About gnutls windows handshake problem
Ankush Vaid
ankush.vaid at tcs.com
Sun May 17 14:00:00 CEST 2009
Hi Nikos/Simon
I have implemented disable padding function, but after that it also got
failed, I guess reason of failure is something else.
I am sending the log details of the failure.
The whole log follows below:-
Please help me in decoding this log
Thanks
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:\Documents and Settings\trinitypc>cd c:\
C:\>gnutls-serv --http --port 7070 --debug 10 --x509cafile cacert.pem
--x509keyf
ile server-key.pem --x509certfile server-cert.pem
Set static Diffie Hellman parameters, consider --dhparams.
|<2>| ASSERT: ../../../src/gnutls-2.0.0/lib/gnutls_x509.c:1376
Error reading 'cacert.pem'
Error: Error while reading file.
C:\>
C:\>cd program files
C:\Program Files>cd gnutls-2.0.0
C:\Program Files\GnuTLS-2.0.0>cd bin
C:\Program Files\GnuTLS-2.0.0\bin>gnutls-serv --http --port 7070 --debug
10 --x5
09cafile cacert.pem --x509keyfile server-key.pem --x509certfile
server-cert.pem
Set static Diffie Hellman parameters, consider --dhparams.
Processed 1 CA certificate(s).
HTTP Server ready. Listening to port '7070'.
|<7>| READ: Got 5 bytes from 20
|<7>| READ: read 5 bytes from 20
|<7>| 0000 - 16 03 01 00 2d
|<7>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<7>| RB: Requested 5 bytes
|<4>| REC[ac33d8]: Expected Packet[0] Handshake(22) with length: 1
|<4>| REC[ac33d8]: Received Packet[0] Handshake(22) with length: 45
|<7>| READ: Got 45 bytes from 20
|<7>| READ: read 45 bytes from 20
|<7>| 0000 - 01 00 00 29 03 01 37 11 00 00 ce 21 55 ca 9e 30
|<7>| 0001 - 3b 6a c5 bb 87 03 d7 c0 1a 4a 04 ce 17 d2 db 21
|<7>| 0002 - 7e 57 eb 05 4b a8 00 00 02 00 2f 01 00
|<7>| RB: Have 5 bytes into buffer. Adding 45 bytes.
|<7>| RB: Requested 50 bytes
|<4>| REC[ac33d8]: Decrypted Packet[0] Handshake(22) with length: 45
|<6>| BUF[HSK]: Inserted 45 bytes of Data(22)
|<6>| BUF[REC][HD]: Read 1 bytes of Data(22)
|<6>| BUF[REC][HD]: Read 3 bytes of Data(22)
|<3>| HSK[ac33d8]: CLIENT HELLO was received [45 bytes]
|<6>| BUF[REC][HD]: Read 41 bytes of Data(22)
|<6>| BUF[HSK]: Peeked 0 bytes of Data
|<6>| BUF[HSK]: Emptied buffer
|<6>| BUF[HSK]: Inserted 4 bytes of Data
|<6>| BUF[HSK]: Inserted 41 bytes of Data
|<3>| HSK[ac33d8]: Client's version: 3.1
|<2>| ASSERT: ../../../src/gnutls-2.0.0/lib/gnutls_db.c:327
|<2>| ASSERT: ../../../src/gnutls-2.0.0/lib/gnutls_db.c:247
|<2>| ASSERT: ../../../src/gnutls-2.0.0/lib/gnutls_algorithms.c:1628
|<3>| HSK[ac33d8]: Selected Compression Method: NULL
|<2>| ASSERT: ../../../src/gnutls-2.0.0/lib/gnutls_extensions.c:162
|<3>| HSK[ac33d8]: Removing ciphersuite: PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[ac33d8]: Removing ciphersuite: PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[ac33d8]: Removing ciphersuite: PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[ac33d8]: Removing ciphersuite: PSK_SHA_AES_256_CBC_SHA1
