Big CA certificate bundle causes problems with GnuTLS 3.0.11

Janne Snabb snabb at epipe.com
Tue May 29 16:46:18 CEST 2012


I am experiencing a TLS handshake problem when GnuTLS 3.0.11 server has
a big pile of CA certificates to verify against. I can not reproduce the
problem with GnuTLS 2.12.14.

Steps to re-produce:

1. Create server key+certificate:

certtool --generate-privkey --outfile foo.key
certtool --generate-self-signed --load-privkey foo.key --outfile foo.crt

(leave all fields empty except expiration and enable signing and
encryption)

2. Start server:

gnutls-serv --x509keyfile foo.key --x509certfile foo.crt --x509cafile
/etc/ssl/certs/ca-certificates.crt

3. Connect with client and observe failure:

gnutls-cli --insecure -p 5556 localhost

4. Start server without CA cert bundle:

gnutls-serv --x509keyfile foo.key --x509certfile foo.crt

5. Connect with client and observe success:

gnutls-cli --insecure -p 5556 localhost


Note that the file /etc/ssl/certs/ca-certificates.crt contains a big
pile of certificates, as distributed by Debian and Ubuntu
"ca-certificates" package. (I am happy to send it if needed.) If I
specify just a sigle CA cert I do not see any problems.

This means that when the problem happens the "certificate request" is
bigger than 16k.

Is this a bug, or is there just too many certificates? I suspect a bug
because GnuTLS 2.12.14 nor OpenSSL does not have any issues. I am happy
to supply any additional information.


gnutls-serv outputs the following when the failure happens:

Set static Diffie-Hellman parameters, consider --dhparams.
Processed 141 CA certificate(s).
HTTP Server listening on IPv4 0.0.0.0 port 5556...done
HTTP Server listening on IPv6 :: port 5556...bind() failed: Address
already in use

* Accepted connection from IPv4 127.0.0.1 port 48518 on Tue May 29
14:18:09 2012
* Received alert '22': Record overflow.
Error in handshake
Error: A TLS fatal alert has been received.


And the gnutls-cli outputs the following:

Processed 141 CA certificate(s).
Resolving 'localhost'...
Connecting to '127.0.0.1:5556'...
- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- The hostname in the certificate does NOT match 'localhost'
*** Verifying server certificate failed...
*** Fatal error: A TLS packet with unexpected length was received.
*** Handshake has failed
GnuTLS error: A TLS packet with unexpected length was received.


gnutls-serv output with --debug 9:

|<2>| ASSERT: pkcs11.c:459
|<2>| ASSERT: mpi.c:249
|<2>| ASSERT: gnutls_dh_primes.c:293
|<2>| ASSERT: dn.c:362
|<2>| ASSERT: dn.c:481
HTTP Server listening on IPv4 0.0.0.0 port 5556...done
HTTP Server listening on IPv6 :: port 5556...bind() failed: Address
already in use
|<4>| REC[0xa1cd60]: Allocating epoch #0
|<2>| ASSERT: gnutls_constate.c:717
|<4>| REC[0xa1cd60]: Allocating epoch #1
|<2>| ASSERT: gnutls_buffers.c:974
|<4>| REC[0xa1cd60]: SSL 3.0 Handshake packet received. Epoch 0, length: 202
|<4>| REC[0xa1cd60]: Expected Packet Handshake(22)
|<4>| REC[0xa1cd60]: Received Packet Handshake(22) with length: 202
|<4>| REC[0xa1cd60]: Decrypted Packet[0] Handshake(22) with length: 202
|<3>| HSK[0xa1cd60]: CLIENT HELLO was received. Length 198[198], frag
offset 0, frag length: 198, sequence: 0
|<3>| HSK[0xa1cd60]: Client's version: 3.3
|<2>| ASSERT: gnutls_db.c:265
|<2>| ASSERT: gnutls_db.c:297
|<3>| EXT[0xa1cd60]: Parsing extension 'SERVER NAME/0' (14 bytes)
|<3>| EXT[0xa1cd60]: Parsing extension 'SAFE RENEGOTIATION/65281' (1 bytes)
|<3>| EXT[0xa1cd60]: Parsing extension 'SUPPORTED ECC/10' (12 bytes)
|<3>| HSK[0xa1cd60]: Selected ECC curve SECP192R1 (5)
|<3>| EXT[0xa1cd60]: Parsing extension 'SUPPORTED ECC POINT FORMATS/11'
(2 bytes)
|<3>| EXT[0xa1cd60]: Parsing extension 'SIGNATURE ALGORITHMS/13' (28 bytes)
|<3>| EXT[0xa1cd60]: rcvd signature algo (4.1) RSA-SHA256
|<3>| EXT[0xa1cd60]: rcvd signature algo (4.2) DSA-SHA256
|<3>| EXT[0xa1cd60]: rcvd signature algo (4.3) ECDSA-SHA256
|<3>| EXT[0xa1cd60]: rcvd signature algo (5.1) RSA-SHA384
|<3>| EXT[0xa1cd60]: rcvd signature algo (5.3) ECDSA-SHA384
|<3>| EXT[0xa1cd60]: rcvd signature algo (6.1) RSA-SHA512
|<3>| EXT[0xa1cd60]: rcvd signature algo (6.3) ECDSA-SHA512
|<3>| EXT[0xa1cd60]: rcvd signature algo (3.1) RSA-SHA224
|<3>| EXT[0xa1cd60]: rcvd signature algo (3.2) DSA-SHA224
|<3>| EXT[0xa1cd60]: rcvd signature algo (3.3) ECDSA-SHA224
|<3>| EXT[0xa1cd60]: rcvd signature algo (2.1) RSA-SHA1
|<3>| EXT[0xa1cd60]: rcvd signature algo (2.2) DSA-SHA1
|<3>| EXT[0xa1cd60]: rcvd signature algo (2.3) ECDSA-SHA1
|<3>| HSK[0xa1cd60]: Requested PK algorithm: EC (4) -- ctype: X.509 (1)
|<3>| HSK[0xa1cd60]: certificate[0] PK algorithm: RSA (1) - ctype: X.509 (1)
|<3>| HSK[0xa1cd60]: Requested PK algorithm: EC (4) -- ctype: X.509 (1)
|<3>| HSK[0xa1cd60]: certificate[0] PK algorithm: RSA (1) - ctype: X.509 (1)
|<3>| HSK[0xa1cd60]: Requested PK algorithm: EC (4) -- ctype: X.509 (1)
|<3>| HSK[0xa1cd60]: certificate[0] PK algorithm: RSA (1) - ctype: X.509 (1)
|<3>| HSK[0xa1cd60]: Requested PK algorithm: EC (4) -- ctype: X.509 (1)
|<3>| HSK[0xa1cd60]: certificate[0] PK algorithm: RSA (1) - ctype: X.509 (1)
|<3>| HSK[0xa1cd60]: Requested PK algorithm: EC (4) -- ctype: X.509 (1)
|<3>| HSK[0xa1cd60]: certificate[0] PK algorithm: RSA (1) - ctype: X.509 (1)
|<3>| HSK[0xa1cd60]: Requested PK algorithm: EC (4) -- ctype: X.509 (1)
|<3>| HSK[0xa1cd60]: certificate[0] PK algorithm: RSA (1) - ctype: X.509 (1)
|<3>| HSK[0xa1cd60]: Requested PK algorithm: EC (4) -- ctype: X.509 (1)
|<3>| HSK[0xa1cd60]: certificate[0] PK algorithm: RSA (1) - ctype: X.509 (1)
|<3>| HSK[0xa1cd60]: Requested PK algorithm: RSA (1) -- ctype: X.509 (1)
|<3>| HSK[0xa1cd60]: certificate[0] PK algorithm: RSA (1) - ctype: X.509 (1)
|<3>| HSK[0xa1cd60]: Removing ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA1
|<3>| HSK[0xa1cd60]: Removing ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA256
|<3>| HSK[0xa1cd60]: Removing ciphersuite: ECDHE_ECDSA_AES_128_GCM_SHA256
|<3>| HSK[0xa1cd60]: Removing ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA1
|<3>| HSK[0xa1cd60]: Removing ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA384
|<3>| HSK[0xa1cd60]: Removing ciphersuite: ECDHE_ECDSA_AES_256_GCM_SHA384
