On Wed, 29 Sep 2010 16:04:21 +0200 Nikos Mavrogiannopoulos <[email protected]> wrote:
> On Wed, Sep 29, 2010 at 3:15 PM, Michael Blumenkrantz <[email protected]> > wrote: > > > I have read through the examples and tested using my code. It functions > > fine, though I took your advice and migrated to newer priority strings. It > > seems that I may have found a gnutls bug in handshaking, however, though I > > will reserve judgment on that until I have investigated further. The bug > > seems to be if you are doing async connections, you cannot call > > gnutls_handshake with a very small amount of data in the buffer or else the > > handshake will fail with an error. Specifically, I find this occurring > > while receiving data (as a client) for a session ticket. > > I have so far found this to be the case by briefly pausing execution of my > > program just before the gnutls_handshake() call where it would be reading > > from the file descriptor so that more data can accumulate, and then > > continuing. The handshake completes as expected, where it would have > > failed if running at normal speed. > > Where does handshake fail? (if you use level 2 debugging you get a > nice backtrace of the > failure). > > > Is it possible that there is a bug like this? > > You never know, although I think gnutls is being used in async mode quite > often. > > regards, > Nikos This is a log of the handshake failure while attempting to connect to verisign.com:443 using gnutls log level 2. Additionally there is some debug info from my code which is prefixed by DBG. Let me know if there is more information that I can provide. DBG:EcoreCon ecore_con.c:1478 _ecore_con_cb_tcp_connect() beginning ssl handshake DBG:EcoreCon ecore_con_ssl.c:497 _ecore_con_ssl_server_init_gnutls() calling gnutls_handshake() |<2>| EXT[0x8d460b8]: Sending extension SERVER_NAME |<2>| EXT[0x8d460b8]: Sending extension SAFE_RENEGOTIATION |<2>| EXT[0x8d460b8]: Sending extension SESSION_TICKET |<2>| ASSERT: gnutls_record.c:450 |<2>| ASSERT: gnutls_buffers.c:933 |<2>| ASSERT: gnutls_buffers.c:957 |<2>| ASSERT: gnutls_handshake.c:2772 DBG:EcoreCon ecore_con.c:1822 _ecore_con_cl_handler() Continuing ssl handshake DBG:EcoreCon ecore_con.c:1826 _ecore_con_cl_handler() Preparing to write handshake data... DBG:EcoreCon ecore_con_ssl.c:497 _ecore_con_ssl_server_init_gnutls() calling gnutls_handshake() |<2>| ASSERT: gnutls_buffers.c:857 DBG:EcoreCon ecore_con.c:1822 _ecore_con_cl_handler() Continuing ssl handshake DBG:EcoreCon ecore_con.c:1826 _ecore_con_cl_handler() Preparing to write handshake data... DBG:EcoreCon ecore_con_ssl.c:497 _ecore_con_ssl_server_init_gnutls() calling gnutls_handshake() ---REPEAT--- |<2>| EXT[0x8d460b8]: Found extension 'SAFE_RENEGOTIATION/65281' |<2>| EXT[0x8d460b8]: Found extension 'SESSION_TICKET/35' |<2>| ASSERT: gnutls_handshake.c:1332 |<2>| ASSERT: ext_session_ticket.c:582 DBG:EcoreCon ecore_con.c:1822 _ecore_con_cl_handler() Continuing ssl handshake DBG:EcoreCon ecore_con.c:1826 _ecore_con_cl_handler() Preparing to write handshake data... DBG:EcoreCon ecore_con_ssl.c:497 _ecore_con_ssl_server_init_gnutls() calling gnutls_handshake() ---REPEAT--- |<2>| ASSERT: gnutls_record.c:695 |<2>| ASSERT: gnutls_record.c:1055 |<2>| ASSERT: ext_session_ticket.c:582 |<2>| ASSERT: gnutls_handshake.c:3146 ERR:EcoreCon ecore_con_ssl.c:499 _ecore_con_ssl_server_init_gnutls() Error at ecore_con_ssl.c:_ecore_con_ssl_server_init_gnutls:499! ERR:EcoreCon ecore_con_ssl.c:52 _gnutls_print_errors() gnutls returned with error: GNUTLS_E_FATAL_ALERT_RECEIVED - A TLS fatal alert has been received. ERR:EcoreCon ecore_con_ssl.c:551 _ecore_con_ssl_server_init_gnutls() Also received alert: Decrypt error ERR:EcoreCon ecore_con_ssl.c:554 _ecore_con_ssl_server_init_gnutls() last out: Finished ERR:EcoreCon ecore_con_ssl.c:555 _ecore_con_ssl_server_init_gnutls() last in: Server hello done |<2>| ASSERT: gnutls_record.c:262 -- Mike Blumenkrantz Zentific: Our boolean values are huge. _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
