[gnutls-dev] gnutls-cli: segfaults when doing starttls against smtp.hispeed.ch

Simon Josefsson simon at josefsson.org
Wed Jun 20 16:23:26 CEST 2007


Hi!  Thanks for the report.

This is what happens, first the TLS handshake fails in the gnutls
library (I'll return to the reasons for that below), and in cli.c the
following code is responsible for handling this:

      if (FD_ISSET (fileno (stdin), &rset))
	{
	  if (fgets (buffer, MAX_BUF, stdin) == NULL)
	    {
	      if (hd.secure == 0)
		{
		  fprintf (stderr, "*** Starting TLS handshake\n");
		  ret = do_handshake (&hd);
		  if (ret < 0)
		    {
		      fprintf (stderr, "*** Handshake has failed\n");
		      socket_bye (&hd);
		      user_term = 1;
		    }
		}
	      else
		{
		  user_term = 1;
		  break;
		}
	      continue;
	    }

In this case, the '*** Handshake has failed' output has been printed,
and socket_bye() is invoked.  socket_bye() sets socket->fd to -1.  Then
the 'continue' is taken, and the loop resumes:

  for (;;)
    {
      if (starttls_alarmed && !hd.secure)
	{
	  fprintf (stderr, "*** Starting TLS handshake\n");
	  ret = do_handshake (&hd);
	  if (ret < 0)
	    {
	      fprintf (stderr, "*** Handshake has failed\n");
	      socket_bye (&hd);
	      user_term = 1;
	      break;
	    }
	}

      FD_ZERO (&rset);
      FD_SET (fileno (stdin), &rset);
      FD_SET (hd.fd, &rset);

Here, starttls_alarmed is false, so it skips the if case, and invokes
FD_ZERO + FD_SET.  Here hd.fd is still -1, and it seems that FD_SET(-1,
&rset) causes a segmentation fault.  Hence, the solution is:

diff --git a/src/cli.c b/src/cli.c
index f9564bb..74e47b1 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -802,6 +802,7 @@ after_handshake:
 		      fprintf (stderr, "*** Handshake has failed\n");
 		      socket_bye (&hd);
 		      user_term = 1;
+		      break;
 		    }
 		}
 	      else

Installed in git now.

Now, the interesting part is why the TLS handshake fails.  'gnutls-cli
-d 4711' reveals:

|<3>| HSK[8076500]: SERVER HELLO was received [58 bytes]
|<6>| BUF[REC][HD]: Read 54 bytes of Data(22)
|<6>| BUF[HSK]: Peeked 0 bytes of Data
|<6>| BUF[HSK]: Emptied buffer
|<6>| BUF[HSK]: Inserted 4 bytes of Data
|<6>| BUF[HSK]: Inserted 54 bytes of Data
|<3>| HSK[8076500]: Server's version: 3.3

Thus, the server claims that it supports version 3.3 aka TLS 1.2.
However later on it sends a TLS record message using TLS version 3.1:

|<2>| ASSERT: gnutls_record.c:624
|<4>| REC[8076500]: INVALID VERSION PACKET: (12) 3.1

It even fails to negotiate TLS 1.0:

./gnutls-cli -p 4711 -s localhost -d 4711 --protocols TLS1.0
|<3>| HSK[8076500]: SERVER HELLO was received [58 bytes]
|<3>| HSK[8076500]: Server's version: 3.1
...
|<4>| REC[8076500]: Decrypted Packet[2] Alert(21) with length: 2
|<4>| REC[8076500]: Alert[2|0] - Close notify - was received

TLS 1.1 fails in the same way as TLS 1.2:

./gnutls-cli -p 4711 -s localhost -d 4711 --protocols TLS1.1
|<3>| HSK[8076500]: SERVER HELLO was received [58 bytes]
|<3>| HSK[8076500]: Server's version: 3.2
...
|<2>| ASSERT: gnutls_record.c:624
|<4>| REC[8076500]: INVALID VERSION PACKET: (12) 3.1

Alas, even SSL3.0 does not work:

