[Help-gnutls] Re: help troubleshooting "TLS packet with unexpected length was received" error

Simon Josefsson simon at josefsson.org
Mon Mar 23 17:09:58 CET 2009


Brad Fritz <brad-gnutls at fritzfam.com> writes:

> I am able to reproduce the problem using gnutls-cli v2.6.4 built from
> source:
>
>   ./src/gnutls-cli -d 4711 --x509cafile /usr/share/ca-certificates/mozilla/ValiCert_Class_2_VA.crt api.smugmug.com

The server is buggy, it does not handle MAC padding correctly, since
this appears to work:

gnutls-cli -d 4711 --x509cafile /usr/share/ca-certificates/mozilla/ValiCert_Class_2_VA.crt api.smugmug.com --priority NORMAL:%COMPAT

The %COMPAT keyword disables MAC padding.  You can read about it here:

http://www.gnu.org/software/gnutls/manual/html_node/On-Record-Padding.html

/Simon





More information about the Gnutls-help mailing list