From stan at saticed.me.uk Wed Jan 7 20:22:18 2009 From: stan at saticed.me.uk (Tristan Hill) Date: Wed, 07 Jan 2009 19:22:18 +0000 Subject: [Help-gnutls] client certificate authentication Message-ID: <1231356138.7163.7.camel@nimitz.example.org> I'm trying to troubleshoot the use of gnutls via libcurl in the apt https transport. Apt is configured to use a certificate for authentication. It works fine without trying to authenticate with a certificate (i.e. the server's certificate is verified OK) I have an apache test server configuration similar to that mentioned towards the end of http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480041 - "configured for per-location client cert auth". Attached is output of 'apt-get update' with libcurl recompiled to run gnutls_global_set_log_level(10). I guess things go wrong around: |<4>| REC[89c1dd0]: Short record length 10 > 16 - 20 (under attack?) Your advice appreciated. Tristan -------------- next part -------------- * About to connect() to localhost port 443 (#0) * Trying 127.0.0.1... * connected * Connected to localhost (127.0.0.1) port 443 (#0) * found 1 certificates in /home/stan/srv/901/ca2/keys/ca.crt |<3>| HSK[89c1dd0]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1 |<3>| HSK[89c1dd0]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1 |<3>| HSK[89c1dd0]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1 |<3>| HSK[89c1dd0]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1 |<3>| HSK[89c1dd0]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1 |<3>| HSK[89c1dd0]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1 |<3>| HSK[89c1dd0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1 |<3>| HSK[89c1dd0]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1 |<3>| HSK[89c1dd0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1 |<3>| HSK[89c1dd0]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1 |<3>| HSK[89c1dd0]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1 |<3>| HSK[89c1dd0]: Removing ciphersuite: DHE_PSK_SHA_AES_128_CBC_SHA1 |<3>| HSK[89c1dd0]: Removing ciphersuite: DHE_PSK_SHA_AES_256_CBC_SHA1 |<3>| HSK[89c1dd0]: Removing ciphersuite: DHE_PSK_SHA_3DES_EDE_CBC_SHA1 |<3>| HSK[89c1dd0]: Removing ciphersuite: DHE_PSK_SHA_ARCFOUR_SHA1 |<3>| HSK[89c1dd0]: Removing ciphersuite: SRP_SHA_RSA_AES_128_CBC_SHA1 |<3>| HSK[89c1dd0]: Removing ciphersuite: SRP_SHA_RSA_AES_256_CBC_SHA1 |<3>| HSK[89c1dd0]: Removing ciphersuite: SRP_SHA_RSA_3DES_EDE_CBC_SHA1 |<3>| HSK[89c1dd0]: Removing ciphersuite: SRP_SHA_DSS_AES_128_CBC_SHA1 |<3>| HSK[89c1dd0]: Removing ciphersuite: SRP_SHA_DSS_AES_256_CBC_SHA1 |<3>| HSK[89c1dd0]: Removing ciphersuite: SRP_SHA_DSS_3DES_EDE_CBC_SHA1 |<3>| HSK[89c1dd0]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1 |<3>| HSK[89c1dd0]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1 |<3>| HSK[89c1dd0]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1 |<3>| HSK[89c1dd0]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1 |<3>| HSK[89c1dd0]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1 |<3>| HSK[89c1dd0]: Keeping ciphersuite: RSA_ARCFOUR_SHA1 |<3>| HSK[89c1dd0]: Keeping ciphersuite: RSA_ARCFOUR_MD5 |<3>| HSK[89c1dd0]: Removing ciphersuite: PSK_SHA_AES_128_CBC_SHA1 |<3>| HSK[89c1dd0]: Removing ciphersuite: PSK_SHA_AES_256_CBC_SHA1 |<3>| HSK[89c1dd0]: Removing ciphersuite: PSK_SHA_3DES_EDE_CBC_SHA1 |<3>| HSK[89c1dd0]: Removing ciphersuite: PSK_SHA_ARCFOUR_SHA1 |<3>| HSK[89c1dd0]: Removing ciphersuite: SRP_SHA_AES_128_CBC_SHA1 |<3>| HSK[89c1dd0]: Removing ciphersuite: SRP_SHA_AES_256_CBC_SHA1 |<3>| HSK[89c1dd0]: Removing ciphersuite: SRP_SHA_3DES_EDE_CBC_SHA1 |<2>| EXT[89c1dd0]: Sending extension SERVER_NAME |<3>| HSK[89c1dd0]: CLIENT HELLO was send [99 bytes] |<6>| BUF[HSK]: Peeked 0 bytes of Data |<6>| BUF[HSK]: Emptied buffer |<4>| REC[89c1dd0]: Sending Packet[0] Handshake(22) with length: 99 |<2>| ASSERT: gnutls_cipher.c:205 |<7>| WRITE: Will write 104 bytes to 4. |<7>| WRITE: wrote 104 bytes to 4. Left 0 bytes. Total 104 bytes. |<7>| 0000 - 16 03 02 00 63 01 00 00 5f 03 02 49 64 99 7c 72 |<7>| 0001 - 1f 57 a7 c2 e8 f9 fd 38 7b 91 3d 9f f8 b9 3f ed |<7>| 0002 - 91 b5 97 24 74 30 49 69 24 0f 86 00 00 24 00 33 |<7>| 0003 - 00 45 00 39 00 88 00 16 00 32 00 44 00 38 00 87 |<7>| 0004 - 00 13 00 66 00 2f 00 41 00 35 00 84 00 0a 00 05 |<7>| 0005 - 00 04 01 00 00 12 00 00 00 0e 00 0c 00 00 09 6c |<7>| 0006 - 6f 63 61 6c 68 6f 73 74 |<4>| REC[89c1dd0]: Sent Packet[1] Handshake(22) with length: 104 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_buffers.c:1152 |<2>| ASSERT: gnutls_handshake.c:1032 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_buffers.c:1152 |<2>| ASSERT: gnutls_handshake.c:1032 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_buffers.c:1152 |<2>| ASSERT: gnutls_handshake.c:1032 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_buffers.c:1152 |<2>| ASSERT: gnutls_handshake.c:1032 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_buffers.c:1152 |<2>| ASSERT: gnutls_handshake.c:1032 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_buffers.c:1152 |<2>| ASSERT: gnutls_handshake.c:1032 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_buffers.c:1152 |<2>| ASSERT: gnutls_handshake.c:1032 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_buffers.c:1152 |<2>| ASSERT: gnutls_handshake.c:1032 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_buffers.c:1152 |<2>| ASSERT: gnutls_handshake.c:1032 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_buffers.c:1152 |<2>| ASSERT: gnutls_handshake.c:1032 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_buffers.c:1152 |<2>| ASSERT: gnutls_handshake.c:1032 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_buffers.c:1152 |<2>| ASSERT: gnutls_handshake.c:1032 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_buffers.c:1152 |<2>| ASSERT: gnutls_handshake.c:1032 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_buffers.c:1152 |<2>| ASSERT: gnutls_handshake.c:1032 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_buffers.c:1152 |<2>| ASSERT: gnutls_handshake.c:1032 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_buffers.c:1152 |<2>| ASSERT: gnutls_handshake.c:1032 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_buffers.c:1152 |<2>| ASSERT: gnutls_handshake.c:1032 |<7>| READ: Got 5 bytes from 4 |<7>| READ: read 5 bytes from 4 |<7>| 0000 - 16 03 01 00 4a |<7>| RB: Have 0 bytes into buffer. Adding 5 bytes. |<7>| RB: Requested 5 bytes |<4>| REC[89c1dd0]: Expected Packet[0] Handshake(22) with length: 1 |<4>| REC[89c1dd0]: Received Packet[0] Handshake(22) with length: 74 |<7>| READ: Got 74 bytes from 4 |<7>| READ: read 74 bytes from 4 |<7>| 0000 - 02 00 00 46 03 01 49 64 99 7c ff e9 a0 7f de 22 |<7>| 0001 - 04 ef ab e0 6f 54 22 da 64 56 d3 b1 9e 16 d5 65 |<7>| 0002 - 38 2b c8 73 aa 56 20 b7 86 68 3f 59 62 33 53 76 |<7>| 0003 - b9 56 ec 7a 8c 66 36 ec 2e 35 df 99 fc db 05 85 |<7>| 0004 - 03 cc 41 3c 31 65 42 00 33 00 |<7>| RB: Have 5 bytes into buffer. Adding 74 bytes. |<7>| RB: Requested 79 bytes |<2>| ASSERT: gnutls_cipher.c:205 |<4>| REC[89c1dd0]: Decrypted Packet[0] Handshake(22) with length: 74 |<6>| BUF[HSK]: Inserted 74 bytes of Data(22) |<6>| BUF[REC][HD]: Read 1 bytes of Data(22) |<6>| BUF[REC][HD]: Read 3 bytes of Data(22) |<3>| HSK[89c1dd0]: SERVER HELLO was received [74 bytes] |<6>| BUF[REC][HD]: Read 70 bytes of Data(22) |<6>| BUF[HSK]: Peeked 0 bytes of Data |<6>| BUF[HSK]: Emptied buffer |<6>| BUF[HSK]: Inserted 4 bytes of Data |<6>| BUF[HSK]: Inserted 70 bytes of Data |<3>| HSK[89c1dd0]: Server's version: 3.1 |<3>| HSK[89c1dd0]: SessionID length: 32 |<3>| HSK[89c1dd0]: SessionID: b786683f5962335376b956ec7a8c6636ec2e35df99fcdb058503cc413c316542 |<3>| HSK[89c1dd0]: Selected cipher suite: DHE_RSA_AES_128_CBC_SHA1 |<2>| ASSERT: gnutls_extensions.c:165 |<7>| READ: Got 5 bytes from 4 |<7>| READ: read 5 bytes from 4 |<7>| 0000 - 16 03 01 06 4a |<7>| RB: Have 0 bytes into buffer. Adding 5 bytes. |<7>| RB: Requested 5 bytes |<4>| REC[89c1dd0]: Expected Packet[1] Handshake(22) with length: 1 |<4>| REC[89c1dd0]: Received Packet[1] Handshake(22) with length: 1610 |<7>| READ: Got 1610 bytes from 4 |<7>| READ: read 1610 bytes from 4 |<7>| 0000 - 0b 00 06 46 00 06 43 00 03 51 30 82 03 4d 30 82 |<7>| 0001 - 02 b6 a0 03 02 01 02 02 01 02 30 0d 06 09 2a 86 |<7>| 0002 - 48 86 f7 0d 01 01 05 05 00 30 57 31 0b 30 09 06 |<7>| 0003 - 03 55 04 06 13 02 55 4b 31 0c 30 0a 06 03 55 04 |<7>| 0004 - 0a 13 03 6f 72 67 31 0f 30 0d 06 03 55 04 03 13 |<7>| 0005 - 06 6f 72 67 20 43 41 31 29 30 27 06 09 2a 86 48 |<7>| 0006 - 86 f7 0d 01 09 01 16 1a 75 73 65 72 40 6c 6f 63 |<7>| 0007 - 61 6c 68 6f 73 74 2e 6c 6f 63 61 6c 64 6f 6d 61 |<7>| 0008 - 69 6e 30 1e 17 0d 30 39 30 31 30 37 31 31 33 35 |<7>| 0009 - 31 34 5a 17 0d 31 39 30 31 30 35 31 31 33 35 31 |<7>| 000a - 34 5a 30 5a 31 0b 30 09 06 03 55 04 06 13 02 55 |<7>| 000b - 4b 31 0c 30 0a 06 03 55 04 0a 13 03 6f 72 67 31 |<7>| 000c - 12 30 10 06 03 55 04 03 13 09 6c 6f 63 61 6c 68 |<7>| 000d - 6f 73 74 31 29 30 27 06 09 2a 86 48 86 f7 0d 01 |<7>| 000e - 09 01 16 1a 75 73 65 72 40 6c 6f 63 61 6c 68 6f |<7>| 000f - 73 74 2e 6c 6f 63 61 6c 64 6f 6d 61 69 6e 30 81 |<7>| 0010 - 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 |<7>| 0011 - 03 81 8d 00 30 81 89 02 81 81 00 aa fd 4e 04 0d |<7>| 0012 - 03 17 dd 64 28 27 b9 97 29 f7 5b 84 8d ce f5 7a |<7>| 0013 - fb fd d2 ad 75 fe f2 0c d9 80 3d 09 4f c8 02 bb |<7>| 0014 - 16 ef b2 ab 9c a0 f2 89 86 78 f2 c3 13 a0 b3 92 |<7>| 0015 - 52 94 e2 06 ca 60 c3 f4 d8 e4 73 3d 5a 68 f9 42 |<7>| 0016 - f8 5f 98 4d a4 f1 4f 9f 49 e2 70 3b 13 37 1a 6f |<7>| 0017 - 34 7b 70 90 2b bb 2f 68 5c 15 2b 65 11 49 97 c2 |<7>| 0018 - 36 50 0b cd f7 5d 49 02 d6 f5 b9 25 66 9e 2c 93 |<7>| 0019 - eb c5 5d 45 28 90 d4 ee 12 9d 85 02 03 01 00 01 |<7>| 001a - a3 82 01 24 30 82 01 20 30 09 06 03 55 1d 13 04 |<7>| 001b - 02 30 00 30 11 06 09 60 86 48 01 86 f8 42 01 01 |<7>| 001c - 04 04 03 02 06 40 30 34 06 09 60 86 48 01 86 f8 |<7>| 001d - 42 01 0d 04 27 16 25 45 61 73 79 2d 52 53 41 20 |<7>| 001e - 47 65 6e 65 72 61 74 65 64 20 53 65 72 76 65 72 |<7>| 001f - 20 43 65 72 74 69 66 69 63 61 74 65 30 1d 06 03 |<7>| 0020 - 55 1d 0e 04 16 04 14 1f 52 cc a2 c6 0a 88 c7 29 |<7>| 0021 - c8 31 4c 5a ec ad 17 a2 b8 e7 84 30 81 88 06 03 |<7>| 0022 - 55 1d 23 04 81 80 30 7e 80 14 6b c8 68 20 07 59 |<7>| 0023 - 38 ea a0 42 06 a9 90 6f d4 8d 7f c0 7d e8 a1 5b |<7>| 0024 - a4 59 30 57 31 0b 30 09 06 03 55 04 06 13 02 55 |<7>| 0025 - 4b 31 0c 30 0a 06 03 55 04 0a 13 03 6f 72 67 31 |<7>| 0026 - 0f 30 0d 06 03 55 04 03 13 06 6f 72 67 20 43 41 |<7>| 0027 - 31 29 30 27 06 09 2a 86 48 86 f7 0d 01 09 01 16 |<7>| 0028 - 1a 75 73 65 72 40 6c 6f 63 61 6c 68 6f 73 74 2e |<7>| 0029 - 6c 6f 63 61 6c 64 6f 6d 61 69 6e 82 09 00 db b7 |<7>| 002a - d6 7f 44 5e 56 f6 30 13 06 03 55 1d 25 04 0c 30 |<7>| 002b - 0a 06 08 2b 06 01 05 05 07 03 01 30 0b 06 03 55 |<7>| 002c - 1d 0f 04 04 03 02 05 a0 30 0d 06 09 2a 86 48 86 |<7>| 002d - f7 0d 01 01 05 05 00 03 81 81 00 a1 b0 d4 72 e0 |<7>| 002e - 54 87 ce 2f 93 80 ad 12 d7 1a e3 e8 4b d2 7b 36 |<7>| 002f - d4 20 38 55 a6 be d8 11 d0 44 c9 b8 62 ca f2 31 |<7>| 0030 - ac e7 f6 e1 75 f0 42 cc fd ab 00 19 6f 07 9b dc |<7>| 0031 - 45 c3 6f a3 42 16 14 f7 71 4a 5f d9 57 bc eb c3 |<7>| 0032 - 5a dc 51 81 81 57 d7 e7 59 d5 90 01 52 42 e8 3d |<7>| 0033 - bb c4 5a bd c1 ed f6 84 00 df 1f 53 89 d7 a4 c9 |<7>| 0034 - e4 6a fe 46 fa 1d 76 7b 34 6a 4b 95 a3 88 05 fd |<7>| 0035 - b0 69 2a 69 e5 bc 2b 56 f3 48 e8 00 02 ec 30 82 |<7>| 0036 - 02 e8 30 82 02 51 a0 03 02 01 02 02 09 00 db b7 |<7>| 0037 - d6 7f 44 5e 56 f6 30 0d 06 09 2a 86 48 86 f7 0d |<7>| 0038 - 01 01 05 05 00 30 57 31 0b 30 09 06 03 55 04 06 |<7>| 0039 - 13 02 55 4b 31 0c 30 0a 06 03 55 04 0a 13 03 6f |<7>| 003a - 72 67 31 0f 30 0d 06 03 55 04 03 13 06 6f 72 67 |<7>| 003b - 20 43 41 31 29 30 27 06 09 2a 86 48 86 f7 0d 01 |<7>| 003c - 09 01 16 1a 75 73 65 72 40 6c 6f 63 61 6c 68 6f |<7>| 003d - 73 74 2e 6c 6f 63 61 6c 64 6f 6d 61 69 6e 30 1e |<7>| 003e - 17 0d 30 39 30 31 30 37 31 31 30 37 32 39 5a 17 |<7>| 003f - 0d 31 39 30 31 30 35 31 31 30 37 32 39 5a 30 57 |<7>| 0040 - 31 0b 30 09 06 03 55 04 06 13 02 55 4b 31 0c 30 |<7>| 0041 - 0a 06 03 55 04 0a 13 03 6f 72 67 31 0f 30 0d 06 |<7>| 0042 - 03 55 04 03 13 06 6f 72 67 20 43 41 31 29 30 27 |<7>| 0043 - 06 09 2a 86 48 86 f7 0d 01 09 