./gnutls-cli -p 4711 -s localhost -d 4711 --protocols SSL3.0
...
|<3>| HSK[8076500]: SERVER HELLO was received [58 bytes]
|<3>| HSK[8076500]: Server's version: 3.0
...
|<4>| REC[8076500]: Decrypted Packet[2] Alert(21) with length: 2
|<4>| REC[8076500]: Alert[2|0] - Close notify - was received

Possibly, this is a SSL 2.0 only server.  Although it seems the OpenSSL
is able to connect to the server using TLSv1 with the default settings.
However, if I add -ssl3 or -tls1 it fails to negotiate anything.

openssl s_client -debug -connect localhost:4711 -starttls smtp 
CONNECTED(00000003)
read from 0x80c00c0 [0x80c10a8] (4096 bytes => 120 (0x78))
0000 - 32 32 30 20 73 6d 74 70-2e 68 69 73 70 65 65 64   220 smtp.hispeed
0010 - 2e 63 68 20 45 53 4d 54-50 20 73 65 72 76 65 72   .ch ESMTP server
0020 - 20 28 49 6e 74 65 72 4d-61 69 6c 20 76 4d 2e 37    (InterMail vM.7
0030 - 2e 30 38 2e 30 32 2e 30-30 20 32 30 31 2d 32 31   .08.02.00 201-21
0040 - 38 36 2d 31 32 31 2d 32-30 30 36 31 32 31 33 29   86-121-20061213)
0050 - 20 72 65 61 64 79 20 57-65 64 2c 20 32 30 20 4a    ready Wed, 20 J
0060 - 75 6e 20 32 30 30 37 20-31 36 3a 32 30 3a 33 37   un 2007 16:20:37
0070 - 20 2b 30 32 30 30 0d 0a-                           +0200..
write to 0x80c00c0 [0x80c20b0] (25 bytes => 25 (0x19))
0000 - 45 48 4c 4f 20 6f 70 65-6e 73 73 6c 2e 63 6c 69   EHLO openssl.cli
0010 - 65 6e 74 2e 6e 65 74 0d-0a                        ent.net..
read from 0x80c00c0 [0x80c10a8] (4096 bytes => 175 (0xAF))
0000 - 32 35 30 2d 73 6d 74 70-2e 68 69 73 70 65 65 64   250-smtp.hispeed
0010 - 2e 63 68 0d 0a 32 35 30-2d 48 45 4c 50 0d 0a 32   .ch..250-HELP..2
0020 - 35 30 2d 58 52 45 4d 4f-54 45 51 55 45 55 45 0d   50-XREMOTEQUEUE.
0030 - 0a 32 35 30 2d 45 54 52-4e 0d 0a 32 35 30 2d 41   .250-ETRN..250-A
0040 - 55 54 48 3d 4c 4f 47 49-4e 20 50 4c 41 49 4e 0d   UTH=LOGIN PLAIN.
0050 - 0a 32 35 30 2d 41 55 54-48 20 4c 4f 47 49 4e 20   .250-AUTH LOGIN 
0060 - 50 4c 41 49 4e 0d 0a 32-35 30 2d 50 49 50 45 4c   PLAIN..250-PIPEL
0070 - 49 4e 49 4e 47 0d 0a 32-35 30 2d 44 53 4e 0d 0a   INING..250-DSN..
0080 - 32 35 30 2d 38 42 49 54-4d 49 4d 45 0d 0a 32 35   250-8BITMIME..25
0090 - 30 2d 53 54 41 52 54 54-4c 53 0d 0a 32 35 30 20   0-STARTTLS..250 
00a0 - 53 49 5a 45 20 31 35 33-36 30 30 30 30 0d 0a      SIZE 15360000..
write to 0x80c00c0 [-0x4014f118] (10 bytes => 10 (0xA))
0000 - 53 54 41 52 54 54 4c 53-0d 0a                     STARTTLS..
read from 0x80c00c0 [0x80b9f08] (8192 bytes => 24 (0x18))
0000 - 32 32 30 20 52 65 61 64-79 20 74 6f 20 73 74 61   220 Ready to sta
0010 - 72 74 20 54 4c 53 0d 0a-                          rt TLS..
write to 0x80c00c0 [0x80c1060] (118 bytes => 118 (0x76))
