First, sorry again for sending this to Simon twice, I havent been using mailinglists for a while. :(
> It would be great if you could try to reproduce the problem using only > gnutls-cli and gnutls-serv. ... > Please see if you can make an unmodified 2.6.5 server crash. ok, good news gnutls-serv and gnutls-cli from 2.6.5 are affected too, but it shots down only the misconfigured gnutls-cli. gnutls-serv only throws message: Error: A TLS packet with unexpected length was received. I'm gonna fixed-client&unfixed-server combination in few minutes, hope it doesn't die. I'm posting the keys used to do this below. If you want full output of crashed gnutls-cli, please tell me. I run it this way: gnutls-serv --x509cafile ca.crt --dhparams dh1024.pem --x509dsakeyfile ssl.key --x509dsacertfile ssl.crt --require-cert and gnutls-cli --x509cafile ca.crt --x509keyfile c.key --x509certfile c.crt localhost -p 5556 Keys are: c.crt -----BEGIN CERTIFICATE----- MIIFJjCCBBCgAwIBAgIESeyRtTALBgkqhkiG9w0BAQUwVzELMAkGA1UEBhMCQ1ox DjAMBgNVBAoTBXByYWhhMQswCQYDVQQLEwJuZTENMAsGA1UEBxMEdm9sZTEOMAwG A1UECBMFbmV2aW0xDDAKBgNVBAMTA2V4YTAeFw0wOTA0MjAxNTE2MDdaFw0wOTEw MTcxNTE2MTBaMFMxCzAJBgNVBAYTAkNaMQwwCgYDVQQKEwNhc2QxDDAKBgNVBAsT A2FzZDEMMAoGA1UEBxMDYXNkMQwwCgYDVQQIEwNhc2QxDDAKBgNVBAMTA2FzZDCC AqMwggIYBgcqhkjOOAQBMIICCwKCAQDEN3nB6G8hSwKVdDRwZBJHO2S4bvcfAcd7 gR8Sdk8UzPhTidThYPuKvRUZFwSnicAeuudQdXDcE6wH1R1FdwpQ5frSkzcaduZJ 1AGnoc+FFC/zzUqopB7H1W6Ucb0gWn+5z/hdtY/zgJMyAgBULe6WxJVWXElOLWpB BJA34mbhw2fhncjcj+k3pUZXbxfbYGUUP174Zr9Dz2nbQ2j/rTXhoLb4GmgPvbYS KC/YZjBFKVsLVt+swsPJU4duA8ezlQ8YjgL2Yg7UR0lhzXRvaqoT15aw76vnF576 n/sAS+oua4psgO05dd4/430XqLX4uxOcCQ9vaWoTcYHm6bxPWrObAgMBAAECgf9d ghKEVkCfnR+eGcLjzMzpJWTagAdEv5RRRzeHlNobD5NIPGc3AQDfHTzwuAd/0CW+ f1O9BDrEpptVIDrS3+gKpY7iy0V3VzJn/KDNQk+jG/u+NBdgRtZkZVJNa+a1hGta IcI65kuzv5JmQo3lj/4j24tPnKtSllIMqiAQgdSFwcPJkN9nTvGUG6/Uf4pUE3xg CwKV3Ow0NLJZuLE31ekqHpzls1XNEdsv2vbiq9FdjrSq44c7ThRfTkXZxIV8lXKI UPzYZ2mb94O3QFufY9rpB9L0z/cLmHmzO1b6mzvDP2rXZYReZb/AQxozTEyv07Qy 5yFoypuh+3y1gaYs7XEDgYQAAoGA08QKPf1foRPElVoKzAs19O3iONMdhPBlrw5Y j+9GgUjqyc6n4YOYV+TNdXyKJdJIZd7qgxVfgQVhRHgF8WQatREkdxyCyPXxSi9w