Bug#480041: confirmation that debian #480041 is a gnutls problem, and steps to reproduce
nmav at gnutls.org
Sat Nov 29 09:02:35 CET 2008
Joe Orton wrote:
> I've tried this using a git build of GnuTLS, gnutls-cli and a test
> httpd/mod_ssl server configured for per-location client cert auth (i.e.
> it requests a second handshake after the GET request is recevied), and
> it does fail, so I think this is indeed a GnuTLS bug in the handling of
I the test case was not correct. The call (from server) to
gnutls_rehandshake will only notify the client about a rehandshake.
After that a call to gnutls_handshake is required. Once I do this the
test case works correctly (i've also committed it).
To debug (1 - gnutls-cli log output from testing using httpd/mod_ssl)
you might need some output from mod_ssl as well. There the server
notifies the client about a rehandshake, the client starts the handshake
by sending client hello and the server replies with an alert.
More information about the Gnutls-devel