[gnutls-dev] Re: Bug#134584: noch ein gnutls problem
Andrew McDonald
andrew@mcdonald.org.uk
Thu Feb 21 20:51:01 2002
--gBBFr7Ir9EOA20Yy
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
I'm Cc'ing gnutls-dev on this to get some more ideas. (See
http://bugs.debian.org/134584 for info). Main symptom is a
"FATAL_ALERT_RECEIVED" - mutt now suggests RC4/ARCFOUR so that
shouldn't be the problem.
On Thu, Feb 21, 2002 at 06:36:17AM +0100, Martin Samuelsson wrote:
> On Tue, Feb 19, 2002 at 07:55:56PM +0000, Andrew McDonald wrote:
> > Next thing to try, does the server only accepts SSLv2 hellos?
> > (The server's broken if this is the case). Try connecting to the
> > IMAP/SSL port (tcp 993) with
> > openssl s_client -tls1 -connect host:port
> > to check this. (If this fails you might want to try -no_tls or -ssl2 as
> > well).
>=20
> as far as i can understand, it works ok.
Yes, that looks like TLS1 is OK for it.
> > Does the server have a DSS certificate? (Not supported in gnutls 0.3.5,
> > but will be in some future releases). If you control the server you
> > might be able to try:
> > openssl x509 -in certificate_file -text -noout
>=20
> I don't think I have the priviliges needed.
I thought the OpenSSL s_client connection might have shown whether it
was using RSA or DSS, but didn't. Anyway, try copying the certificate
sent as part of the exchange into a file and running openssl x509 on
it.
> > Other testing is likely to require recompiling gnutls with debugging
> > enabled.
>=20
> Tell me what to do, and it'll be done.
Recompiling gnutls with some of the DEBUGs in lib/gnutls_int.h #defined
will print out lots of information. I think WRITE_DEBUG is probably the
main one of interest.
Andrew
--=20
Andrew McDonald
E-mail: andrew@mcdonald.org.uk
http://www.mcdonald.org.uk/andrew/
--gBBFr7Ir9EOA20Yy
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8dU9B/LupyPLe7TYRAugkAJ93F2Y8v9bLJ75SlybIaWf+MEbCpgCdHg2Z
StF8uKujSzN2wiqxCDIZYY0=
=2vFF
-----END PGP SIGNATURE-----
--gBBFr7Ir9EOA20Yy--