|<3>| HSK[ac33d8]: Removing ciphersuite: DHE_PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[ac33d8]: Removing ciphersuite: DHE_PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[ac33d8]: Removing ciphersuite: DHE_PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[ac33d8]: Removing ciphersuite: DHE_PSK_SHA_AES_256_CBC_SHA1
|<3>| HSK[ac33d8]: Removing ciphersuite: SRP_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[ac33d8]: Removing ciphersuite: SRP_SHA_AES_128_CBC_SHA1
|<3>| HSK[ac33d8]: Removing ciphersuite: SRP_SHA_AES_256_CBC_SHA1
|<3>| HSK[ac33d8]: Removing ciphersuite: SRP_SHA_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[ac33d8]: Removing ciphersuite: SRP_SHA_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[ac33d8]: Removing ciphersuite: SRP_SHA_DSS_AES_128_CBC_SHA1
|<3>| HSK[ac33d8]: Removing ciphersuite: SRP_SHA_RSA_AES_128_CBC_SHA1
|<3>| HSK[ac33d8]: Removing ciphersuite: SRP_SHA_DSS_AES_256_CBC_SHA1
|<3>| HSK[ac33d8]: Removing ciphersuite: SRP_SHA_RSA_AES_256_CBC_SHA1
|<3>| HSK[ac33d8]: Removing ciphersuite: DHE_DSS_ARCFOUR_SHA1
|<3>| HSK[ac33d8]: Removing ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[ac33d8]: Removing ciphersuite: DHE_DSS_AES_128_CBC_SHA1
|<3>| HSK[ac33d8]: Removing ciphersuite: DHE_DSS_AES_256_CBC_SHA1
|<3>| HSK[ac33d8]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[ac33d8]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1
|<3>| HSK[ac33d8]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1
|<3>| HSK[ac33d8]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
|<3>| HSK[ac33d8]: Keeping ciphersuite: RSA_ARCFOUR_MD5
|<3>| HSK[ac33d8]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[ac33d8]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1
|<3>| HSK[ac33d8]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1
|<3>| HSK[ac33d8]: Selected cipher suite: RSA_AES_128_CBC_SHA1
|<2>| ASSERT: ../../../src/gnutls-2.0.0/lib/ext_authz.c:180
|<2>| ASSERT: ../../../src/gnutls-2.0.0/lib/ext_authz.c:237
|<3>| HSK[ac33d8]: SessionID:
d509786573e00a3e5306e75185294329676485f91c60fe3460
d50d65bd52aa47
|<3>| HSK[ac33d8]: SERVER HELLO was send [74 bytes]
|<6>| BUF[HSK]: Peeked 45 bytes of Data
|<6>| BUF[HSK]: Emptied buffer
|<4>| REC[ac33d8]: Sending Packet[0] Handshake(22) with length: 74
|<7>| WRITE: Will write 79 bytes to 20.
|<7>| WRITE: wrote 79 bytes to 20. Left 0 bytes. Total 79 bytes.
|<7>| 0000 - 16 03 01 00 4a 02 00 00 46 03 01 4a 0d 39 24 a0
|<7>| 0001 - b7 35 6e 9f c8 88 0d 37 55 4e 67 63 88 10 db ca
|<7>| 0002 - 3c 80 3f ba c9 f7 1c 51 b8 7b 6a 20 d5 09 78 65
|<7>| 0003 - 73 e0 0a 3e 53 06 e7 51 85 29 43 29 67 64 85 f9
|<7>| 0004 - 1c 60 fe 34 60 d5 0d 65 bd 52 aa 47 00 2f 00
|<4>| REC[ac33d8]: Sent Packet[1] Handshake(22) with length: 79
|<3>| HSK[ac33d8]: CERTIFICATE was send [930 bytes]
|<6>| BUF[HSK]: Peeked 0 bytes of Data
|<6>| BUF[HSK]: Emptied buffer
|<4>| REC[ac33d8]: Sending Packet[1] Handshake(22) with length: 930
|<7>| WRITE: Will write 935 bytes to 20.
|<7>| WRITE: wrote 935 bytes to 20. Left 0 bytes. Total 935 bytes.
