bug in 3.0.18: gnutls-cli fails to transfer data to gnutls-serv --echo

[Alexandre Bique]

On Thu, Apr 19, 2012 at 15:43, Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
> On Thu, Apr 19, 2012 at 11:42 AM, Alexandre Bique
> <bique.alexandre at gmail.com> wrote:
>
>>> Hello,
>>>  why you think this is a gnutls error? There are other web servers like
>>> libmicrohttpd, nxweb or apache's mod_gnutls that as far as I know they
>>> have no such issues with firefox or chromium.
>> Yep I had a bug in my code, but for the firefox part, it look like you
>> can take it down by sending an infinite text file over http, because
>> it is keeping every thing in memory.
>
> :)
>
>>> What doesn't work? gnutls-serv is a test server and many things might
>>> not work. However this seems unrelated to the above where you mention
>>> incompatibility with chromium and firefox. Does gnutls-serv --http
>>> work with the browsers you mention?
>> I'm digging and you may be right, but I still have an error when
>> "cating" a file through openssl s_client  to gnutls-serv --echo:
>> openssl s_client ....
>> RENEGOTIATING
>> 140361428772520:error:140940F5:SSL routines:SSL3_READ_BYTES:unexpected
>> record:s3_pkt.c:1393:
>
> I see a renegotiation request there and gnutls-serv doesn't do that,
> so it might be that.

So in production code, do I have to check gnutls_record_{send,recv}
return value to manually start a renegotiation or re-handshake?

Could we add renegotiation to gnutls-serv?

> I'll have to check though.  Which was the command you used in openssl
> and which openssl
> version?

I used openssl-1.0.1-3 from archlinux (x86_64).

The openssl command:
openssl s_client -connect 0.0.0.0:4242 <test-file

With test-file being a large file, generated with ``cat
/usr/include/*.h >test-file''.

>> And I wonder if it is possible to serve large content-length with
>> gnutls-serv --http ?
>
> No. It is really a test application. You might want to check one of
> the small web servers
> using gnutls instead.

OK.

Regards,
-- 
Alexandre Bique