Interoperability issue with The Bat (Debian Bug #316522)
nmav at gnutls.org
Tue Jan 8 20:19:15 CET 2008
On Friday 04 January 2008, Simon Josefsson wrote:
> Simon Josefsson <simon at josefsson.org> writes:
> >> It might be possible (judging from
> >> https://www.ritlabs.com/bt/view.php?id=5785) that The Bat by default
> >> refuses to talk TLS to a server presenting a self-signed certificate.
> > I also note that it is possible to download trial versions of TheBat.
> > If we can get a recipe to reproduce the problem using it, that would
> > help a lot.
> TheBat works under Wine, so I downloaded it and debugged this... FWIW, I
> can reproduce the problem:
> 2008-01-04 19:03:02 TLS error on connection from xxx.bredband.comhem.se
> (mocca.local) [x.y.z.q] (gnutls_handshake): An error was encountered at the
> TLS Finished packet calculation.
> Using gnutls-serv, I get the connection debug log  below. TheBat
> complains that the CA is untrusted, and I have to click continue. Then
> it fails with the TLS Finished packet calculation error.
Could you try with different protocol/algorithm combinations? I think the
output of connection with gnutls using SSL 3.0 and arcfour might be useful
> However, if I start gnutls-serv with --disable-client-cert I get the
> debug log  which is a successful TLS handshake!
An idea might be that it doesn't insert the certificate request message to the
handshake hash. Openssl has several compatibility options enabled by default
and this might be one, but I am not sure, I only speculate!
More information about the Gnutls-devel