bltPBp2Fg00rvnaGjJCbo38DeWuDkkkDhMurLFnxp1r2+ndvDxGpyXSsow4hcmQc cbw6K1WjgYAwfjAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggr BgEFBQcDATAPBgNVHQ8BAf8EBQMDB4AAMB0GA1UdDgQWBBQAC0nawvJC+1JatXiY NDyIcJh/djAfBgNVHSMEGDAWgBTZbe4eoATyPzAYVtkaOaB4Dcl57zALBgkqhkiG 9w0BAQUDggEBAHaNN88xcVgOyT1o1n20aSv7ntZ2ZVKxn9JbtiLJg/06Ie7qk7/I RMn240dwvI5fP6rWwdPRtMV7F3ccWp4L/ACedrTZuisz/m9vDPfZ/BVECP9EKZ7p NPXxXGIpC4Mlb613apVYEEmKHQvbFER+2TyXduhk6SVeeIDmO+ksSigWgG6SsbDG hs8vNR5ZrFeIvUXnj1tSdSbEcq8ItWXrEzSl3bI5L9wePBmL1VOEB1UphU5pn+sy R68ywzb4aFE4eWcPeazI5r/JwfBQXlkeli27ZdOOoZcZ28CwziT9XENlasPEr2aq RypSk+e2p22ntOqDt/tlaYtcdcGwe/ZGeNw= -----END CERTIFICATE----- c.key -----BEGIN DSA PRIVATE KEY----- MIIDFwIBAAKCAQEAxDd5wehvIUsClXQ0cGQSRztkuG73HwHHe4EfEnZPFMz4U4nU 4WD7ir0VGRcEp4nAHrrnUHVw3BOsB9UdRXcKUOX60pM3GnbmSdQBp6HPhRQv881K qKQex9VulHG9IFp/uc/4XbWP84CTMgIAVC3ulsSVVlxJTi1qQQSQN+Jm4cNn4Z3I 3I/pN6VGV28X22BlFD9e+Ga/Q89p20No/6014aC2+BpoD722Eigv2GYwRSlbC1bf rMLDyVOHbgPHs5UPGI4C9mIO1EdJYc10b2qqE9eWsO+r5xee+p/7AEvqLmuKbIDt OXXeP+N9F6i1+LsTnAkPb2lqE3GB5um8T1qzmwIDAQABAoH/XYIShFZAn50fnhnC 48zM6SVk2oAHRL+UUUc3h5TaGw+TSDxnNwEA3x088LgHf9Alvn9TvQQ6xKabVSA6 0t/oCqWO4stFd1cyZ/ygzUJPoxv7vjQXYEbWZGVSTWvmtYRrWiHCOuZLs7+SZkKN 5Y/+I9uLT5yrUpZSDKogEIHUhcHDyZDfZ07xlBuv1H+KVBN8YAsCldzsNDSyWbix N9XpKh6c5bNVzRHbL9r24qvRXY60quOHO04UX05F2cSFfJVyiFD82Gdpm/eDt0Bb n2Pa6QfS9M/3C5h5sztW+ps7wz9q12WEXmW/wEMaM0xMr9O0MuchaMqboft8tYGm LO1xAoGBANPECj39X6ETxJVaCswLNfTt4jjTHYTwZa8OWI/vRoFI6snOp+GDmFfk zXV8iiXSSGXe6oMVX4EFYUR4BfFkGrURJHccgsj18UovcG5bTwadhYNNK752hoyQ m6N/A3lrg5JJA4TLqyxZ8ada9vp3bw8Rqcl0rKMOIXJkHHG8OitVAoGBAO0z9uD3 /TFLo0gzj5WenCOpc2wr2PLXVw2RSS85QsNI6MEPnAFMWHKfRW1DcaWmjN+3xBT+ jqxcUW6ywk1iJHUQTS0V5yAR/7RSVHnAs9D+9DT9tWdxfRgWsmwL40YFC0N+HCGT vduNykYT/DlwPpuRfg7EWAUU3GYw+rQo/8Mv -----END DSA PRIVATE KEY----- ca.crt -----BEGIN CERTIFICATE----- MIIDfTCCAmegAwIBAgIESew9qDALBgkqhkiG9w0BAQUwVzELMAkGA1UEBhMCQ1ox DjAMBgNVBAoTBXByYWhhMQswCQYDVQQLEwJuZTENMAsGA1UEBxMEdm9sZTEOMAwG A1UECBMFbmV2aW0xDDAKBgNVBAMTA2V4YTAeFw0wOTA0MjAwOTE3MzBaFw0xOTA0 MTgwOTE3MzRaMFcxCzAJBgNVBAYTAkNaMQ4wDAYDVQQKEwVwcmFoYTELMAkGA1UE CxMCbmUxDTALBgNVBAcTBHZvbGUxDjAMBgNVBAgTBW5ldmltMQwwCgYDVQQDEwNl