[Help-gnutls] Re: Another one: A TLS packet with unexpected length was received.

Simon Josefsson simon at josefsson.org
Thu Sep 18 11:19:21 CEST 2008


Lennart Koopmann <lennart at scopeport.org> writes:

> Hello everyone,
>
> i am currently implementing a handshaking procedure. Everything works
> fine when the client chooses not to use TLS. But when TLS is requested,
> the gnutls_handshake() fails.
>
> The client reports the following error: GNUTLS ERROR: A TLS packet with
> unexpected length was received.
>
> The server reports no error, because gnutls_handshake() seems to wait
> for something and just blocks.
>
> Here is some debug data (loglevel 7).
>
> --------------- Server ---------------
> REC[93558b8]: Expected Packet[0] Handshake(22) with length: 1
> REC[93558b8]: Received Packet[0] Handshake(22) with length: 64
> ASSERT: gnutls_cipher.c:204
> REC[93558b8]: Decrypted Packet[0] Handshake(22) with length: 64
> HSK[93558b8]: CLIENT HELLO was received [64 bytes]
> HSK[93558b8]: Client's version: 3.2
> ASSERT: gnutls_db.c:238
> EXT[93558b8]: Received extension 'CERT_TYPE/9'
> EXT[93558b8]: Received extension 'CERT_TYPE/9'
> ASSERT: ext_cert_type.c:106
> ASSERT: ext_cert_type.c:106
> ASSERT: ext_cert_type.c:123
> HSK[93558b8]: Keeping ciphersuite: ANON_DH_ARCFOUR_MD5
> HSK[93558b8]: Keeping ciphersuite: ANON_DH_3DES_EDE_CBC_SHA1
> HSK[93558b8]: Keeping ciphersuite: ANON_DH_AES_128_CBC_SHA1
> HSK[93558b8]: Keeping ciphersuite: ANON_DH_AES_256_CBC_SHA1
> HSK[93558b8]: Keeping ciphersuite: ANON_DH_CAMELLIA_128_CBC_SHA
> HSK[93558b8]: Keeping ciphersuite: ANON_DH_CAMELLIA_256_CBC_SHA1
> HSK[93558b8]: Selected cipher suite: ANON_DH_AES_128_CBC_SHA1
> HSK[93558b8]: Selected Compression Method: NULL
> HSK[93558b8]: SessionID:
> 259495b9dd31479d1913bed547e77bfedde5f38a4f810a0c79d66b9bd9510f62
> HSK[93558b8]: SERVER HELLO was send [74 bytes]
> REC[93558b8]: Sending Packet[0] Handshake(22) with length: 74
> ASSERT: gnutls_cipher.c:204
> REC[93558b8]: Sent Packet[1] Handshake(22) with length: 79
> --------------------------------------
>
>
> --------------- Client ---------------
> HSK[9bf1b58]: Keeping ciphersuite: ANON_DH_AES_128_CBC_SHA1
> HSK[9bf1b58]: Keeping ciphersuite: ANON_DH_CAMELLIA_128_CBC_SHA1
> HSK[9bf1b58]: Keeping ciphersuite: ANON_DH_AES_256_CBC_SHA1
> HSK[9bf1b58]: Keeping ciphersuite: ANON_DH_CAMELLIA_256_CBC_SHA1
> HSK[9bf1b58]: Keeping ciphersuite: ANON_DH_3DES_EDE_CBC_SHA1
> HSK[9bf1b58]: Keeping ciphersuite: ANON_DH_ARCFOUR_MD5
> EXT[9bf1b58]: Sending extension CERT_TYPE
> HSK[9bf1b58]: CLIENT HELLO was send [64 bytes]
> REC[9bf1b58]: Sending Packet[0] Handshake(22) with length: 64
> ASSERT: gnutls_cipher.c:204
> WRITE: Will write 69 bytes to 4.
> WRITE: wrote 69 bytes to 4. Left 0 bytes. Total 69 bytes.
> 0000 - 16 03 02 00 40 01 00 00 3c 03 02 48 d2 00 41 bb 
> 0001 - 22 27 d1 ae 80 fd 96 1c e9 81 a2 bc c4 03 95 4b 
> 0002 - f9 10 2f 9a b7 c3 fe 5a e6 58 4a 00 00 0c 00 34 
> 0003 - 00 46 00 3a 00 89 00 1b 00 18 01 00 00 07 00 09 
> 0004 - 00 03 02 00 01 
> REC[9bf1b58]: Sent Packet[1] Handshake(22) with length: 69
> READ: Got 5 bytes from 4
> READ: read 5 bytes from 4
> 0000 - 16 03 02 00 4a 
> RB: Have 0 bytes into buffer. Adding 5 bytes.
> RB: Requested 5 bytes
> REC[9bf1b58]: Expected Packet[0] Handshake(22) with length: 1
> REC[9bf1b58]: Received Packet[0] Handshake(22) with length: 74
> READ: Got 74 bytes from 4
> READ: read 74 bytes from 4
> 0000 - 02 00 00 46 03 02 48 d2 00 41 8e 8a 8d 30 de 33 
> 0001 - 5f 2b f8 3f 93 bf 0e e8 5f 1a 68 ed f0 d6 82 1c 
> 0002 - cd d7 d9 97 8b 64 20 25 94 95 b9 dd 31 47 9d 19 
> 0003 - 13 be d5 47 e7 7b fe dd e5 f3 8a 4f 81 0a 0c 79 
> 0004 - d6 6b 9b d9 51 0f 62 00 34 00 
> RB: Have 5 bytes into buffer. Adding 74 bytes.
> RB: Requested 79 bytes
> ASSERT: gnutls_cipher.c:204
> REC[9bf1b58]: Decrypted Packet[0] Handshake(22) with length: 74
> HSK[9bf1b58]: SERVER HELLO was received [74 bytes]
> HSK[9bf1b58]: Server's version: 3.2
> HSK[9bf1b58]: SessionID length: 32
> HSK[9bf1b58]: SessionID
> 259495b9dd31479d1913bed547e77bfedde5f38a4f810a0c79d66b9bd9510f62
> HSK[9bf1b58]: Selected cipher suite: ANON_DH_AES_128_CBC_SHA1
> ASSERT: gnutls_extensions.c:125
> READ: Got 0 bytes from 4
> READ: read 0 bytes from 4
> 0000 - 
> ASSERT: gnutls_buffers.c:638
> ASSERT: gnutls_record.c:909
> ASSERT: gnutls_buffers.c:1150
> ASSERT: gnutls_handshake.c:1043
> ASSERT: gnutls_kx.c:410
> ASSERT: gnutls_handshake.c:2364
> --------------------------------------
>
> As there seems to be handshaking conversation and the client starts the
> conversation I don't know where to search for the error. Client and
> server and both on the same machine, using the same GNUTLS library.
>
> Can anybody help me?

I don't see anything wrong here, it looks like the server didn't send
any extensions (0 bytes).  Can you enable more debugging, e.g., log
level 4711?

If anyone else spots anything, please tell us.

Btw, which version are you using?

/Simon





More information about the Gnutls-help mailing list