0000 - 80 74 01 03 01 00 4b 00-00 00 20 00 00 39 00 00   .t....K... ..9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0   8..5............
0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 05 00   ..3..2../.......
0030 - 00 04 01 00 80 00 00 15-00 00 12 00 00 09 06 00   ................
0040 - 40 00 00 14 00 00 11 00-00 08 00 00 06 04 00 80   @...............
0050 - 00 00 03 02 00 80 62 99-68 5f 9d b1 d3 69 20 8b   ......b.h_...i .
0060 - fd 69 5c f9 f2 75 55 e1-74 46 92 c9 79 5b 3f 37   .i\..uU.tF..y[?7
0070 - 98 09 d9 c4 54 36                                 ....T6
read from 0x80c00c0 [0x80c65c0] (7 bytes => 7 (0x7))
0000 - 16 03 01 00 3a 02                                 ....:.
0007 - <SPACES/NULS>
read from 0x80c00c0 [0x80c65c7] (56 bytes => 56 (0x38))
0000 - 00 36 03 01 46 79 37 b5-0d 05 27 6e 65 87 a1 81   .6..Fy7...'ne...
0010 - 0a aa 09 8e a7 cf 69 3c-cb c8 8d ca 9a a9 31 65   ......i<......1e
0020 - 70 7f cb 12 10 4e 75 6c-39 bc 60 33 de d5 7a dc   p....Nul9.`3..z.
0030 - 0d f2 70 75 bd 00 0a                              ..pu...
0038 - <SPACES/NULS>
read from 0x80c00c0 [0x80c65c0] (5 bytes => 5 (0x5))
0000 - 16 03 01 06 6d                                    ....m
read from 0x80c00c0 [0x80c65c5] (1645 bytes => 1380 (0x564))
0000 - 0b 00 06 69 00 06 66 00-03 3c 30 82 03 38 30 82   ...i..f..<0..80.
0010 - 02 a1 a0 03 02 01 02 02-03 07 4c 60 30 0d 06 09   ..........L`0...
0020 - 2a 86 48 86 f7 0d 01 01-05 05 00 30 4e 31 0b 30   *.H........0N1.0
0030 - 09 06 03 55 04 06 13 02-55 53 31 10 30 0e 06 03   ...U....US1.0...
0040 - 55 04 0a 13 07 45 71 75-69 66 61 78 31 2d 30 2b   U....Equifax1-0+
0050 - 06 03 55 04 0b 13 24 45-71 75 69 66 61 78 20 53   ..U...$Equifax S
0060 - 65 63 75 72 65 20 43 65-72 74 69 66 69 63 61 74   ecure Certificat
0070 - 65 20 41 75 74 68 6f 72-69 74 79 30 1e 17 0d 30   e Authority0...0
0080 - 37 30 34 32 30 31 31 34-30 34 39 5a 17 0d 30 39   70420114049Z..09
0090 - 30 34 32 30 31 31 34 30-34 39 5a 30 81 c2 31 0b   0420114049Z0..1.
00a0 - 30 09 06 03 55 04 06 13-02 41 54 31 18 30 16 06   0...U....AT1.0..
00b0 - 03 55 04 0a 13 0f 73 6d-74 70 2e 68 69 73 70 65   .U....smtp.hispe
00c0 - 65 64 2e 63 68 31 13 30-11 06 03 55 04 0b 13 0a   ed.ch1.0...U....
00d0 - 47 54 30 36 33 33 39 38-31 36 31 31 30 2f 06 03   GT06339816110/..
00e0 - 55 04 0b 13 28 53 65 65-20 77 77 77 2e 67 65 6f   U...(See www.geo
00f0 - 74 72 75 73 74 2e 63 6f-6d 2f 72 65 73 6f 75 72   trust.com/resour
0100 - 63 65 73 2f 63 70 73 20-28 63 29 30 37 31 37 30   ces/cps (c)07170
0110 - 35 06 03 55 04 0b 13 2e-44 6f 6d 61 69 6e 20 43   5..U....Domain C
0120 - 6f 6e 74 72 6f 6c 20 56-61 6c 69 64 61 74 65 64   ontrol Validated
0130 - 20 2d 20 51 75 69 63 6b-53 53 4c 20 50 72 65 6d    - QuickSSL Prem
