<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>
GitLab
</title>
<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<div></div>
<p dir="auto">Hi, I'm a user of gnutls-cli, and while I don't know exactly what is wrong, I think there has been a regression in the 3.6.x line.</p>
<p dir="auto">When using gnutls-cli to connect to freenode, and joining a channel, freenode returns "invalid command" on 3.6.x but not 3.5.19</p>
<pre class="code highlight js-syntax-highlight plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">$ src/gnutls-cli --insecure chat.freenode.net -p 6697 </span>
<span id="LC2" class="line" lang="plaintext">Processed 0 CA certificate(s).</span>
<span id="LC3" class="line" lang="plaintext">Resolving 'chat.freenode.net:6697'...</span>
<span id="LC4" class="line" lang="plaintext">Connecting to '2600:3c02::f03c:91ff:fe59:7d2e:6697'...</span>
<span id="LC5" class="line" lang="plaintext">- Certificate type: X.509</span>
<span id="LC6" class="line" lang="plaintext">- Got a certificate list of 2 certificates.</span>
<span id="LC7" class="line" lang="plaintext">- Certificate[0] info:</span>
<span id="LC8" class="line" lang="plaintext"> - subject `CN=moon.freenode.net', issuer `CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US', serial 0x03cb534cf7f15ebee7803920301991ee1625, RSA key 4096 bits, signed using RSA-SHA256, activated `2018-07-20 17:47:51 UTC', expires `2018-10-18 17:47:51 UTC', pin-sha256="CqI0jeD7wEejQQ0BFjZhYP/VIEgy7fhy8rKRxMp8YAY="</span>
<span id="LC9" class="line" lang="plaintext"> Public Key ID:</span>
<span id="LC10" class="line" lang="plaintext"> sha1:2b0af114ed176f00dda73af4cc805890af6da59e</span>
<span id="LC11" class="line" lang="plaintext"> sha256:0aa2348de0fbc047a3410d0116366160ffd5204832edf872f2b291c4ca7c6006</span>
<span id="LC12" class="line" lang="plaintext"> Public Key PIN:</span>
<span id="LC13" class="line" lang="plaintext"> pin-sha256:CqI0jeD7wEejQQ0BFjZhYP/VIEgy7fhy8rKRxMp8YAY=</span>
<span id="LC14" class="line" lang="plaintext"></span>
<span id="LC15" class="line" lang="plaintext">- Certificate[1] info:</span>
<span id="LC16" class="line" lang="plaintext"> - subject `CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.', serial 0x0a0141420000015385736a0b85eca708, RSA key 2048 bits, signed using RSA-SHA256, activated `2016-03-17 16:40:46 UTC', expires `2021-03-17 16:40:46 UTC', pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="</span>
<span id="LC17" class="line" lang="plaintext">- Status: The certificate is NOT trusted. The certificate issuer is unknown.</span>
<span id="LC18" class="line" lang="plaintext">*** PKI verification of server certificate failed...</span>
<span id="LC19" class="line" lang="plaintext">- Successfully sent 0 certificate(s) to server.</span>
<span id="LC20" class="line" lang="plaintext">- Description: (TLS1.2)-(ECDHE-X25519)-(RSA-SHA512)-(AES-256-GCM)</span>
<span id="LC21" class="line" lang="plaintext">- Session ID: C9:42:34:A8:26:56:17:1D:50:CC:0D:7B:BA:02:55:D8:42:1E:E3:66:84:46:F8:FA:31:39:69:B9:51:09:7A:B7</span>
<span id="LC22" class="line" lang="plaintext">- Ephemeral EC Diffie-Hellman parameters</span>
<span id="LC23" class="line" lang="plaintext"> - Using curve: X25519</span>
<span id="LC24" class="line" lang="plaintext"> - Curve size: 256 bits</span>
<span id="LC25" class="line" lang="plaintext">- Version: TLS1.2</span>
<span id="LC26" class="line" lang="plaintext">- Key Exchange: ECDHE-RSA</span>
<span id="LC27" class="line" lang="plaintext">- Server Signature: RSA-SHA512</span>
<span id="LC28" class="line" lang="plaintext">- Cipher: AES-256-GCM</span>
<span id="LC29" class="line" lang="plaintext">- MAC: AEAD</span>
<span id="LC30" class="line" lang="plaintext">- Options: extended master secret, safe renegotiation,</span>
<span id="LC31" class="line" lang="plaintext">- Handshake was completed</span>
<span id="LC32" class="line" lang="plaintext"></span>
<span id="LC33" class="line" lang="plaintext">- Simple Client Mode:</span>
<span id="LC34" class="line" lang="plaintext"></span>