eGEwggEfMAsGCSqGSIb3DQEBAQOCAQ4AMIIBCQKCAQCiqkB7quCFmp0nNCpuZRpT 2sZNoEb6zyu9WLzs6tU6y7af+zIj6nIS1x7URuWwcAsmCrceUEStIuBbMpkpeqxI U5gzwFuVZKOn9/LcuvX2xTHqzDXyY7R3V+neQgJCS8nYF2jQm/QjzqKqzMDo/2Is RLm7SJGhZc8A87W6VWPEqQSsqzSNIZKevmQj+fCjEebF0qtsImMLZbHQEmmlgEtH zbavtqt8rB6saIPdw10XUMja+1yJipaxTm74z6C19C/hX3xROH91wtGXLsJgBI9a UrdBdRVJtgIOoNfoP/TgnhU01a7Hb4vXf8s7pkUy86bJVzIhqL4+n0Q9DFXDuYAV AgMBAAGjWDBWMA8GA1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYBBQUHAwgw DwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQU2W3uHqAE8j8wGFbZGjmgeA3Jee8w CwYJKoZIhvcNAQEFA4IBAQCJOZQO8yzDXrGUIUhcmxT5Q29/iftxsKGHtGJ/ywmQ rNFKdM0xWAP08B+kp/CviHrRe8AD1qOzT7NOxFq5R9jdLWGWpxTx78nZ/AqoI06Z K95cAPwlY38s9I5v/naNYWSLvJBjD+cCRzvtoYodG0a7alNDXVXgELevw/M0WQ0m bBcgJ4uIv6sF8LwDnf9imkGuT7T6n0ltepQ24SdNDjKJUwIisl3MC69bd8SeRqNQ bi9nWTQWgJ9CqzENoKsL5gyQ6IcedKgIujTwq9CXESFWMu6yrRS8lE3xBuaUu42S pvvCRa6KORJmR0Kf3efGoTf3E7kB/SAuVafoLAI2qDDy -----END CERTIFICATE----- ca.key -----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEAoqpAe6rghZqdJzQqbmUaU9rGTaBG+s8rvVi87OrVOsu2n/sy I+pyEtce1EblsHALJgq3HlBErSLgWzKZKXqsSFOYM8BblWSjp/fy3Lr19sUx6sw1 8mO0d1fp3kICQkvJ2Bdo0Jv0I86iqszA6P9iLES5u0iRoWXPAPO1ulVjxKkErKs0 jSGSnr5kI/nwoxHmxdKrbCJjC2Wx0BJppYBLR822r7arfKwerGiD3cNdF1DI2vtc iYqWsU5u+M+gtfQv4V98UTh/dcLRly7CYASPWlK3QXUVSbYCDqDX6D/04J4VNNWu x2+L13/LO6ZFMvOmyVcyIai+Pp9EPQxVw7mAFQIDAQABAoIBAAvnEFPcQ5STJTe2 qfos/LmxEvygI0F8AlPXF+/wGQ011dWsAFW/dHxrcE6RJ4J7GF2+v/qAXh4bJLaX o7x0xQF/2G3FAA6U8CK80nETXycg88+eBL6JTC3FaZABXX/zYsAkql9FYh5yotWD qQQDl+/sUXjiTQG13OlRa/VIBUZhB97aQDkG9HvB2zZGspRNAvX/npBdZ2TK1vJm SDgJV+M8VRyxj77IK8b93OU3ve9TqFD6W2htjeY1FdkLKbRKNRCWGdfr8RnwWSOt K7A6htSvRJsjeqirxusb83gY41JGYJ6MSW4RHgNlN9ChX4NikyUp42w7Omb5quLU wpOxb7ECgYEAx4Pw3PP7csIvzMUt84LPd8PX3CJayjNUOrzVi354VTgtW9dD4vDE +wMFBfJ+KJBUOSD3uFTFbuSEglOIo3UVLSRu/bHqxWNzO3RCqefnf7fmKJjqTESu 6DnXPV3OLwcWsg2H9Ny3WiWnsCzRGuBStkYIozxtXuj3lwHKrdLDitkCgYEA0LeM dIRmZcF5Nn/EEa2/T2Cmnux3nWys0x88nwlLEXFHj0sUdU2wZDheWK4IQolpG+Cg umX925ufnXifHKwLAaDFVoDi9XeHSbCqTsrK+x+8e70rljeje5UOAqLEp6cY/wKi XeRIx1q1y69Ysb4chTnt+6hd54E2TDvjpx3GgZ0CgYEAwW4HrQ/WLnJZyVs5q6ac 