[Help-gnutls] Re: ex-serv-pgp

dellanna at csp.it dellanna at csp.it
Fri Feb 9 15:03:33 CET 2007


Ok,
the version of my gnutls-client is 1.2.9 and the output of test is the
following:

resolving 'test.gnutls.org'...
Connecting to '217.13.230.178:5556'...
- Successfully sent 0 certificate(s) to server.
- Certificate type: X.509
 - Got a certificate list of 1 certificates.

 - Certificate[0] info:
 # The hostname in the certificate matches 'test.gnutls.org'.
 # valid since: Tue Feb  6 14:02:11 CET 2007
 # expires at: Wed Feb  6 14:02:11 CET 2008
 # fingerprint: CB:4A:00:E0:65:A5:C3:9D:E0:5D:AB:CF:3A:2C:82:74
 # Subject's DN: O=GnuTLS test server,CN=test.gnutls.org
 # Issuer's DN: CN=GnuTLS test CA


- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS 1.1
- Key Exchange: DHE RSA
- Cipher: AES 256 CBC
- MAC: SHA
- Compression: DEFLATE
- Handshake was completed

- Simple Client Mode:

As you can see, It don't support OpenPGP. Can you send me link of latest version
of gnutls-cli, please?

Simone.

Scrive Simon Josefsson <simon at josefsson.org>:

> dellanna at csp.it writes:
>
> > Hi all,
> > I tried to test the example in manual "Echo Server with OpenPGP"
> (subsection
> > 7.4.3).
> > It work correctly on server side; infact it return "Echo Server ready.
> Listening
> > to port '5556' ",
> > But on client side I used gnutls-client. The problem is the following:
> > 1. if I run gnutls-cli -p 5556 hostname on server side was returned
> "handshake
> > failed"
> > 2. If I run gnutls-cli -p 5556 hostname -s was returned the same error.
> >
> > I think this error was occur because the server wait to receive pgp key,
> isn't
> > it?
> >
> > I'm not very familiar with gnutls-cli; how can I use it to test
> > authentication-pgp?
> > If I use "man gnutls-cli" it return the manual but it is vey short :).
>
> Are you still using gnutls 1.4.4?  Run 'gnutls-cli --version' to find
> out.  If so, I think you'll need to upgrade, there has been several
> OpenPGP related fixes since that release.  I don't provide unpaid
> support for old versions.
>
> Btw, you can test whether your gnutls-cli is OK or not by pointing it
> at test.gnutls.org.  With the latest release, the following works:
>
> $ gnutls-cli -p 5556 test.gnutls.org
> Resolving 'test.gnutls.org'...
> Connecting to '217.13.230.178:5556'...
> - Successfully sent 0 certificate(s) to server.
> - Certificate type: OpenPGP
>  # The hostname in the key matches 'test.gnutls.org'.
>  # Key was created at: Tue Feb  6 16:27:20 CET 2007
>  # Key expires: Never
>  # PGP Key version: 4
>  # PGP Key public key algorithm: DSA (1024 bits)
>  # PGP Key fingerprint:
> 59:6B:97:17:CB:98:9A:14:25:FE:AD:1C:AE:5F:AD:3E:5D:1D:14:D8
>  #   NAME: test.gnutls.org
>
> - Peer's key is valid
> - Could not find a signer of the peer's key
> - Version: TLS 1.2
> - Key Exchange: DHE DSS
> - Cipher: AES 256 CBC
> - MAC: SHA
> - Compression: LZO
> - Handshake was completed
>
> - Simple Client Mode:
>
> /Simon
>
>




----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.






More information about the Gnutls-help mailing list