0140 - 69 75 6d 28 52 29 31 18-30 16 06 03 55 04 03 13   ium(R)1.0...U...
0150 - 0f 73 6d 74 70 2e 68 69-73 70 65 65 64 2e 63 68   .smtp.hispeed.ch
0160 - 30 81 9f 30 0d 06 09 2a-86 48 86 f7 0d 01 01 01   0..0...*.H......
0170 - 05 00 03 81 8d 00 30 81-89 02 81 81 00 e4 be 5c   ......0........\
0180 - 82 77 e4 8e f9 6c 79 b7-ab d1 a3 3d ed 37 8a 6e   .w...ly....=.7.n
0190 - 34 2f 37 79 83 8c 80 25-d3 fe 7f 77 10 44 41 dd   4/7y...%...w.DA.
01a0 - 9e 73 84 a9 5b 87 59 ee-d9 e1 7e 48 d9 c5 11 17   .s..[.Y...~H....
01b0 - db be c6 14 63 09 a8 47-33 48 79 81 4c 19 cf 9e   ....c..G3Hy.L...
01c0 - a3 e0 9a 86 f8 26 2d 79-a7 c2 ad 9d d6 70 e4 4e   .....&-y.....p.N
01d0 - ca 3c 6f ca 18 a3 1e 22-a9 48 2a e7 dd 06 ad 1f   .<o....".H*.....
01e0 - 96 e6 0d 38 2e ec 39 cd-31 c8 e4 82 3e 31 d1 82   ...8..9.1...>1..
01f0 - 1b ed c8 6d 43 79 cc a8-6c 2f dd 4c b1 02 03 01   ...mCy..l/.L....
0200 - 00 01 a3 81 ae 30 81 ab-30 0e 06 03 55 1d 0f 01   .....0..0...U...
0210 - 01 ff 04 04 03 02 04 f0-30 1d 06 03 55 1d 0e 04   ........0...U...
0220 - 16 04 14 fa 31 61 e8 de-71 de 3a 0f a8 51 62 e1   ....1a..q.:..Qb.
0230 - 3e ff 12 b7 94 2e 88 30-3a 06 03 55 1d 1f 04 33   >......0:..U...3
0240 - 30 31 30 2f a0 2d a0 2b-86 29 68 74 74 70 3a 2f   010/.-.+.)http:/
0250 - 2f 63 72 6c 2e 67 65 6f-74 72 75 73 74 2e 63 6f   /crl.geotrust.co
0260 - 6d 2f 63 72 6c 73 2f 73-65 63 75 72 65 63 61 2e   m/crls/secureca.
0270 - 63 72 6c 30 1f 06 03 55-1d 23 04 18 30 16 80 14   crl0...U.#..0...
0280 - 48 e6 68 f9 2b d2 b2 95-d7 47 d8 23 20 10 4f 33   H.h.+....G.# .O3
0290 - 98 90 9f d4 30 1d 06 03-55 1d 25 04 16 30 14 06   ....0...U.%..0..
02a0 - 08 2b 06 01 05 05 07 03-01 06 08 2b 06 01 05 05   .+.........+....
02b0 - 07 03 02 30 0d 06 09 2a-86 48 86 f7 0d 01 01 05   ...0...*.H......
02c0 - 05 00 03 81 81 00 78 17-28 5f f4 83 17 a8 e9 1e   ......x.(_......
02d0 - c7 05 3f 71 2c 68 a4 d7-00 ae 2f 8e 32 48 be 16   ..?q,h..../.2H..
02e0 - dc f9 ed 7f cc 24 15 30-39 fe 02 5a 10 8d a9 3e   .....$.09..Z...>
02f0 - 0e c6 7b 4b 19 c9 fe 82-a7 8b c0 2c b6 bb e6 0a   ..{K.......,....
0300 - b8 db 14 86 79 84 7b 96-cb 07 bb d8 80 9a 61 b2   ....y.{.......a.
0310 - 52 ae 5a 44 7f 99 39 b5-e2 5d 72 98 4d b9 f7 88   R.ZD..9..]r.M...
0320 - e3 7b cd 72 98 a4 40 74-5f 97 c3 d5 0c 06 02 5f   .{.r.. at t_......_
0330 - 71 82 c2 d6 45 f4 3c 35-95 70 0b ef fe cc 68 af   q...E.<5.p....h.
0340 - 5a 1b 0b e6 0e 91 00 03-24 30 82 03 20 30 82 02   Z.......$0.. 0..
0350 - 89 a0 03 02 01 02 02 04-35 de f4 cf 30 0d 06 09   ........5...0...
0360 - 2a 86 48 86 f7 0d 01 01-05 05 00 30 4e 31 0b 30   *.H........0N1.0
0370 - 09 06 03 55 04 06 13 02-55 53 31 10 30 0e 06 03   ...U....US1.0...
