0xbd9e70]: Sent Packet[2] Alert(21) in epoch 1 and length: 37
*** Handshake has failed
GnuTLS error: A TLS fatal alert has been received.
|<4>| REC[0xbd9e70]: Start of epoch cleanup
|<4>| REC[0xbd9e70]: End of epoch cleanup
|<4>| REC[0xbd9e70]: Epoch #0 freed
|<4>| REC[0xbd9e70]: Epoch #1 freed
Mark Oteiza
_______________________________________________
Gnutls-help mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnutls-help