|<3>| HSK[0xa1cd60]: Removing ciphersuite: ECDHE_ECDSA_3DES_EDE_CBC_SHA1
|<3>| HSK[0xa1cd60]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA1 (C0.13)
|<3>| HSK[0xa1cd60]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA256
(C0.27)
|<3>| HSK[0xa1cd60]: Keeping ciphersuite: ECDHE_RSA_AES_128_GCM_SHA256
(C0.2F)
|<3>| HSK[0xa1cd60]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA1 (C0.14)
|<3>| HSK[0xa1cd60]: Keeping ciphersuite: ECDHE_RSA_AES_256_GCM_SHA384
(C0.30)
|<3>| HSK[0xa1cd60]: Keeping ciphersuite: ECDHE_RSA_3DES_EDE_CBC_SHA1
(C0.12)
|<3>| HSK[0xa1cd60]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1 (00.33)
|<3>| HSK[0xa1cd60]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA256 (00.67)
|<3>| HSK[0xa1cd60]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1
(00.45)
|<3>| HSK[0xa1cd60]: Keeping ciphersuite: DHE_RSA_AES_128_GCM_SHA256 (00.9E)
|<3>| HSK[0xa1cd60]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1 (00.39)
|<3>| HSK[0xa1cd60]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA256 (00.6B)
|<3>| HSK[0xa1cd60]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1
(00.88)
|<3>| HSK[0xa1cd60]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1 (00.16)
|<3>| HSK[0xa1cd60]: Removing ciphersuite: DHE_DSS_AES_128_CBC_SHA1
|<3>| HSK[0xa1cd60]: Removing ciphersuite: DHE_DSS_AES_128_CBC_SHA256
|<3>| HSK[0xa1cd60]: Removing ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1
|<3>| HSK[0xa1cd60]: Removing ciphersuite: DHE_DSS_AES_128_GCM_SHA256
|<3>| HSK[0xa1cd60]: Removing ciphersuite: DHE_DSS_AES_256_CBC_SHA1
|<3>| HSK[0xa1cd60]: Removing ciphersuite: DHE_DSS_AES_256_CBC_SHA256
|<3>| HSK[0xa1cd60]: Removing ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1
|<3>| HSK[0xa1cd60]: Removing ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[0xa1cd60]: Removing ciphersuite: DHE_DSS_ARCFOUR_SHA1
|<3>| HSK[0xa1cd60]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1 (00.2F)
|<3>| HSK[0xa1cd60]: Keeping ciphersuite: RSA_AES_128_CBC_SHA256 (00.3C)
|<3>| HSK[0xa1cd60]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1 (00.41)
|<3>| HSK[0xa1cd60]: Keeping ciphersuite: RSA_AES_128_GCM_SHA256 (00.9C)
|<3>| HSK[0xa1cd60]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1 (00.35)
|<3>| HSK[0xa1cd60]: Keeping ciphersuite: RSA_AES_256_CBC_SHA256 (00.3D)
|<3>| HSK[0xa1cd60]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1 (00.84)
|<3>| HSK[0xa1cd60]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1 (00.0A)
|<3>| HSK[0xa1cd60]: Keeping ciphersuite: RSA_ARCFOUR_SHA1 (00.05)
|<3>| HSK[0xa1cd60]: Keeping ciphersuite: RSA_ARCFOUR_MD5 (00.04)
|<3>| HSK[0xa1cd60]: Requested cipher suites[size: 80]:
|<3>| 	0xc0, 0x09 ECDHE_ECDSA_AES_128_CBC_SHA1
|<3>| 	0xc0, 0x23 ECDHE_ECDSA_AES_128_CBC_SHA256
|<3>| 	0xc0, 0x2b ECDHE_ECDSA_AES_128_GCM_SHA256
|<3>| 	0xc0, 0x0a ECDHE_ECDSA_AES_256_CBC_SHA1
|<3>| 	0xc0, 0x24 ECDHE_ECDSA_AES_256_CBC_SHA384
|<3>| 	0xc0, 0x2c ECDHE_ECDSA_AES_256_GCM_SHA384
|<3>| 	0xc0, 0x08 ECDHE_ECDSA_3DES_EDE_CBC_SHA1
|<3>| 	0xc0, 0x13 ECDHE_RSA_AES_128_CBC_SHA1
|<3>| HSK[0xa1cd60]: Selected cipher suite: ECDHE_RSA_AES_128_CBC_SHA1
|<3>| HSK[0xa1cd60]: Selected Compression Method: NULL
|<3>| HSK[0xa1cd60]: Safe renegotiation succeeded
|<3>| EXT[0xa1cd60]: Sending extension SAFE RENEGOTIATION (1 bytes)
|<3>| EXT[0xa1cd60]: Sending extension SUPPORTED ECC POINT FORMATS (2 bytes)
|<3>| HSK[0xa1cd60]: SessionID:
176537c551ca398133358e980be582adc4243490f0d5d9559384190fd366d705
|<3>| HSK[0xa1cd60]: SERVER HELLO was queued [87 bytes]
|<3>| HSK[0xa1cd60]: CERTIFICATE was queued [816 bytes]
|<3>| HSK[0xa1cd60]: signing handshake data: using RSA-SHA256
|<3>| HSK[0xa1cd60]: SERVER KEY EXCHANGE was queued [365 bytes]
|<3>| EXT[0xa1cd60]: sent signature algo (4.1) RSA-SHA256
