[Help-gnutls] client certificate authentication
Nikos Mavrogiannopoulos
nmav at gnutls.org
Mon Jan 19 21:07:29 CET 2009
Tristan Hill wrote:
> I'm trying to troubleshoot the use of gnutls via libcurl in the apt
> https transport. Apt is configured to use a certificate for
> authentication. It works fine without trying to authenticate with a
> certificate (i.e. the server's certificate is verified OK)
>
> I have an apache test server configuration similar to that mentioned
> towards the end of
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480041 - "configured
> for per-location client cert auth".
>
> Attached is output of 'apt-get update' with libcurl recompiled to run
> gnutls_global_set_log_level(10).
>
> I guess things go wrong around:
>
> |<4>| REC[89c1dd0]: Short record length 10 > 16 - 20 (under attack?)
> Your advice appreciated.
Check the server log. The hint is:
|<4>| REC[89c1dd0]: Expected Packet[2] Handshake(22) with length: 1
|<4>| REC[89c1dd0]: Received Packet[2] Alert(21) with length: 32
for some reason the server sent an alert.
regards,
Nikos
More information about the Gnutls-help
mailing list