[Help-gnutls] Windows GnuTLS problem in handshaking.
Nikos Mavrogiannopoulos
nmav at gnutls.org
Tue Oct 9 00:53:05 CEST 2007
On Monday 08 October 2007, Rajeev Saini wrote:
Are you sure the client sends the certificate correctly? As far as I can see
from the dump (below) the certificate packet sent by the client contains 10
bytes only (not really a certificate). What it the client program you are
using?
Ok... I've translated those bytes to TLS protocol and it seems that this
client is sending "00 00 03 00 00 00" as the certificate (he means empty
certificate).
The normal way to send it is to send "00 00 00". The one above confuses as it
seems gnutls. Does the attached patch solve this problem to you?
> |<3>| HSK[ac08a8]: CERTIFICATE was received [10 bytes]
> |<6>| BUF[REC][HD]: Read 6 bytes of Data(22)
> |<6>| BUF[HSK]: Peeked 0 bytes of Data
> |<6>| BUF[HSK]: Emptied buffer
> |<6>| BUF[HSK]: Inserted 4 bytes of Data
> |<6>| BUF[HSK]: Inserted 6 bytes of Data
> |<2>| ASSERT: ../../../../src/gnutls-2.0.0/lib/x509/x509.c:219
> |<2>| ASSERT: ../../../src/gnutls-2.0.0/lib/gnutls_cert.c:758
> |<2>| ASSERT: ../../../src/gnutls-2.0.0/lib/auth_cert.c:932
> |<2>| ASSERT: ../../../src/gnutls-2.0.0/lib/gnutls_kx.c:612
> |<2>| ASSERT: ../../../src/gnutls-2.0.0/lib/gnutls_handshake.c:2568
> |<6>| BUF[HSK]: Cleared Data from buffer
>
> Error in handshake
> Error: ASN1 parser: Error in TAG.
>
> |<4>| REC: Sending Alert[2|42] - Certificate is bad
-------------- next part --------------
diff --git a/lib/auth_cert.c b/lib/auth_cert.c
index 54b4a50..a25b753 100644
--- a/lib/auth_cert.c
+++ b/lib/auth_cert.c
@@ -869,7 +869,10 @@ _gnutls_proc_x509_server_certificate (gnutls_session_t session,
size = _gnutls_read_uint24 (p);
p += 3;
- if (size == 0)
+ /* some implementations send 00 00 03 00 00 00
+ * instead of just 00 00 00.
+ */
+ if (size == 0 || size == 3)
{
gnutls_assert ();
/* no certificate was sent */
More information about the Gnutls-help
mailing list