|<7>| 0000 - 16 03 01 03 a2 0b 00 03 9e 00 03 9b 00 03 98 30
|<7>| 0001 - 82 03 94 30 82 02 7c a0 03 02 01 02 02 03 10 00
|<7>| 0002 - 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00
|<7>| 0003 - 30 58 31 0b 30 09 06 03 55 04 06 13 02 55 4b 31
|<7>| 0004 - 0f 30 0d 06 03 55 04 08 13 06 4c 6f 6e 64 6f 6e
|<7>| 0005 - 31 12 30 10 06 03 55 04 07 13 09 53 74 65 76 65
|<7>| 0006 - 6e 61 67 65 31 11 30 0f 06 03 55 04 0a 13 08 41
|<7>| 0007 - 65 72 6f 66 6c 65 78 31 11 30 0f 06 03 55 04 03
|<7>| 0008 - 13 08 41 65 72 6f 66 6c 65 78 30 1e 17 0d 30 38
|<7>| 0009 - 30 37 32 33 30 38 31 38 32 33 5a 17 0d 31 33 30
|<7>| 000a - 37 32 32 30 38 31 38 32 33 5a 30 44 31 0b 30 09
|<7>| 000b - 06 03 55 04 06 13 02 55 4b 31 0f 30 0d 06 03 55
|<7>| 000c - 04 08 13 06 4c 6f 6e 64 6f 6e 31 11 30 0f 06 03
|<7>| 000d - 55 04 0a 13 08 41 65 72 6f 66 6c 65 78 31 11 30
|<7>| 000e - 0f 06 03 55 04 03 13 08 41 65 72 6f 66 6c 65 78
|<7>| 000f - 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01
|<7>| 0010 - 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01
|<7>| 0011 - 00 be 17 70 dc 6c 04 ba 89 ce 7a a6 77 ba 3f 2c
|<7>| 0012 - 13 4e b4 65 8a c8 9c dd f3 32 73 14 e8 03 f8 8f
|<7>| 0013 - f3 7c 53 a2 b4 d6 b0 7b 88 e4 0e 1b c6 fa b6 93
|<7>| 0014 - 47 4e 41 08 8c 40 83 44 78 5c a2 ab f9 1d 28 53
|<7>| 0015 - da fb f1 a6 dd a0 1b 28 ad a3 12 79 e0 60 bb dd
|<7>| 0016 - a7 b8 ea ea 9d 54 4d f0 ac 65 a8 1c c7 f3 d2 5e
|<7>| 0017 - 99 b5 ec 04 93 ad 58 ed bc 07 43 32 61 4f 21 00
|<7>| 0018 - 38 a4 df 49 a5 d2 aa 14 72 c7 98 18 18 86 b4 80
|<7>| 0019 - 52 0a d2 c8 09 d8 f3 09 ee b4 d8 42 fb 18 18 6b
|<7>| 001a - 8c 19 be 05 55 29 ef be 85 14 eb 33 05 8d c0 7f
|<7>| 001b - 7b 88 59 cb f3 0c bc ac d5 bf 2b 27 79 b7 44 be
|<7>| 001c - eb f3 8c 92 9c 1a ec c1 fb 3c 91 5c 18 1f 3b 0b
|<7>| 001d - 52 1b 7c d7 57 61 22 80 2d 28 8a c7 25 bf 3e 92
|<7>| 001e - 50 96 3d 35 81 cd ea 04 b0 59 bc f3 5f 8d df b3
|<7>| 001f - 00 22 9c 6c 59 f2 de 57 34 ab ff 45 ec 91 25 8f
|<7>| 0020 - a7 0e c2 61 4b 0a 36 c5 99 1f cf 90 e8 24 40 bc
|<7>| 0021 - d7 02 03 01 00 01 a3 7b 30 79 30 09 06 03 55 1d
|<7>| 0022 - 13 04 02 30 00 30 2c 06 09 60 86 48 01 86 f8 42
|<7>| 0023 - 01 0d 04 1f 16 1d 4f 70 65 6e 53 53 4c 20 47 65
|<7>| 0024 - 6e 65 72 61 74 65 64 20 43 65 72 74 69 66 69 63
|<7>| 0025 - 61 74 65 30 1d 06 03 55 1d 0e 04 16 04 14 42 15