4e47by7XesW82Z2OI0mf/G8Uer//DxyCvSE2U4fADC+xmBmAUXPOXi6q0XePN3oh 57w05z0A8hHy/CdBIly1MjvmpmFqdjr4oCjDprk1Vp62wDUiJKGAGaP8KW+p4zas ug63/Rpupt+SexK/nzqBXjECgYEAyGyJttXxUqOAV4JHcMaM4JeqSRBAKO7T4wSq /Pk6mexS0FpDsgVBbmvmxXeRPPug8IE7NuN76+e8VcYf3LOk+hI9jbzEtPzr8Cpy 0KjSVGX8ZEKa2WxiU+klhAhzmZ7PVQpdipYOAUmtK4QdQsmRr6maS0A5tHaTAo+8 I51nIs0CgYAJ84MewGdo7VH4me2oEF7EQRySoov7RzQAI3JJ/0aBi6T64CKGxCJk CHrDfnCjH2qyYPT+QuvphzMoE8kgObhd49PwuXV+0uHFMfy+mNMZUpagolsz1i03 BdROt5J6ekwOvF0TuBusCM3uV7JHqQ1Apadru7bMz/piYGgAJfudxA== -----END RSA PRIVATE KEY----- dh1024.pem Generator: 05 Prime: ad:a9:66:71:7a:34:72:ee:e2:5b:93:f4 1e:21:2b:9d:67:86:52:47:f6:b0:3f:78 88:31:44:ff:24:74:54:c7:1f:56:e7:c2 0f:88:66:ae:91:ea:c4:14:c3:16:35:91 66:5b:5a:80:e1:fd:5e:52:54:00:b2:43 83:1c:a1:e4:8e:a8:e4:dd:87:0d:7c:f6 88:7e:4b:5b:0d:5a:1e:ed:7b:ca:5e:9d 22:71:9a:1b:86:24:aa:b0:84:98:14:2e 0d:33:b6:94:77:a9:d0:07:02:0c:53:04 6e:8a:07:d3:6a:32:2a:32:3f:23:0f:42 4d:63:79:57:48:c8:05:a7 -----BEGIN DH PARAMETERS----- MIGHAoGBAK2pZnF6NHLu4luT9B4hK51nhlJH9rA/eIgxRP8kdFTHH1bnwg+IZq6R 6sQUwxY1kWZbWoDh/V5SVACyQ4McoeSOqOTdhw189oh+S1sNWh7te8penSJxmhuG JKqwhJgULg0ztpR3qdAHAgxTBG6KB9NqMioyPyMPQk1jeVdIyAWnAgEF -----END DH PARAMETERS----- ssl.crt -----BEGIN CERTIFICATE----- MIIFLDCCBBagAwIBAgIESexK4DALBgkqhkiG9w0BAQUwVzELMAkGA1UEBhMCQ1ox DjAMBgNVBAoTBXByYWhhMQswCQYDVQQLEwJuZTENMAsGA1UEBxMEdm9sZTEOMAwG A1UECBMFbmV2aW0xDDAKBgNVBAMTA2V4YTAeFw0wOTA0MjAxMDEzNTNaFw0xOTA0 MTgxMDEzNTdaMFcxCzAJBgNVBAYTAkNaMQwwCgYDVQQKEwNCbGUxDTALBgNVBAsT BFNtcnQxDjAMBgNVBAcTBUt0ZXJhMQ4wDAYDVQQIEwVCbGlqZTELMAkGA1UEAxMC TmUwggKlMIICGgYHKoZIzjgEATCCAg0CggEAygAmvvWeV4auzm9ZFG1+omVlyVqH elM0qqJ717DdaKoJlIiCAgwsg7r+zpz4ekncShy0UxRm2yElW6p90Otx9QrCWTpv jP6wHiTptk/vUEDSQ6/Zlqax7mI946XfoIxx3JCavVzBvNgUQAOai6BpjJ4a9ZVL BdP2gSldt9XJ4CTuSdosBBjrCwTWn1oaZWFsXt6bgZdyZiZvAVizpDDkrV0RH6Fo 6PqfLAn3hyoesM5SeAllHba6cGibyXxsuocwwjwynq3Y1W4SIZomh63OYNWBh6uY +9pYrdJsYtkQxhJwDSGg9yhyL3agmx2OmOD8S7we6r3j8/D8XJgW6rszTwIDAQAB AoIBAANXfbMBCzqPDtgTCk06A0znRbs1of7v3qb7NlzhUl7Hf8F5gXUZNtwco6SC MklYbKpWAtTkOVAv7zDiB2AFoezLRCw67EEcrlTOIlOsZNzvnzFH30Vy9bsBqXZy 3KbVfyvswUwxFNkHIuagNW+3Gqfp4a/lMi8jGSiv3E4M3ZPorcW1qiv5i/UZX3wB