<span id="LC35" class="line" lang="plaintext">:moon.freenode.net NOTICE * :*** Looking up your hostname...</span>
<span id="LC36" class="line" lang="plaintext">:moon.freenode.net NOTICE * :*** Checking Ident</span>
<span id="LC37" class="line" lang="plaintext">:moon.freenode.net NOTICE * :*** Couldn't look up your hostname</span>
<span id="LC38" class="line" lang="plaintext">NICK joebloe</span>
<span id="LC39" class="line" lang="plaintext">USER joebloe 0.0.0.0 joe :Joe Bloe</span>
<span id="LC40" class="line" lang="plaintext">:moon.freenode.net NOTICE * :*** No Ident response</span>
<span id="LC41" class="line" lang="plaintext">:moon.freenode.net 451 * :You have not registered</span>
<span id="LC42" class="line" lang="plaintext">:moon.freenode.net 001 joebloe :Welcome to the freenode Internet Relay Chat Network joebloe</span>
<span id="LC43" class="line" lang="plaintext">[<SNIP MOTD>]</span>
<span id="LC44" class="line" lang="plaintext"></span>
<span id="LC45" class="line" lang="plaintext">JOIN #flood</span>
<span id="LC46" class="line" lang="plaintext">:joebloe!~joebloe@2601:647:5801:7d1f::672f JOIN #flood</span>
<span id="LC47" class="line" lang="plaintext">:moon.freenode.net 332 joebloe #flood :Topic for #flood: Please don't paste useless stuff, such as ascii art or the nicks in #flood | If you abuse this channel, you will be banned temporarily | Remove comments from lengthy files (ex: grep -v '^#' file) | For large amounts of text, consider a paste site (like http://pastie.org/ or http://channels.debian.net/paste/), or a separate channel | Problems? /msg dondelelcaro, Udon</span>
<span id="LC48" class="line" lang="plaintext">:moon.freenode.net 333 joebloe #flood dondelelcaro!~don@hemlock.ucr.edu 1287079923</span>
<span id="LC49" class="line" lang="plaintext">:moon.freenode.net 353 joebloe = #flood :joebloe alphamule altendky moser Evidlo benzalaniline diarything Erkan_Yilmaz martiniss_ hieronymus naf hodapp mrsteveman1 ArneBab xnox mondkalbantrieb_ Stitch1 ketas DuClare mbo_ noeatnosleep makomk Foxtrot ipv6_user</span>
<span id="LC50" class="line" lang="plaintext">:moon.freenode.net 366 joebloe #flood :End of /NAMES list.</span>
<span id="LC51" class="line" lang="plaintext">:moon.freenode.net 421 joebloe nnect!frigg@freenode/utility-bot/frigg :Unknown command</span>
<span id="LC52" class="line" lang="plaintext">:joebloe!~joebloe@2601:647:5801:7d1f::672f NOTICE joebloe :Due to the persistent ongoing spam, all new connections are being set +R (block messages from unidentified users) and will be scanned for vulnerabilities. This will not harm your computer, and vulnerable hosts will be notified.</span>
<span id="LC53" class="line" lang="plaintext"></span></code></pre>
<p dir="auto">The <code>:moon.freenode.net 421 joebloe nnect!frigg@freenode/utility-bot/frigg :Unknown command</code> line is the odd one. Freenode (and any other irc server that I tried at least) seems to think we are sending invalid commands (although the exact error changes) every time something is sent.</p>
<p dir="auto">I bisected this, and I think <a href="https://gitlab.com/gnutls/gnutls/commit/f138ff85df69976badce44a5c46157cce091020f" data-original="f138ff85d" data-link="false" data-link-reference="false" data-project="179611" data-commit="f138ff85df69976badce44a5c46157cce091020f" data-reference-type="commit" data-container="body" data-placement="bottom" title="gnutls-cli: wait for all server data prior to closing connection" class="gfm gfm-commit has-tooltip">f138ff85</a> is the first commit with the issue.</p>
<p dir="auto">Please let me know if I can provide any additional information!</p>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #777;">
—
<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/issues/545">view it on GitLab</a>.
<br>
You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
<a href="https://gitlab.com/sent_notifications/92b9e460f4e72f2fe391e72e93d3b478/unsubscribe">unsubscribe</a>
from this thread or
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/issues/545"}}</script>
</p>
</div>
</body>
</html>