[gnutls-devel] GnuTLS | gnutls-cli sending incorrect data to IRC servers (#545)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Aug 17 05:33:59 CEST 2018

New Issue was created.

Issue 545: https://gitlab.com/gnutls/gnutls/issues/545
Author:    Jay Kamat

Hi, I'm a user of gnutls-cli, and while I don't know exactly what is wrong, I think there has been a regression in the 3.6.x line.

When using gnutls-cli to connect to freenode, and joining a channel, freenode returns "invalid command" on 3.6.x but not 3.5.19

$ src/gnutls-cli --insecure chat.freenode.net -p 6697 
Processed 0 CA certificate(s).
Resolving 'chat.freenode.net:6697'...
Connecting to '2600:3c02::f03c:91ff:fe59:7d2e:6697'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
 - subject `CN=moon.freenode.net', issuer `CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US', serial 0x03cb534cf7f15ebee7803920301991ee1625, RSA key 4096 bits, signed using RSA-SHA256, activated `2018-07-20 17:47:51 UTC', expires `2018-10-18 17:47:51 UTC', pin-sha256="CqI0jeD7wEejQQ0BFjZhYP/VIEgy7fhy8rKRxMp8YAY="
	Public Key ID:
	Public Key PIN:

- Certificate[1] info:
 - subject `CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.', serial 0x0a0141420000015385736a0b85eca708, RSA key 2048 bits, signed using RSA-SHA256, activated `2016-03-17 16:40:46 UTC', expires `2021-03-17 16:40:46 UTC', pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="
- Status: The certificate is NOT trusted. The certificate issuer is unknown.
*** PKI verification of server certificate failed...
- Successfully sent 0 certificate(s) to server.
- Description: (TLS1.2)-(ECDHE-X25519)-(RSA-SHA512)-(AES-256-GCM)
- Session ID: C9:42:34:A8:26:56:17:1D:50:CC:0D:7B:BA:02:55:D8:42:1E:E3:66:84:46:F8:FA:31:39:69:B9:51:09:7A:B7
- Ephemeral EC Diffie-Hellman parameters
 - Using curve: X25519
 - Curve size: 256 bits
- Version: TLS1.2
- Key Exchange: ECDHE-RSA
- Server Signature: RSA-SHA512
- Cipher: AES-256-GCM
- Options: extended master secret, safe renegotiation,
- Handshake was completed

- Simple Client Mode:

:moon.freenode.net NOTICE * :*** Looking up your hostname...
:moon.freenode.net NOTICE * :*** Checking Ident
:moon.freenode.net NOTICE * :*** Couldn't look up your hostname
NICK joebloe
USER joebloe joe :Joe Bloe
:moon.freenode.net NOTICE * :*** No Ident response
:moon.freenode.net 451 * :You have not registered
:moon.freenode.net 001 joebloe :Welcome to the freenode Internet Relay Chat Network joebloe

JOIN #flood
:joebloe!~joebloe at 2601:647:5801:7d1f::672f JOIN #flood
:moon.freenode.net 332 joebloe #flood :Topic for #flood: Please don't paste useless stuff, such as ascii art or the nicks in #flood | If you abuse this channel, you will be banned temporarily | Remove comments from lengthy files (ex: grep -v '^#' file) | For large amounts of text, consider a paste site (like http://pastie.org/ or http://channels.debian.net/paste/), or a separate channel | Problems? /msg dondelelcaro, Udon
:moon.freenode.net 333 joebloe #flood dondelelcaro!~don at hemlock.ucr.edu 1287079923
:moon.freenode.net 353 joebloe = #flood :joebloe alphamule altendky moser Evidlo benzalaniline diarything Erkan_Yilmaz martiniss_ hieronymus naf hodapp mrsteveman1 ArneBab xnox mondkalbantrieb_ Stitch1 ketas DuClare mbo_ noeatnosleep makomk Foxtrot ipv6_user
:moon.freenode.net 366 joebloe #flood :End of /NAMES list.
:moon.freenode.net 421 joebloe nnect!frigg at freenode/utility-bot/frigg :Unknown command
:joebloe!~joebloe at 2601:647:5801:7d1f::672f NOTICE joebloe :Due to the persistent ongoing spam, all new connections are being set +R (block messages from unidentified users) and will be scanned for vulnerabilities. This will not harm your computer, and vulnerable hosts will be notified.


The `:moon.freenode.net 421 joebloe nnect!frigg at freenode/utility-bot/frigg :Unknown command` line is the odd one. Freenode (and any other irc server that I tried at least) seems to think we are sending invalid commands (although the exact error changes) every time something is sent.

I bisected this, and I think f138ff85d is the first commit with the issue.

Please let me know if I can provide any additional information!

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/545
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180817/cfb1e1d9/attachment.html>

More information about the Gnutls-devel mailing list