[Help-gnutls] Re: GnuTLS 1.5.1 for Windows

Ralf Angeli angeli at caeruleus.net
Sun Sep 24 18:03:05 CEST 2006


* Simon Josefsson (2006-09-22) writes:

> Ralf Angeli <angeli at caeruleus.net> writes:
>
>>> I'm interested in feedback about the package, since it is quite
>>> experimental.  Are you able to install it?
>>
>> Yes.
>
> For the record, which Windows version and service packs are you using?

Windows XP SP2

> The server is waiting for you to do something: you'll need to first
> type:
>
> STARTTLS
>
> and wait for the server ACK that and then send a EOF to gnutls-cli
> that tells it to start negotiate TLS.  To send an EOF, I think you
> press C-z RET or possibly C-d RET.

Okay, it's working with C-z in cmd.exe.  (It didn't get an EOF through
in a MinGW shell, however.)

C:\foo>gnutls-cli --print-cert --port 25 --starttls smtp.web.de
Resolving 'smtp.web.de'...
Connecting to '217.72.192.157:25'...

- Simple Client Mode:

220 smtp05.web.de ESMTP WEB.DE V4.107#114 Sun, 24 Sep 2006 17:55:43 +0200
ehlo neutrino
250-smtp05.web.de Hello neutrino [84.165.4.58]
250-SIZE 69920427
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
starttls
220 OpenSSL/0.9.7beta go ahead
^Z
*** Starting TLS handshake
- Certificate type: X.509
 - Got a certificate list of 1 certificates.

 - Certificate[0] info:

-----BEGIN CERTIFICATE-----
MIIDZTCCAs6gAwIBAgIQIY4doat2RZ49+oHZDCyaqzANBgkqhkiG9w0BAQQFADCB
[...]
WfwOQxZdz7Gu
-----END CERTIFICATE-----

 # The hostname in the certificate matches 'smtp.web.de'.
 # valid since: Tue Feb  15:51:50 Westeuropäische Normalzeit 2006
 # expires at: Wed Feb  15:51:50 Westeuropäische Normalzeit 2007
 # fingerprint: D1:7A:1B:CB:4E:96:CD:DC:E2:D0:39:41:D5:F7:CC:B6
 # Subject's DN: C=DE,ST=Baden-Wuerttemberg,L=Karlsruhe,O=WEB.DE GmbH,CN=smtp.we
b.de
 # Issuer's DN: C=ZA,ST=Western Cape,L=Cape Town,O=Thawte Consulting cc,OU=Certi
fication Services Division,CN=Thawte Premium Server CA,EMAIL=premium-server at thaw
te.com


- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS 1.0
- Key Exchange: RSA
- Cipher: AES 256 CBC
- MAC: SHA
- Compression: NULL

500 Unrecognized command
^C

> Right, I haven't succeeded in doing that either, and there may be
> Emacs bugs here: process-send-eof doesn't seem to work the same way as
> on Linux.
>
> Let's focus on getting gnutls-cli to work in a terminal first.

Okay.

-- 
Ralf






More information about the Gnutls-help mailing list