[Help-gnutls] Re: GNUTLS ERROR: A TLS fatal alert

[Simon Josefsson]

Daniel Stenberg <daniel at haxx.se> writes:

>>    const char *PORT = "443";
>>    const char *SERVER = "62.1.205.36";
>
> Hm. When I try that server + port, it works for me as well. But if I point it 
> to sourceforge's HTTPS server at 66.35.250.203:443, I get that TLS fatal alert 
> again.
>
> Does it work for you then? gnutls-cli seems to work fine against it.

Try ex-client2.c against www.sf.net.

They seem to require that the client support X.509 credentials, even
though it is not used.

I ran into this as well when first starting toying with GnuTLS,
incidentally www.sf.net was one of the first real servers I tried
talking to...

If someone if there is a real reason why sf.net (and others) behave
like this, it would be useful information.  Possibly an OpenSSL quirk?

It seems you typically have to set up a X.509 credential with GnuTLS
even if you aren't using it.

>> The old manual is still available from the "Dcoumentation" page, but
>> labeled as such.  Is it too confusing?
>
> Using Debian unstable, updated very frequently, I'm not used to looking for 
> "old manual" links. I think they would be better if they mentioned version 
> numbers/ranges.

Right.

Thanks,
Simon