0380 - 55 04 0a 13 07 45 71 75-69 66 61 78 31 2d 30 2b   U....Equifax1-0+
0390 - 06 03 55 04 0b 13 24 45-71 75 69 66 61 78 20 53   ..U...$Equifax S
03a0 - 65 63 75 72 65 20 43 65-72 74 69 66 69 63 61 74   ecure Certificat
03b0 - 65 20 41 75 74 68 6f 72-69 74 79 30 1e 17 0d 39   e Authority0...9
03c0 - 38 30 38 32 32 31 36 34-31 35 31 5a 17 0d 31 38   80822164151Z..18
03d0 - 30 38 32 32 31 36 34 31-35 31 5a 30 4e 31 0b 30   0822164151Z0N1.0
03e0 - 09 06 03 55 04 06 13 02-55 53 31 10 30 0e 06 03   ...U....US1.0...
03f0 - 55 04 0a 13 07 45 71 75-69 66 61 78 31 2d 30 2b   U....Equifax1-0+
0400 - 06 03 55 04 0b 13 24 45-71 75 69 66 61 78 20 53   ..U...$Equifax S
0410 - 65 6depth=1 /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
verify error:num=19:self signed certificate in certificate chain
verify return:0
3 75 72 65 20 43 65-72 74 69 66 69 63 61 74   ecure Certificat
0420 - 65 20 41 75 74 68 6f 72-69 74 79 30 81 9f 30 0d   e Authority0..0.
0430 - 06 09 2a 86 48 86 f7 0d-01 01 01 05 00 03 81 8d   ..*.H...........
0440 - 00 30 81 89 02 81 81 00-c1 5d b1 58 67 08 62 ee   .0.......].Xg.b.
0450 - a0 9a 2d 1f 08 6d 91 14-68 98 0a 1e fe da 04 6f   ..-..m..h......o
0460 - 13 84 62 21 c3 d1 7c ce-9f 05 e0 b8 01 f0 4e 34   ..b!..|.......N4
0470 - ec e2 8a 95 04 64 ac f1-6b 53 5f 05 b3 cb 67 80   .....d..kS_...g.
0480 - bf 42 02 8e fe dd 01 09-ec e1 00 14 4f fc fb f0   .B..........O...
0490 - 0c dd 43 ba 5b 2b e1 1f-80 70 99 15 57 93 16 f1   ..C.[+...p..W...
04a0 - 0f 97 6a b7 c2 68 23 1c-cc 4d 59 30 ac 51 1e 3b   ..j..h#..MY0.Q.;
04b0 - af 2b d6 ee 63 45 7b c5-d9 5f 50 d2 e3 50 0f 3a   .+..cE{.._P..P.:
04c0 - 88 e7 bf 14 fd e0 c7 b9-02 03 01 00 01 a3 82 01   ................
04d0 - 09 30 82 01 05 30 70 06-03 55 1d 1f 04 69 30 67   .0...0p..U...i0g
04e0 - 30 65 a0 63 a0 61 a4 5f-30 5d 31 0b 30 09 06 03   0e.c.a._0]1.0...
04f0 - 55 04 06 13 02 55 53 31-10 30 0e 06 03 55 04 0a   U....US1.0...U..
0500 - 13 07 45 71 75 69 66 61-78 31 2d 30 2b 06 03 55   ..Equifax1-0+..U
0510 - 04 0b 13 24 45 71 75 69-66 61 78 20 53 65 63 75   ...$Equifax Secu
0520 - 72 65 20 43 65 72 74 69-66 69 63 61 74 65 20 41   re Certificate A
0530 - 75 74 68 6f 72 69 74 79-31 0d 30 0b 06 03 55 04   uthority1.0...U.
0540 - 03 13 04 43 52 4c 31 30-1a 06 03 55 1d 10 04 13   ...CRL10...U....
0550 - 30 11 81 0f 32 30 31 38-30 38 32 32 31 36 34 31   0...201808221641
0560 - 35 31 5a 30                                       51Z0
read from 0x80c00c0 [0x80c6b29] (265 bytes => 265 (0x109))
0000 - 0b 06 03 55 1d 0f 04 04-03 02 01 06 30 1f 06 03   ...U........0...
0010 - 55 1d 23 04 18 30 16 80-14 48 e6 68 f9 2b d2 b2   U.#..0...H.h.+..
0020 - 95 d7 47 d8 23 20 10 4f-33 98 90 9f d4 30 1d 06   ..G.# .O3....0..
