GnuTLS Re-Handshake Fails

Dash Shendy admin at dash.za.net
Mon May 23 19:24:37 CEST 2011


I need first to know your setup and what you are trying to do.

>>> My Setup is as follows:
>>> Fedora Core 14 Dual Katmai PIII 500Mhz CPU 1002MB RAM
>>> Apache 2.2.18 Prefork MPM with PHP 5.3.4+suhosin, GnuTLS 2.2.15
using gpgme 1.3.0 & libassuan 2.0.1 & libgcrypt 1.4.6 & libtasn 1-2.9 &
lzo 2.05 & libgpg-error 1.10, mod_gnutls 0.5.9 with apr_memcache 0.7.0,
>>> LibGnuTLS was compiled thus: ./configure --prefix=/usr
--enable-cryptodev --enable-shared --enable-valgrind-tests
--enable-dependency-tracking --with-libgcrypt
--with-libgcrypt-prefix=/usr/local --without-libnettle-prefix
--with-libtasn1-prefix=/usr --with-included-libcfg --with-lzo
>>> # ldd /usr/lib/libgnutls.so.26.20.0
        linux-gate.so.1 =>  (0x0013a000)
        libtasn1.so.3 => /usr/lib/libtasn1.so.3 (0x00d3e000)
        libgcrypt.so.11 => /usr/local/lib/libgcrypt.so.11 (0x0098c000)
        libgpg-error.so.0 => /usr/local/lib/libgpg-error.so.0 (0x00dc2000)
        libz.so.1 => /lib/libz.so.1 (0x007de000)
        libdl.so.2 => /lib/libdl.so.2 (0x00511000)
        libpthread.so.0 => /lib/libpthread.so.0 (0x007a8000)
        libc.so.6 => /lib/libc.so.6 (0x001ed000)
        /lib/ld-linux.so.2 (0x00944000)
>>> mod_gnutls was compiled thus: ./configure --enable-static=no
--with-apxs=/usr/local/apache2/bin/apxs --with-libgnutls-prefix=/usr
--with-apr-memcache-prefix=/usr --with-apr-memcache-libs=/usr/lib
--with-apr-memcache-includes=/usr/include
>>> # ldd /usr/local/apache2/modules/mod_gnutls.so
        linux-gate.so.1 =>  (0x0080b000)
        libapr_memcache.so.0 => /usr/lib/libapr_memcache.so.0 (0x00751000)
        libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0x00a22000)
        libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x00ec0000)
        libpthread.so.0 => /lib/libpthread.so.0 (0x00110000)
        libc.so.6 => /lib/libc.so.6 (0x0012b000)
        libaprutil-1.so.0 => /usr/lib/libaprutil-1.so.0 (0x002b5000)
        libcrypt.so.1 => /lib/libcrypt.so.1 (0x0081a000)
        libapr-1.so.0 => /usr/lib/libapr-1.so.0 (0x006a4000)
        libldap-2.4.so.2 => /usr/lib/libldap-2.4.so.2 (0x0030a000)
        liblber-2.4.so.2 => /usr/lib/liblber-2.4.so.2 (0x00d72000)
        libexpat.so.1 => /lib/libexpat.so.1 (0x00599000)
        libdb-4.8.so => /usr/lib/libdb-4.8.so (0x00356000)
        libtasn1.so.3 => /usr/lib/libtasn1.so.3 (0x00e8a000)
        libgcrypt.so.11 => /usr/local/lib/libgcrypt.so.11 (0x004d8000)
        libgpg-error.so.0 => /usr/local/lib/libgpg-error.so.0 (0x002d9000)
        libz.so.1 => /usr/lib/libz.so.1 (0x002dd000)
        libdl.so.2 => /lib/libdl.so.2 (0x00e22000)
        libm.so.6 => /lib/libm.so.6 (0x0054c000)
        /lib/ld-linux.so.2 (0x00944000)
        libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x0076b000)
        libuuid.so.1 => /lib/libuuid.so.1 (0x002f2000)
        libfreebl3.so => /usr/lib/libfreebl3.so (0x00d8e000)
        libresolv.so.2 => /lib/libresolv.so.2 (0x00c06000)
        libssl3.so => /usr/lib/libssl3.so (0x005c1000)
        libsmime3.so => /usr/lib/libsmime3.so (0x005f7000)
        libnss3.so => /usr/lib/libnss3.so (0x00c20000)
        libnssutil3.so => /usr/lib/libnssutil3.so (0x00576000)
        libplds4.so => /lib/libplds4.so (0x002f7000)
        libplc4.so => /lib/libplc4.so (0x00591000)
        libnspr4.so => /lib/libnspr4.so (0x00620000)
        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x0065c000)

What is your server and what options do you have? Why
do you do rehandshake in the first place?

>>> I was just testing the re-handshaking, that's all really, is that the way you test it? do I need an extra flag?

The server closed the session for some reason. Your server log
might have more information. But don't just post logs, explain
what you are doing.

>>> I was just testing to see that everything works and I thought I'd let you know about this error, just being a good netizen.
>>> My main issue is actually that weird compression error, I've been tearing my hair-out re-compiling my lamp stack trying to fix it:)

Regards,
Dash

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110523/1164ec1f/attachment.htm>


More information about the Gnutls-help mailing list