[Help-gnutls] push/pull functions

Robin Redeker elmex at x-paste.de
Tue Sep 25 23:48:29 CEST 2007


I have a (maybe not so?) simple question:

Can I call gnutls_record_recv/gnutls_record_send safely while I'm in a
push/pull callback?

The reason I'm asking is that I want to make bindings for GNU Smalltalk,
which has support for non-preemtive multiple threads of execution.

So, my quesion is, can I, while one of those threads might be blocked in
a pull call (which fetches bytes from a Smalltalk stream) safely call
gnutls_record_recv and gnutls_record_send?

What if some kind of re-handshake happens while I call
gnutls_record_recv? Will GnuTLS detect that it is still waiting for the
callback to read to return?

This seems to be the easiest way to implement it in the bindings for GNU
Smalltalk. If I can't do this safely I'll require to keep book on who is
waiting in which callback or I have to do other things that don't feel

Having a function that feeds in data to GnuTLS in the first place and
callbacks for the recv/send functions instead would feel waaay better.

I've looked shortly at the gnutls code. It didn't look suspicious to me,
but I'm not very familiar with it too. Maybe someone can shed some light
on this?

And there is also another issue I stepped over while testing. I somehow
could't get the anonymous client example to work with gnutls-serv.

I've tried running the server with:
   gnutls-serv -p 12331 --kx "Anon DH"
   gnutls-serv -p 12331 --kx "Anon DH" -g
   gnutls-serv -p 12331 --kx "Anon DH" --dhparams /tmp/dh.pem (with a
   properly initialized dh.pem)

And I tried running my own implementation and gnutls-cli against it.
But nothing seems to work.

I'm using version 1.7.19-1 (debian package libgnutls13) and I also
downloaded gnutls-2.1.1 and compiled it myself and tried the interaction
between gnutls-serv/gnutls-cli.

All tries seem to lead to the same result:

   ~# /opt/gnutls/bin/gnutls-serv -p 12331 --kx "Anon DH" -g
   Generating temporary RSA parameters. Please wait...
   Generating Diffie Hellman parameters [768]. Please wait...
   Echo Server ready. Listening to port '12331'.

   Error in handshake
   Error: Insufficient credentials for that request.

Meanwhile on the cli side:

   ~# /opt/gnutls/bin/gnutls-cli -p 12331 localhost
   Resolving 'localhost'...
   Connecting to ''...
   *** Fatal error: A TLS fatal alert has been received.
   *** Received alert [40]: Handshake failed
   *** Handshake has failed
   GNUTLS ERROR: A TLS fatal alert has been received.

(I also tried appending --kx "Anon DH" to the -cli, no effect)

I've tried to google for the problem, but couldn't find a resolution for



More information about the Gnutls-help mailing list