Bug#480041: confirmation that debian #480041 is a gnutls problem, and steps to reproduce

Nikos Mavrogiannopoulos nmav at gnutls.org
Sat Nov 29 09:02:35 CET 2008

Joe Orton wrote:
> I've tried this using a git build of GnuTLS, gnutls-cli and a test 
> httpd/mod_ssl server configured for per-location client cert auth (i.e. 
> it requests a second handshake after the GET request is recevied), and 
> it does fail, so I think this is indeed a GnuTLS bug in the handling of 
> rehandshakes.

Hello Joe,
 I the test case was not correct. The call (from server) to
gnutls_rehandshake will only notify the client about a rehandshake.
After that a call to gnutls_handshake is required. Once I do this the
test case works correctly (i've also committed it).

To debug (1 - gnutls-cli log output from testing using httpd/mod_ssl)
you might need some output from mod_ssl as well. There the server
notifies the client about a rehandshake, the client starts the handshake
by sending client hello and the server replies with an alert.


More information about the Gnutls-devel mailing list