[Help-gnutls] client certificate authentication

Nikos Mavrogiannopoulos nmav at gnutls.org
Mon Jan 19 21:07:29 CET 2009


Tristan Hill wrote:
> I'm trying to troubleshoot the use of gnutls via libcurl in the apt
> https transport.  Apt is configured to use a certificate for
> authentication.  It works fine without trying to authenticate with a
> certificate (i.e. the server's certificate is verified OK)
> 
> I have an apache test server configuration similar to that mentioned
> towards the end of
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480041 - "configured
> for per-location client cert auth".
> 
> Attached is output of 'apt-get update' with libcurl recompiled to run
> gnutls_global_set_log_level(10).
> 
> I guess things go wrong around:
> 
> |<4>| REC[89c1dd0]: Short record length 10 > 16 - 20 (under attack?)
> Your advice appreciated.

Check the server log. The hint is:
|<4>| REC[89c1dd0]: Expected Packet[2] Handshake(22) with length: 1
|<4>| REC[89c1dd0]: Received Packet[2] Alert(21) with length: 32

for some reason the server sent an alert.

regards,
Nikos





More information about the Gnutls-help mailing list