01 16 1a 75 73 65 |<7>| 0044 - 72 40 6c 6f 63 61 6c 68 6f 73 74 2e 6c 6f 63 61 |<7>| 0045 - 6c 64 6f 6d 61 69 6e 30 81 9f 30 0d 06 09 2a 86 |<7>| 0046 - 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 |<7>| 0047 - 02 81 81 00 a2 12 e2 5a f2 82 48 21 40 5e 58 45 |<7>| 0048 - b3 3c c1 07 22 6a 29 60 7c 69 58 91 bf dd a2 bf |<7>| 0049 - cb b1 74 19 30 da f1 63 a6 94 1c 9b 6f 8f 23 3c |<7>| 004a - 35 c3 72 61 85 4b e3 f6 87 1d bb b8 bb 1f fa cf |<7>| 004b - ea 44 e7 8a 9e b5 95 6e 04 93 4b 86 f0 e3 3f 5b |<7>| 004c - c4 7d ef 2c 38 2c d6 6e 50 ec 58 b1 6e d5 ef b4 |<7>| 004d - b0 40 56 f6 89 2d 21 1c c9 6c 21 5b ef b4 f2 1a |<7>| 004e - f7 b0 47 b8 61 b8 00 cb 5a dd e6 31 b5 f7 bb c9 |<7>| 004f - bc 0c 77 13 02 03 01 00 01 a3 81 bb 30 81 b8 30 |<7>| 0050 - 1d 06 03 55 1d 0e 04 16 04 14 6b c8 68 20 07 59 |<7>| 0051 - 38 ea a0 42 06 a9 90 6f d4 8d 7f c0 7d e8 30 81 |<7>| 0052 - 88 06 03 55 1d 23 04 81 80 30 7e 80 14 6b c8 68 |<7>| 0053 - 20 07 59 38 ea a0 42 06 a9 90 6f d4 8d 7f c0 7d |<7>| 0054 - e8 a1 5b a4 59 30 57 31 0b 30 09 06 03 55 04 06 |<7>| 0055 - 13 02 55 4b 31 0c 30 0a 06 03 55 04 0a 13 03 6f |<7>| 0056 - 72 67 31 0f 30 0d 06 03 55 04 03 13 06 6f 72 67 |<7>| 0057 - 20 43 41 31 29 30 27 06 09 2a 86 48 86 f7 0d 01 |<7>| 0058 - 09 01 16 1a 75 73 65 72 40 6c 6f 63 61 6c 68 6f |<7>| 0059 - 73 74 2e 6c 6f 63 61 6c 64 6f 6d 61 69 6e 82 09 |<7>| 005a - 00 db b7 d6 7f 44 5e 56 f6 30 0c 06 03 55 1d 13 |<7>| 005b - 04 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 f7 |<7>| 005c - 0d 01 01 05 05 00 03 81 81 00 6a 77 35 6e 23 a4 |<7>| 005d - d1 93 9e 46 b3 a8 05 3b 3a ec 72 51 cb 38 3a c2 |<7>| 005e - 72 69 c8 5b 26 23 b8 19 9f 5c 01 8b 7b bc 53 26 |<7>| 005f - 6e e2 72 89 e0 a2 ed 03 7a 9b b7 75 00 95 94 41 |<7>| 0060 - 28 4d 3d 09 13 82 f0 e4 dc e9 3a 22 24 b9 35 61 |<7>| 0061 - 43 0d 58 4b b3 0e 48 eb d5 fb ab bb a9 e6 35 0f |<7>| 0062 - a7 75 fa 43 78 5e 34 89 6e dd 0b 70 e2 cd 07 64 |<7>| 0063 - 87 e9 8f da 27 22 70 92 0a 50 39 f5 8e e9 1c 02 |<7>| 0064 - 7c 6d 2f aa 05 56 49 7d 07 3f |<7>| RB: Have 5 bytes into buffer. Adding 1610 bytes. |<7>| RB: Requested 1615 bytes |<2>| ASSERT: gnutls_cipher.c:205 |<4>| REC[89c1dd0]: Decrypted Packet[1] Handshake(22) with length: 1610 |<6>| BUF[HSK]: Inserted 1610 bytes of Data(22) |<6>| BUF[REC][HD]: Read 1 bytes of Data(22) |<6>| BUF[REC][HD]: Read 3 bytes of Data(22) |<3>| HSK[89c1dd0]: CERTIFICATE was received [1610 bytes] |<6>| BUF[REC][HD]: Read 1606 bytes of Data(22) |<6>| BUF[HSK]: Peeked 74 bytes of Data |<6>| BUF[HSK]: Emptied buffer |<6>| BUF[HSK]: Inserted 4 bytes of Data |<6>| BUF[HSK]: Inserted 1606 bytes of Data |<7>| READ: Got 5 bytes from 4 |<7>| READ: read 5 bytes from 4 |<7>| 0000 - 16 03 01 01 8d |<7>| RB: Have 0 bytes into buffer. Adding 5 bytes. |<7>| RB: Requested 5 bytes |<4>| REC[89c1dd0]: Expected Packet[2] Handshake(22) with length: 1 |<4>| REC[89c1dd0]: Received Packet[2] Handshake(22) with length: 397 |<7>| READ: Got 397 bytes from 4 |<7>| READ: read 397 bytes from 4 |<7>| 0000 - 0c 00 01 89 00 80 d6 7d e4 40 cb bb dc 19 36 d6 |<7>| 0001 - 93 d3 4a fd 0a d5 0c 84 d2 39 a4 5f 52 0b b8 81 |<7>| 0002 - 74 cb 98 bc e9 51 84 9f 91 2e 63 9c 72 fb 13 b4 |<7>| 0003 - b4 d7 17 7e 16 d5 5a c1 79 ba 42 0b 2a 29 fe 32 |<7>| 0004 - 4a 46 7a 63 5e 81 ff 59 01 37 7b ed dc fd 33 16 |<7>| 0005 - 8a 46 1a ad 3b 72 da e8 86 00 78 04 5b 07 a7 db |<7>| 0006 - ca 78 74 08 7d 15 10 ea 9f cc 9d dd 33 05 07 dd |<7>| 0007 - 62 db 88 ae aa 74 7d e0 f4 d6 e2 bd 68 b0 e7 39 |<7>| 0008 - 3e 0f 24 21 8e b3 00 01 02 00 80 40 43 9d b0 10 |<7>| 0009 - 64 17 54 00 9c be 41 d9 fb 24 48 6b b2 dc c4 a2 |<7>| 000a - 07 0d a4 6e b0 40 82 57 10 fb 3c 32 dd d3 33 2e |<7>| 000b - 1a 12 76 f3 46 bf 1c df 32 01 8a 3c d5 ae c0 23 |<7>| 000c - 06 8e 32 a1 43 c1 3d f1 d6 85 d0 2e d7 5e 6f ad |<7>| 000d - 55 34 a8 ee 11 3f 55 2d 55 70 95 c0 96 36 59 ba |<7>| 000e - bd 7d 85 af a5 c5 15 7c ad 00 3b 60 f0 9c 12 3c |<7>| 000f - 9c dd 97 ca e5 87 36 45 ad bb 06 39 9a 66 f2 90 |<7>| 0010 - 94 04 4e 4e a9 bf 46 2a db 93 69 00 80 75 ca 67 |<7>| 0011 - 0f d3 b8 49 38 1a b8 41 a2 e5 15 f3 6b 2e e1 28 |<7>| 0012 - 3e 0b b0 5b 32 ba 2e 9f c0 00 8c 64 f4 0a d7 35 |<7>| 0013 - 17 13 b2 d1 3c 77 42 95 36 48 68 4d 3f f6 b0 e9 |<7>| 0014 - 41 05 06 e7 45 43 39 77 81 78 e6 8c d1 a1 c8 d9 |<7>| 0015 - a7 c8 7b 12 23 fe fe 93 e2 45 b9 d2 cf fa 5e ee |<7>| 0016 - ae c9 fb 4d c1 c8 98 3a 5b 55 d3 c1 b6 ca f5 a0 |<7>| 0017 - 96 b7 9e 2b 81 1d 3d a5 43 b5 f4 37 37 53 e8 31 |<7>| 0018 - 94 8b 26 e3 23 0a 34 04 93 a8 5a cb 0a |<7>| RB: Have 5 bytes into buffer. Adding 397 bytes. |<7>| RB: Requested 402 bytes |<2>| ASSERT: gnutls_cipher.c:205 |<4>| REC[89c1dd0]: Decrypted Packet[2] Handshake(22) with length: 397 |<6>| BUF[HSK]: Inserted 397 bytes of Data(22) |<6>| BUF[REC][HD]: Read 1 bytes of Data(22) |<6>| BUF[REC][HD]: Read 3 bytes of Data(22) |<3>| HSK[89c1dd0]: SERVER KEY EXCHANGE was received [397 bytes] |<6>| BUF[REC][HD]: Read 393 bytes of Data(22) |<6>| BUF[HSK]: Peeked 1610 bytes of Data |<6>| BUF[HSK]: Emptied buffer |<6>| BUF[HSK]: Inserted 4 bytes of Data |<6>| BUF[HSK]: Inserted 393 bytes of Data |<7>| READ: Got 5 bytes from 4 |<7>| READ: read 5 bytes from 4 |<7>| 0000 - 16 03 01 00 04 |<7>| RB: Have 0 bytes into buffer. Adding 5 bytes. |<7>| RB: Requested 5 bytes |<4>| REC[89c1dd0]: Expected Packet[3] Handshake(22) with length: 1 |<4>| REC[89c1dd0]: Received Packet[3] Handshake(22) with length: 4 |<7>| READ: Got 4 bytes from 4 |<7>| READ: read 4 bytes from 4 |<7>| 0000 - 0e 00 00 00 |<7>| RB: Have 5 bytes into buffer. Adding 4 bytes. |<7>| RB: Requested 9 bytes |<2>| ASSERT: gnutls_cipher.c:205 |<4>| REC[89c1dd0]: Decrypted Packet[3] Handshake(22) with length: 4 |<6>| BUF[HSK]: Inserted 4 bytes of Data(22) |<6>| BUF[REC][HD]: Read 1 bytes of Data(22) |<6>| BUF[REC][HD]: Read 3 bytes of Data(22) |<3>| HSK[89c1dd0]: SERVER HELLO DONE was received [4 bytes] |<2>| ASSERT: gnutls_handshake.c:1111 |<6>| BUF[HSK]: Peeked 397 bytes of Data |<6>| BUF[HSK]: Emptied buffer |<6>| BUF[HSK]: Inserted 4 bytes of Data |<3>| HSK[89c1dd0]: CLIENT KEY EXCHANGE was send [134 bytes] |<6>| BUF[HSK]: Peeked 4 bytes of Data |<6>| BUF[HSK]: Emptied buffer |<4>| REC[89c1dd0]: Sending Packet[1] Handshake(22) with length: 134 |<2>| ASSERT: gnutls_cipher.c:205 |<7>| WRITE: Will write 139 bytes to 4. |<7>| WRITE: wrote 139 bytes to 4. Left 0 bytes. Total 139 bytes. |<7>| 0000 - 16 03 01 00 86 10 00 00 82 00 80 85 10 10 8c db |<7>| 0001 - cc 4e 0b 09 11 ca 78 3f 87 d9 5c 11 64 9e b7 a5 |<7>| 0002 - d9 b2 94 e3 2b db 62 f0 0a 50 3b 11 72 d6 70 81 |<7>| 0003 - 8b e9 0a 3e 47 2f 3e 14 ff fa cb f1 a0 da 3f 46 |<7>| 0004 - fd 16 31 49 2e 53 f7 84 74 52 f4 ca 27 8d 62 f8 |<7>| 0005 - 5c 6b 4f a2 b4 2d 80 4b 86 d4 e3 c1 1c 91 48 0c |<7>| 0006 - 26 d3 1c e7 cd 70 4b 89 4c 11 5c 50 fe 0f 51 bf |<7>| 0007 - 03 c4 f4 dc 33 59 b3 24 61 be 9f 81 1b ab 4d 6f |<7>| 0008 - 6b af e4 90 83 7e f0 af 94 47 40 |<4>| REC[89c1dd0]: Sent Packet[2] Handshake(22) with length: 139 |<3>| REC[89c1dd0]: Sent ChangeCipherSpec |<4>| REC[89c1dd0]: Sending Packet[2] Change Cipher Spec(20) with length: 1 |<2>| ASSERT: gnutls_cipher.c:205 |<7>| WRITE: Will write 6 bytes to 4. |<7>| WRITE: wrote 6 bytes to 4. Left 0 bytes. Total 6 bytes. |<7>| 0000 - 14 03 01 00 01 01 |<4>| REC[89c1dd0]: Sent Packet[3] Change Cipher Spec(20) with length: 6 |<9>| INT: PREMASTER SECRET[128]: 62154b8aef1593ad4c7a4b7bf5113347ffba2f87722f80bdcd84ad3c206bb9d3b1c29186b538d0f399043f55bfc62b65f6c2c1f50f6546d028749ceb911675d41a64c81174b20b44496dc926a0d53059d90f02c421945cab80d3584b8990052dfab7aaa9007ef049d97e8d2f2509ac7cf306b4e231b9f39ed2d3da5b3bc65b4b |<9>| INT: CLIENT RANDOM[32]: 4964997c721f57a7c2e8f9fd387b913d9ff8b93fed91b5972474304969240f86 |<9>| INT: SERVER RANDOM[32]: 4964997cffe9a07fde2204efabe06f5422da6456d3b19e16d565382bc873aa56 |<9>| INT: MASTER SECRET: 4a3697a69038d4e59dbdd9d1e91e3650faf5e1072161b1eb8d7234f3f193b06f709e48b3f627fe3c628a652ae7dfc9ea |<9>| INT: KEY BLOCK[104]: a48c033b0598536bd26ee9dae1162efda9495e5c612cd79787a25ea416242c01 |<9>| INT: CLIENT WRITE KEY [16]: 25af928321bd41e180cf471d66dbd0a1 |<9>| INT: SERVER WRITE KEY [16]: caf5fc5b6e39efe7fcd4587b6b13c3bb |<3>| HSK[89c1dd0]: Cipher Suite: DHE_RSA_AES_128_CBC_SHA1 |<3>| HSK[89c1dd0]: Initializing internal [write] cipher sessions |<6>| BUF[HSK]: Peeked 0 bytes of Data |<6>| BUF[HSK]: Emptied buffer |<3>| HSK[89c1dd0]: FINISHED was send [16 bytes] |<6>| BUF[HSK]: Peeked 0 bytes of Data |<6>| BUF[HSK]: Emptied buffer |<4>| REC[89c1dd0]: Sending Packet[0] Handshake(22) with length: 16 |<7>| WRITE: Will write 85 bytes to 4. |<7>| WRITE: wrote 85 bytes to 4. Left 0 bytes. Total 85 bytes. |<7>| 0000 - 16 03 01 00 50 67 fe 74 82 60 13 58 6d 15 ee 56 |<7>| 0001 - f4 4a 9a 63 eb d4 86 c4 de f9 2a ce 5d fe f0 64 |<7>| 0002 - 95 32 71 e9 d2 45 30 c9 a8 5c 52 d9 02 1e 1c 41 |<7>| 0003 - b2 f5 81 c6 82 ed e5 28 59 f2 cd 78 1d 09 e9 0c |<7>| 0004 - 36 de dd 45 ba 35 0e d4 ad 43 ce 56 42 33 97 bf |<7>| 0005 - f4 39 aa 06 6f |<4>| REC[89c1dd0]: Sent Packet[1] Handshake(22) with length: 85 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: -1 returned from 4, errno=11 gerrno=0 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_handshake.c:2492 |<7>| READ: Got 5 bytes from 4 |<7>| READ: read 5 bytes from 4 |<7>| 0000 - 14 03 01 00 01 |<7>| RB: Have 0 bytes into buffer. Adding 5 bytes. |<7>| RB: Requested 5 bytes |<4>| REC[89c1dd0]: Expected Packet[4] Change Cipher Spec(20) with length: 1 |<4>| REC[89c1dd0]: Received Packet[4] Change Cipher Spec(20) with length: 1 |<7>| READ: Got 1 bytes from 4 |<7>| READ: read 1 bytes from 4 |<7>| 0000 - 01 |<7>| RB: Have 5 bytes into buffer. Adding 1 bytes. |<7>| RB: Requested 6 bytes |<2>| ASSERT: gnutls_cipher.c:205 |<4>| REC[89c1dd0]: ChangeCipherSpec Packet was received |<3>| HSK[89c1dd0]: Cipher Suite: DHE_RSA_AES_128_CBC_SHA1 |<3>| HSK[89c1dd0]: Initializing internal [read] cipher sessions |<7>| READ: Got 5 bytes from 4 |<7>| READ: read 5 bytes from 4 |<7>| 0000 - 16 03 01 00 30 |<7>| RB: Have 0 bytes into buffer. Adding 5 bytes. |<7>| RB: Requested 5 bytes |<4>| REC[89c1dd0]: Expected Packet[0] Handshake(22) with length: 1 |<4>| REC[89c1dd0]: Received Packet[0] Handshake(22) with length: 48 |<7>| READ: Got 48 bytes from 4 |<7>| READ: read 48 bytes from 4 |<7>| 0000 - 80 a9 24 0a 30 8d 0f 48 7c 0a 59 2b 12 d1 ec ce |<7>| 0001 - 0f bb cd 83 6f cd ae 0e 23 93 7f 16 ad 01 09 a0 |<7>| 0002 - c6 81 6b 97 b1 a1 cd 73 d1 1a 74 fe 4e a9 69 1d |<7>| 0003 - |<7>| RB: Have 5 bytes into buffer. Adding 48 bytes. |<7>| RB: Requested 53 bytes |<4>| REC[89c1dd0]: Decrypted Packet[0] Handshake(22) with length: 16 |<6>| BUF[HSK]: Inserted 16 bytes of Data(22) |<6>| BUF[REC][HD]: Read 1 bytes of Data(22) |<6>| BUF[REC][HD]: Read 3 bytes of Data(22) |<3>| HSK[89c1dd0]: FINISHED was received [16 bytes] |<6>| BUF[REC][HD]: Read 12 bytes of Data(22) |<6>| BUF[HSK]: Peeked 0 bytes of Data |<6>| BUF[HSK]: Emptied buffer |<6>| BUF[HSK]: Inserted 4 bytes of Data |<6>| BUF[HSK]: Inserted 12 bytes of Data |<6>| BUF[HSK]: Cleared Data from buffer |<2>| ASSERT: mpi.c:587 |<2>| ASSERT: dn.c:1212 * server certificate verification OK * common name: localhost (matched) * server certificate expiration date OK * server certificate activation date OK * certificate public key: RSA * certificate version: #3 * subject: C=UK,O=org,CN=localhost,EMAIL=user at localhost.localdomain * start date: Wed, 07 Jan 2009 11:35:14 GMT * expire date: Sat, 05 Jan 2019 11:35:14 GMT * issuer: C=UK,O=org,CN=org CA,EMAIL=user at localhost.localdomain * compression: NULL * cipher: AES-128-CBC * MAC: SHA1 |<4>| REC[89c1dd0]: Sending Packet[1] Application Data(23) with length: 154 |<7>| WRITE: Will write 373 bytes to 4. |<7>| WRITE: wrote 373 bytes to 4. Left 0 bytes. Total 373 bytes. |<7>| 0000 - 17 03 01 01 70 2c b8 a4 3d 43 c5 fb 73 ab 9f ff |<7>| 0001 - 68 73 5f 64 14 02 b5 5c c2 fc a1 7f b4 7b 83 cc |<7>| 0002 - f4 0f 69 57 1d fd 84 a5 10 e0 d7 2e 4a cc 55 da |<7>| 0003 - 87 d4 ea 6d 39 67 21 3c 31 57 71 69 1b 71 eb bf |<7>| 0004 - f2 d4 24 a1 dc 89 f1 f7 06 80 cf b7 81 60 fc 05 |<7>| 0005 - 07 86 8b 2b f9 01 a0 62 00 d2 d4 e6 c0 55 22 c7 |<7>| 0006 - 06 ec fe 6b 53 60 20 8c 02 28 c9 16 48 fa 77 5b |<7>| 0007 - a1 50 25 bc 72 ee 10 24 ef b8 57 2f 03 a4 1f 24 |<7>| 0008 - c2 ee 49 90 c5 e9 6c f8 d3 32 fe da cc d3 30 04 |<7>| 0009 - 9d