GnuTLS Re-Handshake Fails

Nikos Mavrogiannopoulos nmav at gnutls.org
Mon May 23 21:51:24 CEST 2011


On 05/23/2011 07:24 PM, Dash Shendy wrote:

> What is your server and what options do you have? Why do you do
> rehandshake in the first place?
>>>> I was just testing the re-handshaking, that's all really, is
>>>> that the way you test it? do I need an extra flag?
> The server closed the session for some reason. Your server log might
> have more information. But don't just post logs, explain what you are
> doing.
>>>> I was just testing to see that everything works and I thought
>>>> I'd let you know about this error, just being a good netizen. 
>>>> My main issue is actually that weird compression error, I've
>>>> been tearing my hair-out re-compiling my lamp stack trying to
>>>> fix it:)

Ok, so did you modify gnutls-cli to perform a rehandshake? Is that the
case? HTTPS servers do not really support re-handshake (there is no
real reason to), except for when they initiate it. mod_gnutls at least
should behave like that. That is because the prominent reason to
initiate a rehandshake is to upgrade credentials (i.e. require the
client to send his certificate).

So what you see is actually mod_gnutls closing your session because
you asked for rehandshake. If you request a URL that requires client
authentication is would ask for rehandshake by itself.

regards,
Nikos





More information about the Gnutls-help mailing list