|<7>| 0026 - 35 c7 fc ba 91 0f 9e 99 09 fa 68 26 6a e4 a0 d4
|<7>| 0027 - 2c a1 30 1f 06 03 55 1d 23 04 18 30 16 80 14 90
|<7>| 0028 - c1 e9 00 e7 db fe 76 9e f8 b8 7c 00 66 ed ef 0a
|<7>| 0029 - 3d 30 30 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05
|<7>| 002a - 05 00 03 82 01 01 00 01 27 e4 9f 51 3d 42 1a 20
|<7>| 002b - fd a9 28 91 fe 2d e2 bf 04 c1 bd 52 38 e5 2e de
|<7>| 002c - 31 f2 10 ea c6 d3 f5 74 34 89 9a 91 fe db 98 5a
|<7>| 002d - 77 d4 9e 6b 67 b5 2f fa 0e 79 96 c2 cd 86 8f b1
|<7>| 002e - 0f 8e f1 0c a3 fd 3e d6 2b 85 7b 36 15 3f 76 69
|<7>| 002f - f3 c2 9c 28 6d a1 4e 19 ae 82 8a 17 a2 f3 57 eb
|<7>| 0030 - 18 74 a9 f6 cc 0c 17 db 7e 4e 47 d9 cc 3b 87 7a
|<7>| 0031 - 74 98 c3 43 c3 69 55 f4 a8 a2 7a 9d b2 d6 76 f4
|<7>| 0032 - c2 23 a3 ae f2 e5 6e 34 5c a6 60 fe 8e d9 13 68
|<7>| 0033 - 49 61 b5 f7 ed b2 e3 6a 06 73 88 65 32 b7 42 de
|<7>| 0034 - 8d 5d a6 09 94 bb c4 21 48 1a 2b c0 04 cb b5 d3
|<7>| 0035 - 01 8b 90 9a ee a3 2a 10 7f cd d3 ea 26 da 82 a2
|<7>| 0036 - 0f b3 33 10 0f 09 fc e2 ee c6 26 a5 25 6e ab d9
|<7>| 0037 - cd 1d f2 2b eb 9d d5 3f 04 14 f3 f5 3c a1 3c 1c
|<7>| 0038 - 94 a7 dd 5a 24 4e 60 9c 01 0e a4 78 8b c2 18 1a
|<7>| 0039 - 38 b8 87 3d 2a 32 b8 c5 06 a9 bc 40 94 cf f7 6e
|<7>| 003a - 7e c9 d7 de 49 1c de
|<4>| REC[ac33d8]: Sent Packet[2] Handshake(22) with length: 935
|<3>| HSK[ac33d8]: CERTIFICATE REQUEST was send [101 bytes]
|<6>| BUF[HSK]: Peeked 0 bytes of Data
|<6>| BUF[HSK]: Emptied buffer
|<4>| REC[ac33d8]: Sending Packet[2] Handshake(22) with length: 101
|<7>| WRITE: Will write 106 bytes to 20.
|<7>| WRITE: wrote 106 bytes to 20. Left 0 bytes. Total 106 bytes.
|<7>| 0000 - 16 03 01 00 65 0d 00 00 61 02 01 02 00 5c 00 5a
|<7>| 0001 - 30 58 31 0b 30 09 06 03 55 04 06 13 02 55 4b 31
|<7>| 0002 - 0f 30 0d 06 03 55 04 08 13 06 4c 6f 6e 64 6f 6e
|<7>| 0003 - 31 12 30 10 06 03 55 04 07 13 09 53 74 65 76 65
|<7>| 0004 - 6e 61 67 65 31 11 30 0f 06 03 55 04 0a 13 08 41
|<7>| 0005 - 65 72 6f 66 6c 65 78 31 11 30 0f 06 03 55 04 03
|<7>| 0006 - 13 08 41 65 72 6f 66 6c 65 78
|<4>| REC[ac33d8]: Sent Packet[3] Handshake(22) with length: 106
|<3>| HSK[ac33d8]: SERVER HELLO DONE was send [4 bytes]
|<6>| BUF[HSK]: Peeked 0 bytes of Data
|<6>| BUF[HSK]: Emptied buffer
|<4>| REC[ac33d8]: Sending Packet[3] Handshake(22) with length: 4
|<7>| WRITE: Will write 9 bytes to 20.