d2 65 7f fe 08 fc 55 1e 94 75 5d 3d 3b 95 85 |<7>| 000a - 5a b0 5f ac bd 8e 51 52 1b 26 11 f4 8e 9d bf 54 |<7>| 000b - 58 01 be 68 21 81 62 45 58 5c 8b 92 c7 9c 8b f5 |<7>| 000c - 1e d3 b1 2f 62 09 40 c3 d2 79 93 8d ef 26 64 1e |<7>| 000d - 8b ea ea d0 f5 01 57 b7 7a a2 77 fd fc 94 65 fc |<7>| 000e - 28 e6 4b f1 17 c0 3a 62 58 96 ce d8 58 3e 0a 9a |<7>| 000f - bd 93 93 71 c1 d3 fd 34 90 34 17 2f ec 61 4c 97 |<7>| 0010 - 7e 33 48 22 12 98 e2 78 58 ff b2 14 43 d7 38 cb |<7>| 0011 - 0f 8c b6 10 2d 12 cf f6 44 a0 63 b2 a3 b0 ba 7a |<7>| 0012 - 62 3b 36 8a 53 7f fa 0d 7b 53 c0 4a b1 e9 51 2d |<7>| 0013 - bf 5a 8c 8e a7 a9 6e 68 0a 8b 35 f7 e1 9f 8b cf |<7>| 0014 - 2c fb 74 17 6a 78 53 17 b3 5f ec 8b a1 3d 24 09 |<7>| 0015 - 7c 7c 51 08 d9 63 66 e4 b7 63 ff fc 0c 18 47 d8 |<7>| 0016 - de 2b f9 39 63 d5 84 a6 90 15 5f 94 41 e5 b0 1f |<7>| 0017 - 4a 04 24 9a b0 |<4>| REC[89c1dd0]: Sent Packet[2] Application Data(23) with length: 373 > GET /mini-dinstall/hardy/Release.gpg HTTP/1.1 User-Agent: Debian APT-CURL/1.0 (0.7.14ubuntu6) Host: localhost Accept: */* Cache-Control: max-age=0 |<7>| READ: Got 5 bytes from 4 |<7>| READ: read 5 bytes from 4 |<7>| 0000 - 16 03 01 00 20 |<7>| RB: Have 0 bytes into buffer. Adding 5 bytes. |<7>| RB: Requested 5 bytes |<4>| REC[89c1dd0]: Expected Packet[1] Application Data(23) with length: 16384 |<4>| REC[89c1dd0]: Received Packet[1] Handshake(22) with length: 32 |<7>| READ: Got 32 bytes from 4 |<7>| READ: read 32 bytes from 4 |<7>| 0000 - ff ab 89 da ab e8 25 9b 0c 4e 21 93 db 1d 54 84 |<7>| 0001 - b0 94 30 d6 f9 f1 28 c5 e8 48 cb ca b9 1a 90 df |<7>| 0002 - |<7>| RB: Have 5 bytes into buffer. Adding 32 bytes. |<7>| RB: Requested 37 bytes |<4>| REC[89c1dd0]: Decrypted Packet[1] Handshake(22) with length: 4 |<2>| ASSERT: gnutls_record.c:1047 |<3>| HSK[89c1dd0]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1 |<3>| HSK[89c1dd0]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1 |<3>| HSK[89c1dd0]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1 |<3>| HSK[89c1dd0]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1 |<3>| HSK[89c1dd0]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1 |<3>| HSK[89c1dd0]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1 |<3>| HSK[89c1dd0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1 |<3>| HSK[89c1dd0]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1 |<3>| HSK[89c1dd0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1 |<3>| HSK[89c1dd0]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1 |<3>| HSK[89c1dd0]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1 |<3>| HSK[89c1dd0]: Removing ciphersuite: DHE_PSK_SHA_AES_128_CBC_SHA1 |<3>| HSK[89c1dd0]: Removing ciphersuite: DHE_PSK_SHA_AES_256_CBC_SHA1 |<3>| HSK[89c1dd0]: Removing ciphersuite: DHE_PSK_SHA_3DES_EDE_CBC_SHA1 |<3>| HSK[89c1dd0]: Removing ciphersuite: DHE_PSK_SHA_ARCFOUR_SHA1 |<3>| HSK[89c1dd0]: Removing ciphersuite: SRP_SHA_RSA_AES_128_CBC_SHA1 |<3>| HSK[89c1dd0]: Removing ciphersuite: SRP_SHA_RSA_AES_256_CBC_SHA1 |<3>| HSK[89c1dd0]: Removing ciphersuite: SRP_SHA_RSA_3DES_EDE_CBC_SHA1 |<3>| HSK[89c1dd0]: Removing ciphersuite: SRP_SHA_DSS_AES_128_CBC_SHA1 |<3>| HSK[89c1dd0]: Removing ciphersuite: SRP_SHA_DSS_AES_256_CBC_SHA1 |<3>| HSK[89c1dd0]: Removing ciphersuite: SRP_SHA_DSS_3DES_EDE_CBC_SHA1 |<3>| HSK[89c1dd0]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1 |<3>| HSK[89c1dd0]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1 |<3>| HSK[89c1dd0]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1 |<3>| HSK[89c1dd0]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1 |<3>| HSK[89c1dd0]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1 |<3>| HSK[89c1dd0]: Keeping ciphersuite: RSA_ARCFOUR_SHA1 |<3>| HSK[89c1dd0]: Keeping ciphersuite: RSA_ARCFOUR_MD5 |<3>| HSK[89c1dd0]: Removing ciphersuite: PSK_SHA_AES_128_CBC_SHA1 |<3>| HSK[89c1dd0]: Removing ciphersuite: PSK_SHA_AES_256_CBC_SHA1 |<3>| HSK[89c1dd0]: Removing ciphersuite: PSK_SHA_3DES_EDE_CBC_SHA1 |<3>| HSK[89c1dd0]: Removing ciphersuite: PSK_SHA_ARCFOUR_SHA1 |<3>| HSK[89c1dd0]: Removing ciphersuite: SRP_SHA_AES_128_CBC_SHA1 |<3>| HSK[89c1dd0]: Removing ciphersuite: SRP_SHA_AES_256_CBC_SHA1 |<3>| HSK[89c1dd0]: Removing ciphersuite: SRP_SHA_3DES_EDE_CBC_SHA1 |<2>| EXT[89c1dd0]: Sending extension SERVER_NAME |<3>| HSK[89c1dd0]: CLIENT HELLO was send [99 bytes] |<6>| BUF[HSK]: Peeked 0 bytes of Data |<6>| BUF[HSK]: Emptied buffer |<4>| REC[89c1dd0]: Sending Packet[2] Handshake(22) with length: 99 |<7>| WRITE: Will write 181 bytes to 4. |<7>| WRITE: wrote 181 bytes to 4. Left 0 bytes. Total 181 bytes. |<7>| 0000 - 16 03 02 00 b0 d8 1c 1d f2 22 d4 53 8a aa e3 11 |<7>| 0001 - c5 dd 4f fd a7 11 00 c0 7b 4f 33 88 72 46 fc 54 |<7>| 0002 - c2 03 23 d2 c2 1f 1c ae 68 56 51 33 5b a6 8f ed |<7>| 0003 - 67 97 cd 2e ed 6a 6a de c5 d2 29 b4 9a b6 f4 a2 |<7>| 0004 - ad ef 78 d4 be f3 87 b8 e7 ba 29 5d 29 08 13 9b |<7>| 0005 - e4 f1 86 dd 49 e4 51 53 d6 4a a6 ff 9c 57 db 2c |<7>| 0006 - 45 d2 87 a3 8e 5e 90 36 e5 6c 51 2c 8f 64 64 2e |<7>| 0007 - 7d 06 23 51 94 58 21 92 72 d1 c0 92 41 83 51 29 |<7>| 0008 - 7b 16 93 c2 95 19 db 8c e7 16 d7 30 5a 74 6c 66 |<7>| 0009 - d4 08 ed 04 69 70 8f fd f1 e0 fc e4 c6 ff 05 0e |<7>| 000a - 4a 37 0d e5 cd 56 4c aa 12 83 1e 5e 15 35 eb 35 |<7>| 000b - a6 5b 89 bc f3 |<4>| REC[89c1dd0]: Sent Packet[3] Handshake(22) with length: 181 |<7>| READ: Got 5 bytes from 4 |<7>| READ: read 5 bytes from 4 |<7>| 0000 - 15 03 01 00 20 |<7>| RB: Have 0 bytes into buffer. Adding 5 bytes. |<7>| RB: Requested 5 bytes |<4>| REC[89c1dd0]: Expected Packet[2] Handshake(22) with length: 1 |<4>| REC[89c1dd0]: Received Packet[2] Alert(21) with length: 32 |<7>| READ: Got 32 bytes from 4 |<7>| READ: read 32 bytes from 4 |<7>| 0000 - 2f e8 d0 38 f5 f7 78 05 52 07 1c 2e 7a 2c 05 b0 |<7>| 0001 - f8 2f cd 6f c4 9b 7b 3a 36 26 b7 3d 1c 9c 3d ed |<7>| 0002 - |<7>| RB: Have 5 bytes into buffer. Adding 32 bytes. |<7>| RB: Requested 37 bytes |<2>| ASSERT: gnutls_cipher.c:514 |<4>| REC[89c1dd0]: Short record length 10 > 16 - 20 (under attack?) |<2>| ASSERT: gnutls_record.c:1001 |<2>| ASSERT: gnutls_buffers.c:1152 |<2>| ASSERT: gnutls_handshake.c:1032 |<2>| ASSERT: gnutls_handshake.c:2331 |<6>| BUF[HSK]: Cleared Data from buffer * gnutls_handshake() failed: Decryption has failed. |<2>| ASSERT: gnutls_record.c:879 * GnuTLS recv error (-10): The specified session has been invalidated for some reason. * Connection #0 to host localhost left intact * Connection #0 seems to be dead! * Closing connection #0 |<2>| ASSERT: gnutls_record.c:262 * About to connect() to localhost port 443 (#0) * Trying 127.0.0.1... * connected ... above block repeated again (few times) .... From martin.knappe at gmail.com Tue Jan 13 11:10:53 2009 From: martin.knappe at gmail.com (Martin Knappe) Date: Tue, 13 Jan 2009 11:10:53 +0100 Subject: [Help-gnutls] memory leak when using gnutls_handshake Message-ID: <1918c28b0901130210nb96a606sa6c3b887439be18c@mail.gmail.com> hi at out company we're using gnutls gnutls 1.4.4 while debugging our gnutls program with valgrind, a memory leak seems to occur when using gnutls_handshake. the calling sequence is: gnutls_global_init(); gnutls_init(&session, GNUTLS_SERVER); gnutls_set_default_priority(session); gnutls_kx_set_priority(session, (const int[]) {GNUTLS_KX_DHE_PSK, 0}); gnutls_credentials_set(*session, GNUTLS_CRD_PSK, psk_cred); fd = getFD; gnutls_transport_set_ptr(session, (gnutls_transport_ptr_t) fd); gnutls_handshake(session); here using session... gnutls_bye(session, GNUTLS_SHUT_RDWR); gnutls_deinit(session); gnutls_global_deinit(); valgrind says there are memory leaks because of the handshake function: ==10134== 418 (160 direct, 258 indirect) bytes in 1 blocks are definitely lost in loss record 9 of 15 ==10134== at 0x401C6CA: calloc (vg_replace_malloc.c:279) ==10134== by 0x42B98E5: _gnutls_auth_info_set (in /usr/lib/libgnutls.so.13.0.9) ==10134== by 0x42D5421: (within /usr/lib/libgnutls.so.13.0.9) ==10134== by 0x42B4A18: _gnutls_send_server_kx_message (in /usr/lib/libgnutls.so.13.0.9) ==10134== by 0x42B17EB: _gnutls_handshake_server (in /usr/lib/libgnutls.so.13.0.9) ==10134== by 0x42B1DD5: gnutls_handshake (in /usr/lib/libgnutls.so.13.0.9) ==10134== by 0x804A8DD: acceptNewSession (ultmanager.c:351) ==10134== by 0x804B012: main (ultmanager.c:590) ==10134== ==10134== ==10134== 258 bytes in 3 blocks are indirectly lost in loss record 10 of 15 ==10134== at 0x401D38B: malloc (vg_replace_malloc.c:149) ==10134== by 0x42BCED1: _gnutls_mpi_dprint_lz (in /usr/lib/libgnutls.so.13.0.9) ==10134== by 0x42C9135: _gnutls_dh_set_group (in /usr/lib/libgnutls.so.13.0.9) ==10134== by 0x42D543B: (within /usr/lib/libgnutls.so.13.0.9) ==10134== by 0x42B4A18: _gnutls_send_server_kx_message (in /usr/lib/libgnutls.so.13.0.9) ==10134== by 0x42B17EB: _gnutls_handshake_server (in /usr/lib/libgnutls.so.13.0.9) ==10134== by 0x42B1DD5: gnutls_handshake (in /usr/lib/libgnutls.so.13.0.9) ==10134== by 0x804A8DD: acceptNewSession (ultmanager.c:351) ==10134== by 0x804B012: main (ultmanager.c:590) is there anything i am forgetting to do when closing the connection? or is this a bug in version 1.4.4?? many thanks martin -------------- next part -------------- An HTML attachment was scrubbed... URL: From simon at josefsson.org Tue Jan 13 13:35:46 2009 From: simon at josefsson.org (Simon Josefsson) Date: Tue, 13 Jan 2009 13:35:46 +0100 Subject: [Help-gnutls] Re: memory leak when using gnutls_handshake In-Reply-To: <1918c28b0901130210nb96a606sa6c3b887439be18c@mail.gmail.com> (Martin Knappe's message of "Tue, 13 Jan 2009 11:10:53 +0100") References: <1918c28b0901130210nb96a606sa6c3b887439be18c@mail.gmail.com> Message-ID: <87hc43pen1.fsf@mocca.josefsson.org> "Martin Knappe" writes: > hi > > at out company we're using gnutls gnutls 1.4.4 > > while debugging our gnutls program with valgrind, a memory leak seems to > occur when using gnutls_handshake. Many memory leaks have been fixed since v1.4.4, I suggest you try the latest stable version, v2.6.3, instead, to see if your problem still remains. The current self-test tests/mini.c does not leak memory as you describe for me. /Simon From simon at josefsson.org Fri Jan 16 15:18:39 2009 From: simon at josefsson.org (Simon Josefsson) Date: Fri, 16 Jan 2009 15:18:39 +0100 Subject: [Help-gnutls] Libtasn1 1.8 Message-ID: <87vdsf9vwg.fsf@mocca.josefsson.org> Libtasn1 is a standalone library written in C for manipulating ASN.1 objects including DER/BER encoding and DER/BER decoding. Libtasn1 is used by GnuTLS to manipulate X.509 objects and by Shishi to handle Kerberos V5 packets. Version 1.8 (released 2009-01-16) - Fix crlf self-test under Mingw+Wine. - Fix build problems on platforms that lack stdint.h. Reported by Dagobert Michelsen in . Commercial support contracts for Libtasn1 are available, and they help finance continued maintenance. Simon Josefsson Datakonsult, a Stockholm based privately held company, is currently funding Libtasn1 maintenance. We are always looking for interesting development projects. See http://josefsson.org/ for more details. If you need help to use Libtasn1, or want to help others, you are invited to join the help-gnutls mailing list, see: . Homepage: http://josefsson.org/libtasn1/ Here are the compressed sources (1.6MB): ftp://ftp.gnu.org/gnu/gnutls/libtasn1-1.8.tar.gz http://ftp.gnu.org/gnu/gnutls/libtasn1-1.8.tar.gz Here are GPG detached signatures using key 0xB565716F: ftp://ftp.gnu.org/gnu/gnutls/libtasn1-1.8.tar.gz.sig http://ftp.gnu.org/gnu/gnutls/libtasn1-1.8.tar.gz.sig The software is cryptographically signed by the author using an OpenPGP key identified by the following information: pub 1280R/B565716F 2002-05-05 [expires: 2009-04-21] Key fingerprint = 0424 D4EE 81A0 E3D1 19C6 F835 EDA2 1E94 B565 716F uid Simon Josefsson uid Simon Josefsson sub 1280R/4D5D40AE 2002-05-05 [expires: 2009-04-21] The key is available from: http://josefsson.org/key.txt dns:b565716f.josefsson.org?TYPE=CERT Here are the SHA-1 and SHA-224 checksums: 12b8a872eb4aa24f12bd09a24ab6199b8058e5b3 libtasn1-1.8.tar.gz e6f24e582a61ff19312709e08cbba98193a87b256fc5d21b15931525 libtasn1-1.8.tar.gz Happy hacking, Simon -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 419 bytes Desc: not available URL: From simon at josefsson.org Mon Jan 19 12:18:12 2009 From: simon at josefsson.org (Simon