[Help-gnutls] unable to get gnutls-serv and -cli to communicate

Evan Martin martine at danga.com
Sun Nov 4 22:29:08 CET 2007


I'm trying to get a simple case of gnutls-serv and -cli communicating
with an x509 cert, but it's failing.


Following the examples in the "invoking certtool" section of the
manual, I created a private key and cert:
  $ certtool --generate-privkey --outfile priv
  $ head -1 priv
  -----BEGIN RSA PRIVATE KEY-----
  $ certtool --generate-self-signed --load-privkey priv --outfile cert
[...many questions here, maybe I answered some wrong?...]
  $ head -1 cert
  -----BEGIN CERTIFICATE-----

Then I ran gnutls-serv with this and tried to connect with gnutls-cli-debug:
  $ gnutls-serv --x509keyfile priv --x509certfile cert
  Echo Server ready. Listening to port '5556'.

[and in another window]
  $ gnutls-cli-debug -p 5556 localhost
  Resolving 'localhost'...
  Connecting to '127.0.0.1:5556'...
  Checking for TLS 1.1 support... no
  Checking fallback from TLS 1.1 to... failed
  Checking for TLS 1.0 support... no
  Checking for SSL 3.0 support... no

  Server does not support none of SSL 3.0, TLS 1.0 and TLS 1.1

The server says:
  Error in handshake
  Error: The request is invalid.

I found an old mailing list thread that suggested generating DH params
could help:
  $ certtool --generate-dh-params > dh
  $ gnutls-serv --dhparams dh --x509keyfile priv --x509certfile cert
But it didn't.

What am I doing wrong?  I also tried the debug flags but they didn't
print anything I understood.


In case it matters:
$ dpkg -s gnutls-bin | grep Version
Version: 1.6.3-1build1


(PS: I last mailed this list regarding an unrelated gnutls/Windows
problem and Simon asked me to try something and report; since then
I've lost my Windows machine and haven't yet been able to see if it
worked.)





More information about the Gnutls-help mailing list