[Help-gnutls] client certificate authentication
nmav at gnutls.org
Mon Jan 19 21:07:29 CET 2009
Tristan Hill wrote:
> I'm trying to troubleshoot the use of gnutls via libcurl in the apt
> https transport. Apt is configured to use a certificate for
> authentication. It works fine without trying to authenticate with a
> certificate (i.e. the server's certificate is verified OK)
> I have an apache test server configuration similar to that mentioned
> towards the end of
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480041 - "configured
> for per-location client cert auth".
> Attached is output of 'apt-get update' with libcurl recompiled to run
> I guess things go wrong around:
> |<4>| REC[89c1dd0]: Short record length 10 > 16 - 20 (under attack?)
> Your advice appreciated.
Check the server log. The hint is:
|<4>| REC[89c1dd0]: Expected Packet Handshake(22) with length: 1
|<4>| REC[89c1dd0]: Received Packet Alert(21) with length: 32
for some reason the server sent an alert.
More information about the Gnutls-help