Josefsson) Date: Mon, 19 Jan 2009 12:18:12 +0100 Subject: [Help-gnutls] Google Summer of Code: Interested? Message-ID: <87k58rtuh7.fsf@mocca.josefsson.org> If someone is interested to participate as a student in this year's Google Summer of Code, there is a chance we can apply via GNU. I guess almost anything related to GnuTLS is allowed in applications, but the more realistic and the more useful the idea is, the more likely the application is to get approved. Look at the doc/TODO file for inspiration, but feel free to propose larger ideas too. (the items in the TODO file are often rather small tasks.) /Simon From martin.knappe at gmail.com Mon Jan 19 16:17:57 2009 From: martin.knappe at gmail.com (Martin Knappe) Date: Mon, 19 Jan 2009 16:17:57 +0100 Subject: [Help-gnutls] gnutls session termination Message-ID: <1918c28b0901190717t3237d36at700184ec64800e0b@mail.gmail.com> hi i have a gnutls server and clients. they both run in their own vm's so i'm emulating a situation where both run on different machines my problem is the following: 1) server and client establish connection while the client is sending something to the server via gnutls_record_send, the server process is killed (kill -9 pid) no signal handler is installed here the server process is killed and the call to gnutls_record_send on the client side fails -> this is the desired behaviour but now: 2) server and client establish connection while the client is sending something to the server via gnutls_record_send, the server vm is reset (like the "real" machine was unplugged) the client process hangs in gnutls_record_send and doesnt come back! what i want here is of course the the client return from gnutls_record_send! what can i do here? using gnutls version 1.4.4 thanks martin -------------- next part -------------- An HTML attachment was scrubbed... URL: From nmav at gnutls.org Mon Jan 19 20:54:35 2009 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Mon, 19 Jan 2009 21:54:35 +0200 Subject: [Help-gnutls] gnutls session termination In-Reply-To: <1918c28b0901190717t3237d36at700184ec64800e0b@mail.gmail.com> References: <1918c28b0901190717t3237d36at700184ec64800e0b@mail.gmail.com> Message-ID: <4974DA7B.2090303@gnutls.org> Martin Knappe wrote: > server and client establish connection > while the client is sending something to the server via gnutls_record_send, > the server vm is reset (like the "real" machine was unplugged) > the client process hangs in gnutls_record_send and doesnt come back! > > what i want here is of course the the client return from gnutls_record_send! The same as you would do for send(). gnutls_recond_send doesn't block, only send blocks, thus you must check the relevant socket options. regards, Nikos From nmav at gnutls.org Mon Jan 19 21:07:29 2009 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Mon, 19 Jan 2009 22:07:29 +0200 Subject: [Help-gnutls] client certificate authentication In-Reply-To: <1231356138.7163.7.camel@nimitz.example.org> References: <1231356138.7163.7.camel@nimitz.example.org> Message-ID: <4974DD81.4020400@gnutls.org> Tristan Hill wrote: > I'm trying to troubleshoot the use of gnutls via libcurl in the apt > https transport. Apt is configured to use a certificate for > authentication. It works fine without trying to authenticate with a > certificate (i.e. the server's certificate is verified OK) > > I have an apache test server configuration similar to that mentioned > towards the end of > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480041 - "configured > for per-location client cert auth". > > Attached is output of 'apt-get update' with libcurl recompiled to run > gnutls_global_set_log_level(10). > > I guess things go wrong around: > > |<4>| REC[89c1dd0]: Short record length 10 > 16 - 20 (under attack?) > Your advice appreciated. Check the server log. The hint is: |<4>| REC[89c1dd0]: Expected Packet[2] Handshake(22) with length: 1 |<4>| REC[89c1dd0]: Received Packet[2] Alert(21) with length: 32 for some reason the server sent an alert. regards, Nikos From stan at saticed.me.uk Tue Jan 20 21:47:13 2009 From: stan at saticed.me.uk (Tristan Hill) Date: Tue, 20 Jan 2009 20:47:13 +0000 Subject: [Help-gnutls] client certificate authentication In-Reply-To: <4974DD81.4020400@gnutls.org> References: <1231356138.7163.7.camel@nimitz.example.org> <4974DD81.4020400@gnutls.org> Message-ID: <1232484433.7434.31.camel@nimitz.example.org> On Mon, 2009-01-19 at 22:07 +0200, Nikos Mavrogiannopoulos wrote: > Check the server log. The hint is: > |<4>| REC[89c1dd0]: Expected Packet[2] Handshake(22) with length: 1 > |<4>| REC[89c1dd0]: Received Packet[2] Alert(21) with length: 32 The best I appear to be able to get from apache+mod_ssl indicate: [Tue Jan 20 20:30:34 2009] [debug] ssl_engine_kernel.c(1770): OpenSSL: Write: SSLv3 read client hello B [Tue Jan 20 20:30:34 2009] [debug] ssl_engine_kernel.c(1789): OpenSSL: Exit: error in SSLv3 read client hello B [Tue Jan 20 20:30:34 2009] [error] Re-negotiation handshake failed: Not accepted by client!? Perhaps the full log is clearer to you? Thanks Tristan -------------- next part -------------- A non-text attachment was scrubbed... Name: apache_error.log Type: text/x-log Size: 20404 bytes Desc: not available URL: From martin.knappe at gmail.com Thu Jan 22 12:46:00 2009 From: martin.knappe at gmail.com (Martin Knappe) Date: Thu, 22 Jan 2009 12:46:00 +0100 Subject: [Help-gnutls] gnutls_record_recv with non-blocking i/o Message-ID: <1918c28b0901220346k4795f483yf94499567bd7bd78@mail.gmail.com> hi i have set up a server that accepts several tls clients; the client opens a socket descriptor for each new client and makes it a non-blocking socket (via fcntl(socket, F_SETFL, O_NONBLOCK)) i handle all clients in the same thread my server loop looks like this (pseudo code) for(;;) { poll(sockets) for sockets: s do { if canRead(s) { handleInput(s) } } function handleInput(socket s) { if (doTlsRecv(s, &buffer) == SUCCESS) { doSomethingWithInput(buffer); } } function doTlsRecv(void *buffer) { count = 1; for(;;) { read = gnutls_record_recv(session, buffer, INPUTSIZE); if ((read == GNUTLS_E_INTERRUPTED) || (read == GNUTLS_E_AGAIN)) { printf("repeating %d times\n", count); count++; } else { break; } if (read < 0) { return FAILURE; } return SUCCESS; } the reason why i wrote doTlsRecv like this is because the gnutls documentation says this (documentation for gnutls_record_recv): "If GNUTLS_E_INTERRUPTED or GNUTLS_E_AGAIN is returned, you must call this function again, with the same parameters" However, this does not work as it should: It works for a while, but when I run the manager for a while and clients start pumping data through the tls connection, I end up seeing the printf("repeating %d times\n", count); in doTlsRecv eternally! Why is that? How could I handle this? Thanks Martin PS: I am using non-blocking sockets, because I dont want the server to hang when a client suddenly goes down while sending something (without properly closing tcp connection). -------------- next part -------------- An HTML attachment was scrubbed... URL: From nmav at gnutls.org Thu Jan 22 21:18:38 2009 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Thu, 22 Jan 2009 22:18:38 +0200 Subject: [Help-gnutls] gnutls_record_recv with non-blocking i/o In-Reply-To: <1918c28b0901220346k4795f483yf94499567bd7bd78@mail.gmail.com> References: <1918c28b0901220346k4795f483yf94499567bd7bd78@mail.gmail.com> Message-ID: <20090122221838.7ca9a084@nmav-eee> On Thu, 22 Jan 2009 12:46:00 +0100 Martin Knappe wrote: > hi > > i have set up a server that accepts several tls clients; > the client opens a socket descriptor for each new client and makes it > a non-blocking socket (via fcntl(socket, F_SETFL, O_NONBLOCK)) > i handle all clients in the same thread Which version of gnutls do you use? Does the socket have any data to read? regards, Nikos From stan at saticed.me.uk Sun Jan 25 12:37:23 2009 From: stan at saticed.me.uk (Tristan Hill) Date: Sun, 25 Jan 2009 11:37:23 +0000 Subject: [Help-gnutls] client certificate authentication In-Reply-To: <1232484433.7434.31.camel@nimitz.example.org> References: <1231356138.7163.7.camel@nimitz.example.org> <4974DD81.4020400@gnutls.org> <1232484433.7434.31.camel@nimitz.example.org> Message-ID: <1232883443.19927.20.camel@nimitz.example.org> I have done some more investigation with ssldump: New TCP connection #4: localhost.localdomain(49051) <-> localhost.localdomain(443) 4 1 0.0047 (0.0047) C>SV3.2(99) Handshake ClientHello Version 3.2 4 2 0.0135 (0.0088) S>CV3.1(74) Handshake ServerHello Version 3.1 4 3 0.0135 (0.0000) S>CV3.1(1534) Handshake Certificate 4 4 0.0135 (0.0000) S>CV3.1(397) Handshake ServerKeyExchange 4 5 0.0135 (0.0000) S>CV3.1(4) Handshake ServerHelloDone 4 6 0.0803 (0.0667) C>SV3.1(134) Handshake ClientKeyExchange 4 7 0.1180 (0.0376) C>SV3.1(1) ChangeCipherSpec 4 8 0.1180 (0.0000) C>SV3.1(256) Handshake 4 9 0.1185 (0.0005) S>CV3.1(1) ChangeCipherSpec 4 10 0.1185 (0.0000) S>CV3.1(48) Handshake 4 11 0.1295 (0.0110) C>SV3.1(368) application_data 4 12 0.1301 (0.0005) S>CV3.1(32) Handshake 4 13 0.1491 (0.0190) C>SV3.2(192) Handshake 4 14 0.1494 (0.0002) S>CV3.1(32) Alert 4 0.1495 (0.0001) S>C TCP FIN 4 0.2651 (0.1156) C>S TCP FIN The V3.2 on the final handshake looked suspicious to me (appears to matches the hexdump in the gnutls debug output from the original post however). I assume the final two handshakes are CertificateRequest and Certificate messages. I have tried removing GNUTLS_TLS1_1 from the protocol_priority array in gnutls_priority.c and this seems to allow a successful connection authenticating with a client certificate. I'm unsure if this is valid behaviour from openssl however. Thanks Tristan From nmav at gnutls.org Sun Jan 25 16:30:16 2009 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sun, 25 Jan 2009 17:30:16 +0200 Subject: [Help-gnutls] client certificate authentication In-Reply-To: <1232883443.19927.20.camel@nimitz.example.org> References: <1231356138.7163.7.camel@nimitz.example.org> <4974DD81.4020400@gnutls.org> <1232484433.7434.31.camel@nimitz.example.org> <1232883443.19927.20.camel@nimitz.example.org> Message-ID: <497C8588.3000904@gnutls.org> Tristan Hill wrote: > I have done some more investigation with ssldump: [...] > I'm unsure if this is valid behaviour from openssl however. Thank you. I'm also not sure if this is a valid behavior from us. I attach a patch, and I'd appreciate if you check and see that it solves you issue. The attached patch tries stay on the safe side and don't try to upgrade the TLS version on a rehandshake. I'm not sure whether this is the right thing to do, although performing a rehandshake to upgrade the TLS version seems quite unlikely. regards, Nikos -------------- next part -------------- A non-text attachment was scrubbed... Name: handshake.patch Type: text/x-patch Size: 1295 bytes Desc: not available URL: From stan at saticed.me.uk Sun Jan 25 23:00:29 2009 From: stan at saticed.me.uk (Tristan Hill) Date: Sun, 25 Jan 2009 22:00:29 +0000 Subject: [Help-gnutls] client certificate authentication In-Reply-To: <497C8588.3000904@gnutls.org> References: <1231356138.7163.7.camel@nimitz.example.org> <4974DD81.4020400@gnutls.org> <1232484433.7434.31.camel@nimitz.example.org> <1232883443.19927.20.camel@nimitz.example.org> <497C8588.3000904@gnutls.org> Message-ID: <1232920829.7343.5.camel@nimitz.example.org> On Sun, 2009-01-25 at 17:30 +0200, Nikos Mavrogiannopoulos wrote: > I attach a patch, and I'd appreciate if you check and see that it solves > you issue. > works for me Thanks Tristan From nmav at gnutls.org Tue Jan 27 21:58:51 2009 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Tue, 27 Jan 2009 22:58:51 +0200 Subject: [Help-gnutls] client certificate authentication In-Reply-To: <1232920829.7343.5.camel@nimitz.example.org> References: <1231356138.7163.7.camel@nimitz.example.org> <4974DD81.4020400@gnutls.org> <1232484433.7434.31.camel@nimitz.example.org> <1232883443.19927.20.camel@nimitz.example.org> <497C8588.3000904@gnutls.org> <1232920829.7343.5.camel@nimitz.example.org> Message-ID: <497F758B.4020500@gnutls.org> Tristan Hill wrote: > On Sun, 2009-01-25 at 17:30 +0200, Nikos Mavrogiannopoulos wrote: >> I attach a patch, and I'd appreciate if you check and see that it solves >> you issue. >> > works for me Applied, thank you.