0030 - 03 55 1d 0e 04 16 04 14-48 e6 68 f9 2b d2 b2 95   .U......H.h.+...
0040 - d7 47 d8 23 20 10 4f 33-98 90 9f d4 30 0c 06 03   .G.# .O3....0...
0050 - 55 1d 13 04 05 30 03 01-01 ff 30 1a 06 09 2a 86   U....0....0...*.
0060 - 48 86 f6 7d 07 41 00 04-0d 30 0b 1b 05 56 33 2e   H..}.A...0...V3.
0070 - 30 63 03 02 06 c0 30 0d-06 09 2a 86 48 86 f7 0d   0c....0...*.H...
0080 - 01 01 05 05 00 03 81 81-00 58 ce 29 ea fc f7 de   .........X.)....
0090 - b5 ce 02 b9 17 b5 85 d1-b9 e3 e0 95 cc 25 31 0d   .............%1.
00a0 - 00 a6 92 6e 7f b6 92 63-9e 50 95 d1 9a 6f e4 11   ...n...c.P...o..
00b0 - de 63 85 6e 98 ee a8 ff-5a c8 d3 55 b2 66 71 57   .c.n....Z..U.fqW
00c0 - de c0 21 eb 3d 2a a7 23-49 01 04 86 42 7b fc ee   ..!.=*.#I...B{..
00d0 - 7f a2 16 52 b5 67 67 d3-40 db 3b 26 58 b2 28 77   ...R.gg. at .;&X.(w
00e0 - 3d ae 14 77 61 d6 fa 2a-66 27 a0 0d fa a7 73 5c   =..wa..*f'....s\
00f0 - ea 70 f1 94 21 65 44 5f-fa fc ef 29 68 a9 a2 87   .p..!eD_...)h...
0100 - 79 ef 79 ef 4f ac 07 77-38                        y.y.O..w8
read from 0x80c00c0 [0x80c65c0] (5 bytes => 5 (0x5))
0000 - 16 03 01 00 04                                    .....
read from 0x80c00c0 [0x80c65c5] (4 bytes => 4 (0x4))
0000 - 0e                                                .
0004 - <SPACES/NULS>
write to 0x80c00c0 [0x80d0828] (139 bytes => 139 (0x8B))
0000 - 16 03 01 00 86 10 00 00-82 00 80 a8 56 74 7c 57   ............Vt|W
0010 - 6e 26 07 eb 36 9d 3b dc-27 7b dc 8e f2 a9 a7 17   n&..6.;.'{......
0020 - 75 6e e4 e0 4e e4 d4 25-c7 08 ee b3 e7 6e 11 24   un..N..%.....n.$
0030 - 7d 0a 1a 0d 9d 0c 91 be-e9 7a 08 fa e9 a8 cc 54   }........z.....T
0040 - 11 f1 c8 69 30 2b 25 a7-b6 40 19 62 f8 50 cf 8b   ...i0+%.. at .b.P..
0050 - da 2d 3e 03 00 3e c6 45-f3 dc 3b 5d 3d 17 68 9a   .->..>.E..;]=.h.
0060 - 05 85 24 19 5a 9e 0e ae-e7 ce 0c 8d 11 b1 61 72   ..$.Z.........ar
0070 - 21 8e d9 bc bf a8 6a 2a-21 97 f4 f9 9a 59 07 77   !.....j*!....Y.w
0080 - 1a 89 5a 89 1a c2 dd 4d-70 ea d2                  ..Z....Mp..
write to 0x80c00c0 [0x80d0828] (6 bytes => 6 (0x6))
0000 - 14 03 01 00 01 01                                 ......
write to 0x80c00c0 [0x80d0828] (45 bytes => 45 (0x2D))
0000 - 16 03 01 00 28 cd 22 90-f1 d6 cb 74 7f d9 0e 30   ....(."....t...0
0010 - ad 7f 77 6f db 0c 1d a8-53 a3 be e5 0d fe eb ae   ..wo....S.......
0020 - 61 02 62 9d 25 69 a5 7d-94 33 36 12               a.b.%i.}.36.
002d - <SPACES/NULS>
read from 0x80c00c0 [0x80c65c0] (5 bytes => 5 (0x5))
0000 - 14 03 01 00 01                                    .....
read from 0x80c00c0 [0x80c65c5] (1 bytes => 1 (0x1))
0000 - 01                                                .
read from 0x80c00c0 [0x80c65c0] (5 bytes => 5 (0x5))