rphD9dLKwgdTwmtyz+hp/zFKwtThIuhb2qZKbYZzMqI6d4FhLufcvvXFrZ3LoTEd sprZ3fZI1M7IdvsGTZLnHQ4Bws32hPNSaA7/b3yxK3wfBZRs8+92LYE3kiGojylN REsD8PXH5epas5+bS8A3RL284AkDgYQAAoGA3a5KHeltiQKAE2nO4zFZirFmG5Oe e4Z84oRWjz3NujAy7B8OaZmSBQbXe8XdS67/bIHO+ULzStGEjQqs8xaev90rzJ/H Y5q4G5SbwCo9AB+a99waDV+H06CdcH2aWzuphx88VgkoNTTjT/rsgUUw6i9GOTd0 CaM8UhirdOSRRCWjgYAwfjAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUF BwMCBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB4AAMB0GA1UdDgQWBBRdOw6fAlG3 powcRYMbekXDEG0QGjAfBgNVHSMEGDAWgBTZbe4eoATyPzAYVtkaOaB4Dcl57zAL BgkqhkiG9w0BAQUDggEBAC1ErfpfBUAKsdBCDUaQmqzoiMQ5Bm6jX7vzht7HG0Bq MA89SOrr09tTMkEIkab3LN+pCs2cSRRtHRNBk+tzn+cyq4VptFnV+EhpB32YCLro SnfYD0eclv3yO2GnzP6tADDuHWyOq0bSYOxcnUZuEe7X/rl7Zj8meiE48i9jNQYD lX0YayTBR1eYbtNEaZASUvrFO4JkBZlTjXR/qNRjj1SidVLfAayZtct40usEH+9V EgpmZmtIqCPsmF8f3KVEcxwz7xwAtjI820qCRzFUmgboZ65jm3IWr4CibIgjlhs7 tzclPT9WeIZdeP7QWlFmhjbiY5yFfjCiyvlf3mechow= -----END CERTIFICATE----- ssl.key -----BEGIN DSA PRIVATE KEY----- MIIDGQIBAAKCAQEAygAmvvWeV4auzm9ZFG1+omVlyVqHelM0qqJ717DdaKoJlIiC Agwsg7r+zpz4ekncShy0UxRm2yElW6p90Otx9QrCWTpvjP6wHiTptk/vUEDSQ6/Z lqax7mI946XfoIxx3JCavVzBvNgUQAOai6BpjJ4a9ZVLBdP2gSldt9XJ4CTuSdos BBjrCwTWn1oaZWFsXt6bgZdyZiZvAVizpDDkrV0RH6Fo6PqfLAn3hyoesM5SeAll Hba6cGibyXxsuocwwjwynq3Y1W4SIZomh63OYNWBh6uY+9pYrdJsYtkQxhJwDSGg 9yhyL3agmx2OmOD8S7we6r3j8/D8XJgW6rszTwIDAQABAoIBAANXfbMBCzqPDtgT Ck06A0znRbs1of7v3qb7NlzhUl7Hf8F5gXUZNtwco6SCMklYbKpWAtTkOVAv7zDi B2AFoezLRCw67EEcrlTOIlOsZNzvnzFH30Vy9bsBqXZy3KbVfyvswUwxFNkHIuag NW+3Gqfp4a/lMi8jGSiv3E4M3ZPorcW1qiv5i/UZX3wBrphD9dLKwgdTwmtyz+hp /zFKwtThIuhb2qZKbYZzMqI6d4FhLufcvvXFrZ3LoTEdsprZ3fZI1M7IdvsGTZLn HQ4Bws32hPNSaA7/b3yxK3wfBZRs8+92LYE3kiGojylNREsD8PXH5epas5+bS8A3 RL284AkCgYEA3a5KHeltiQKAE2nO4zFZirFmG5Oee4Z84oRWjz3NujAy7B8OaZmS BQbXe8XdS67/bIHO+ULzStGEjQqs8xaev90rzJ/HY5q4G5SbwCo9AB+a99waDV+H 06CdcH2aWzuphx88VgkoNTTjT/rsgUUw6i9GOTd0CaM8UhirdOSRRCUCgYEA6UXj 26jtOpcysQhn5FaDxpUbjvlPHO8k6FUUXnbVCl4BKEkSW5kzeL1ezog65RUyPKdm SXKgQcvWRXF76GRgAiqgUI1/tSYyKXTjljiyZZPjYhZB1hTcxVcZROHFvskLXmsn UcdCdUM7POtFT/Cy3Nx1ZvyTYqwCH0Jomvx6pWM= -----END DSA PRIVATE KEY----- _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