|<7>| WRITE: wrote 9 bytes to 20. Left 0 bytes. Total 9 bytes.
|<7>| 0000 - 16 03 01 00 04 0e 00 00 00
|<4>| REC[ac33d8]: Sent Packet[4] Handshake(22) with length: 9
|<7>| READ: Got 5 bytes from 20
|<7>| READ: read 5 bytes from 20
|<7>| 0000 - 15 03 01 00 02
|<7>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<7>| RB: Requested 5 bytes
|<4>| REC[ac33d8]: Expected Packet[1] Handshake(22) with length: 1
|<4>| REC[ac33d8]: Received Packet[1] Alert(21) with length: 2
|<7>| READ: Got 2 bytes from 20
|<7>| READ: read 2 bytes from 20
|<7>| 0000 - 02 28
|<7>| RB: Have 5 bytes into buffer. Adding 2 bytes.
|<7>| RB: Requested 7 bytes
|<4>| REC[ac33d8]: Decrypted Packet[1] Alert(21) with length: 2
|<4>| REC[ac33d8]: Alert[2|40] - Handshake failed - was received
|<2>| ASSERT: ../../../src/gnutls-2.0.0/lib/gnutls_record.c:681
|<2>| ASSERT: ../../../src/gnutls-2.0.0/lib/gnutls_record.c:1028
|<2>| ASSERT: ../../../src/gnutls-2.0.0/lib/gnutls_buffers.c:1188
|<2>| ASSERT: ../../../src/gnutls-2.0.0/lib/gnutls_handshake.c:962
|<2>| ASSERT: ../../../src/gnutls-2.0.0/lib/gnutls_handshake.c:2568
|<6>| BUF[HSK]: Cleared Data from buffer
* Received alert '40': Handshake failed.
Error in handshake
Error: A TLS fatal alert has been received.
|<2>| ASSERT: ../../../src/gnutls-2.0.0/lib/gnutls_record.c:241
Ankush Vaid
Tata Consultancy Services
TCS Towers, 249 D&E Udyog Vihar,
Phase IV,
Gurgaon
Gurgaon - 122001,Haryana
India
Cell:- 09718290491
Mailto: ankush.vaid at tcs.com
Website: http://www.tcs.com
____________________________________________
Experience certainty. IT Services
Business Solutions
Outsourcing
____________________________________________
Simon Josefsson <simon at josefsson.org>
05/14/2009 06:40 PM
To
Nikos Mavrogiannopoulos <nmav at gnutls.org>
cc
Ankush Vaid <ankush.vaid at tcs.com>, Gnutls-dev at gnupg.org
Subject
Re: About gnutls windows handshake problem
Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:
> Ankush Vaid wrote:
>> Hi,
>>
>> This is regarding handshaking failure on qualcomm mobile 6280 using
>> security, after digging into the problem I come to know about that
error is
>> coming at finished message which is found of size 208 bytes.
>>
>> There is link given below which suggest that some mobiles don't support
non
>> minimal record padding.
>>
>>
http://www.gnu.org/software/gnutls/manual/html_node/On-Record-Padding.html
>>
>> If this the case probably there is a workaround in gnutls library we
are
>> using to resolve/fix this issue.
>
> Hi,
> I do not understand what is the question here. If you ask for a
> workaround this is discussed in the page you refer to (the %COMPAT
> priority string).
Indeed %COMPAT seems like the answer. However, isn't that keyword
confusing? How about adding %DISABLE_MAC_PADDING? Today those two
keywords would do the same, but if we encounter other compatibility
hacks, %COMPAT would also enable them, but %DISABLE_MAC_PADDING would
only disable MAC padding. It seems better to introduce this today
rather than when the next compatibility hack is introduced.
/Simon
ForwardSourceID:NT000040F2
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20090517/8e0f7f68/attachment-0001.htm>
More information about the Gnutls-devel
mailing list