0000 - 16 03 01 00 28                                    ....(
read from 0x80c00c0 [0x80c65c5] (40 bytes => 40 (0x28))
0000 - f5 e3 08 a8 8f e6 3f 39-0e 1a cf bb 42 21 c2 2c   ......?9....B!.,
0010 - 79 13 0c c7 ba 3b c7 e5-77 53 76 de 49 fb f8 6d   y....;..wSv.I..m
0020 - a3 b0 29 2f 62 3c 45 1c-                          ..)/b<E.
---
Certificate chain
 0 s:/C=AT/O=smtp.hispeed.ch/OU=GT06339816/OU=See www.geotrust.com/resources/cps (c)07/OU=Domain Control Validated - QuickSSL Premium(R)/CN=smtp.hispeed.ch
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
 1 s:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDODCCAqGgAwIBAgIDB0xgMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDcwNDIwMTE0MDQ5WhcNMDkwNDIwMTE0MDQ5
WjCBwjELMAkGA1UEBhMCQVQxGDAWBgNVBAoTD3NtdHAuaGlzcGVlZC5jaDETMBEG
A1UECxMKR1QwNjMzOTgxNjExMC8GA1UECxMoU2VlIHd3dy5nZW90cnVzdC5jb20v
cmVzb3VyY2VzL2NwcyAoYykwNzE3MDUGA1UECxMuRG9tYWluIENvbnRyb2wgVmFs
aWRhdGVkIC0gUXVpY2tTU0wgUHJlbWl1bShSKTEYMBYGA1UEAxMPc210cC5oaXNw
ZWVkLmNoMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkvlyCd+SO+Wx5t6vR
oz3tN4puNC83eYOMgCXT/n93EERB3Z5zhKlbh1nu2eF+SNnFERfbvsYUYwmoRzNI
eYFMGc+eo+CahvgmLXmnwq2d1nDkTso8b8oYox4iqUgq590GrR+W5g04Luw5zTHI
5II+MdGCG+3IbUN5zKhsL91MsQIDAQABo4GuMIGrMA4GA1UdDwEB/wQEAwIE8DAd
BgNVHQ4EFgQU+jFh6N5x3joPqFFi4T7/EreULogwOgYDVR0fBDMwMTAvoC2gK4Yp
aHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9zZWN1cmVjYS5jcmwwHwYDVR0j
BBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9QwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
CCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4GBAHgXKF/0gxeo6R7HBT9xLGik1wCu
L44ySL4W3Pntf8wkFTA5/gJaEI2pPg7Ge0sZyf6Cp4vALLa75gq42xSGeYR7lssH
u9iAmmGyUq5aRH+ZObXiXXKYTbn3iON7zXKYpEB0X5fD1QwGAl9xgsLWRfQ8NZVw
C+/+zGivWhsL5g6R
-----END CERTIFICATE-----
subject=/C=AT/O=smtp.hispeed.ch/OU=GT06339816/OU=See www.geotrust.com/resources/cps (c)07/OU=Domain Control Validated - QuickSSL Premium(R)/CN=smtp.hispeed.ch
issuer=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
No client certificate CA names sent
---
SSL handshake has read 2092 bytes and written 343 bytes
---
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DES-CBC3-SHA
    Session-ID: 4E756C39BC6033DED57ADC0DF27075BD
    Session-ID-ctx: 
    Master-Key: 0C76FEF9966C8B0E1558B850506CDF5D05DEBE285DAD0DC72FC2DDCE1DBDE4C5986A361BF73DA25508797CE0CDD9715D
    Key-Arg   : None
    Start Time: 1182349237
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
---
250 SIZE 15360000.
DONE
write to 0x80c00c0 [0x80cadd0] (29 bytes => 29 (0x1D))
0000 - 15 03 01 00 18 dd c8 3a-dd d3 95 4c 83 1e 12 02   .......:...L....
0010 - 3f a4 63 61 bd d5 0d d0-8d a8 49 9b 3e            ?.ca......I.>

