[Help-gnutls] gnutls-cli with compression against secure.cacert.org
Simon Josefsson
simon at josefsson.org
Mon Mar 5 16:20:54 CET 2007
I tried to talk with secure.cacert.org using my cacert
key/certificate, but it doesn't seem to work reliably unless I disable
compression.
The typical errors is:
jas at mocca:~/src/gnutls/src$ ./gnutls-cli secure.cacert.org --x509keyfile ~/self/certs/cacert.key --x509certfile ~/self/certs/cacert.pem --x509cafile ~/self/certs/cacert-ca.pem
Processed 1 CA certificate(s).
Processed 1 client certificates...
Processed 1 client X.509 certificates...
Resolving 'secure.cacert.org'...
Connecting to '91.112.11.212:443'...
*** Fatal error: A TLS fatal alert has been received.
*** Received alert [20]: Bad record MAC
*** Handshake has failed
GNUTLS ERROR: A TLS fatal alert has been received.
jas at mocca:~/src/gnutls/src$
The workaround is of course to add '--comp null'.
If anyone has time to debug this, that would be useful.
/Simon
More information about the Gnutls-help
mailing list