[gnutls-devel] GnuTLS | TLS Handshake Fails with "expired.badssl.com": Fatal Alert [40] (GnuTLS v3.7.3) (#1708)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Sat May 10 10:17:38 CEST 2025
Jennifer-first created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1708
## Description of problem:
When connecting to `expired.badssl.com` using `gnutls-cli`, the handshake fails with a fatal TLS alert (alert code [40]) and the connection is aborted. The goal was to reproduce an SSL error scenario, and the observed behavior may indicate either expected behavior or unexpected handling by GnuTLS.Attached is my running script.[test.py](/uploads/6caa057315fd74924dcddd36314b3c70/test.py)
## Version of gnutls used:
gnutls 3.7.3
## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Ubuntu
## How reproducible:
Steps to Reproduce:
* python3 test.py
## Actual results:
python3 test.py
STDOUT:
Processed 146 CA certificate(s).
Resolving 'expired.badssl.com:443'...
Connecting to '104.154.89.105:443'...
*** Received alert [40]: Handshake failed
STDERR:
*** Fatal error: A TLS fatal alert has been received.
✅ REPRODUCTION SUCCESSFUL: SSL error observed.
## Expected results:
The connection should fail gracefully due to the expired certificate, but it is unclear whether the fatal alert [40] is expected or if GnuTLS should produce a more descriptive error (e.g., "certificate expired").
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1708
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250510/6b63a266/attachment.html>
More information about the Gnutls-devel
mailing list