/Simon

Andreas Metzler <ametzler at downhill.at.eu.org> writes:

> Hello,
> This is debian bug http://bugs.debian.org/429183
>
> From: Marc Haber <mh+debian-bugs at zugschlus.de>
> To: Debian Bug Tracking System <submit at bugs.debian.org>
> Date: Sat, 16 Jun 2007 10:44:59 +0200
>
> Package: gnutls-bin
> Version: 1.6.3-1
> Severity: normal
> File: /usr/bin/gnutls-cli
>
> Hi,
>
> $ gnutls-cli -p 25 -s smtp.hispeed.ch
> Resolving 'smtp.hispeed.ch'...
> Connecting to '213.46.255.24:25'...
>
> - Simple Client Mode:
>
> 220 smtp.hispeed.ch ESMTP server (InterMail vM.7.08.02.00 201-2186-121-20061213) ready Sat, 16 Jun 2007 10:42:25 +0200
> EHLO zugschlus.de
> 250-smtp.hispeed.ch
> 250-HELP
> 250-XREMOTEQUEUE
> 250-ETRN
> 250-AUTH=LOGIN PLAIN
> 250-AUTH LOGIN PLAIN
> 250-PIPELINING
> 250-DSN
> 250-8BITMIME
> 250-STARTTLS
> 250 SIZE 15360000
> STARTTLS
> 220 Ready to start TLS
> *** Starting TLS handshake
> *** Fatal error: A record packet with illegal version was received.
> *** Handshake has failed
> Segmentation fault
> $
>
> The "record packet with illegal version was received" sounds familiar
> and might be a bug already known, but gnutls-cli should definetely not
> segfault in this situation.
>
> Greetings
> Marc
> ----------
>
>
>
> This applies to at least 1.4.x, 1.6.3 and 1.7.9. Exim built against
> gnutls wil not crash when delivering against smtp.hispeed.ch, however
> it will not be able to make use of TLS
>
> | initialized GnuTLS session
> | LOG: MAIN
> |   TLS error on connection to smtp.hispeed.ch [213.46.255.24] (gnutls_handshake): A TLS fatal alert has been received.
> | ok=0 send_quit=0 send_rset=1 continue_more=0 yield=1 first_address is not NULL
> | 213.46.255.24 in hosts_require_tls? no (option unset)
> | LOG: MAIN
> |   TLS session failure: delivering unencrypted to smtp.hispeed.ch [213.46.255.24] (not in hosts_require_tls)
>
> Sadly a backtrace is not helpful, and OpenSSL does not have any
> problems with this host.
> cu andreas
> -- 
> `What a good friend you are to him, Dr. Maturin. His other friends are
> so grateful to you.'
> `I sew his ears on from time to time, sure'




More information about the Gnutls-devel mailing list