[gnutls-devel] "Error in the push function" using gnutls >= 3.2.1-w32

[João Távora]

Hi,

I'm on Microsoft Windows XP. Using gnutls 3.1.8-w32, I get in some
servers, but not others:

   $ ./gnutls-cli -p 443 siscog.campfirenow.com
   Processed 154 CA certificate(s).
   Resolving 'siscog.campfirenow.com'...
   Connecting to '204.62.114.183:443'...
   *** Fatal error: An illegal TLS extension was received.
   *** Handshake has failed
   GnuTLS error: An illegal TLS extension was received.

I had to switch to gnutls >= 3.2.1 since it is the first one supporting
the ECC cypher, which appears to be TLS extension required by this
server (but not by github.com, apparently). However I get an even
weirder error:

   $ ./gnutls-cli -p 443 siscog.campfirenow.com
   Processed 154 CA certificate(s).
   Resolving 'siscog.campfirenow.com'...
   Connecting to '204.62.114.183:443'...
   *** Fatal error: Error in the push function.
   *** Handshake has failed
   GnuTLS error: Error in the push function.

This bit of detail might be interesting, I haven't dug into the source:

   *** Fatal error: Error in the push function.
   |<4>| REC: Sending Alert[2|80] - Internal error
   |<7>| WRITE FLUSH: 233 bytes in buffer.
   |<2>| errno: 5
   |<2>| ASSERT: gnutls_buffers.c:171
   |<7>| WRITE error: code -53, 233 bytes left.
   |<2>| ASSERT: gnutls_buffers.c:644
   |<2>| ASSERT: gnutls_record.c:573
   *** Handshake has failed

If you're curious, I originally discovered this using gnutls embedded in
Emacs, but apparently it's reproducible using gnutls-cli. Also FWIW, w32
version of curl and openssl work.

Thanks,
João