|<3>| EXT[0xa1cd60]: sent signature algo (4.2) DSA-SHA256
|<3>| EXT[0xa1cd60]: sent signature algo (4.3) ECDSA-SHA256
|<3>| EXT[0xa1cd60]: sent signature algo (5.1) RSA-SHA384
|<3>| EXT[0xa1cd60]: sent signature algo (5.3) ECDSA-SHA384
|<3>| EXT[0xa1cd60]: sent signature algo (6.1) RSA-SHA512
|<3>| EXT[0xa1cd60]: sent signature algo (6.3) ECDSA-SHA512
|<3>| EXT[0xa1cd60]: sent signature algo (3.1) RSA-SHA224
|<3>| EXT[0xa1cd60]: sent signature algo (3.2) DSA-SHA224
|<3>| EXT[0xa1cd60]: sent signature algo (3.3) ECDSA-SHA224
|<3>| EXT[0xa1cd60]: sent signature algo (2.1) RSA-SHA1
|<3>| EXT[0xa1cd60]: sent signature algo (2.2) DSA-SHA1
|<3>| EXT[0xa1cd60]: sent signature algo (2.3) ECDSA-SHA1
|<3>| HSK[0xa1cd60]: CERTIFICATE REQUEST was queued [17029 bytes]
|<3>| HSK[0xa1cd60]: SERVER HELLO DONE was queued [4 bytes]
|<4>| REC[0xa1cd60]: Preparing Packet Handshake(22) with length: 87
|<9>| ENC[0xa1cd60]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
|<4>| REC[0xa1cd60]: Sent Packet[1] Handshake(22) in epoch 0 and length: 92
|<4>| REC[0xa1cd60]: Preparing Packet Handshake(22) with length: 816
|<9>| ENC[0xa1cd60]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
|<4>| REC[0xa1cd60]: Sent Packet[2] Handshake(22) in epoch 0 and length: 821
|<4>| REC[0xa1cd60]: Preparing Packet Handshake(22) with length: 365
|<9>| ENC[0xa1cd60]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
|<4>| REC[0xa1cd60]: Sent Packet[3] Handshake(22) in epoch 0 and length: 370
|<4>| REC[0xa1cd60]: Preparing Packet Handshake(22) with length: 17029
|<9>| ENC[0xa1cd60]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
|<4>| REC[0xa1cd60]: Sent Packet[4] Handshake(22) in epoch 0 and length:
16389
|<4>| REC[0xa1cd60]: Preparing Packet Handshake(22) with length: 645
|<9>| ENC[0xa1cd60]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
|<4>| REC[0xa1cd60]: Sent Packet[5] Handshake(22) in epoch 0 and length: 650
|<4>| REC[0xa1cd60]: Preparing Packet Handshake(22) with length: 4
|<9>| ENC[0xa1cd60]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
|<4>| REC[0xa1cd60]: Sent Packet[6] Handshake(22) in epoch 0 and length: 9
|<2>| ASSERT: gnutls_buffers.c:974
|<2>| ASSERT: gnutls_buffers.c:974
|<4>| REC[0xa1cd60]: SSL 3.3 Alert packet received. Epoch 0, length: 2
|<4>| REC[0xa1cd60]: Expected Packet Handshake(22)
|<4>| REC[0xa1cd60]: Received Packet Alert(21) with length: 2
|<4>| REC[0xa1cd60]: Decrypted Packet[1] Alert(21) with length: 2
|<4>| REC[0xa1cd60]: Alert[2|22] - Record overflow - was received
|<2>| ASSERT: gnutls_record.c:627
|<2>| ASSERT: gnutls_record.c:633
|<2>| ASSERT: gnutls_record.c:1111
|<2>| ASSERT: gnutls_buffers.c:1175
|<2>| ASSERT: gnutls_handshake.c:1269
|<2>| ASSERT: gnutls_handshake.c:2827
Error in handshake
|<4>| REC: Sending Alert[2|80] - Internal error
|<4>| REC[0xa1cd60]: Preparing Packet Alert(21) with length: 2
|<9>| ENC[0xa1cd60]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
|<4>| REC[0xa1cd60]: Sent Packet[7] Alert(21) in epoch 0 and length: 7
|<2>| ASSERT: gnutls_record.c:238
|<4>| REC[0xa1cd60]: Start of epoch cleanup
|<4>| REC[0xa1cd60]: End of epoch cleanup
|<4>| REC[0xa1cd60]: Epoch #0 freed
|<4>| REC[0xa1cd60]: Epoch #1 freed

gnutls-cli output with --debug 9:

|<2>| ASSERT: pkcs11.c:459
|<4>| REC[0x24e4120]: Allocating epoch #0
|<2>| ASSERT: gnutls_constate.c:717
|<4>| REC[0x24e4120]: Allocating epoch #1
|<3>| HSK[0x24e4120]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA1
(C0.09)
|<3>| HSK[0x24e4120]: Keeping ciphersuite:
ECDHE_ECDSA_AES_128_CBC_SHA256 (C0.23)
|<3>| HSK[0x24e4120]: Keeping ciphersuite:
ECDHE_ECDSA_AES_128_GCM_SHA256 (C0.2B)
|<3>| HSK[0x24e4120]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA1
(C0.0A)
|<3>| HSK[0x24e4120]: Keeping ciphersuite:
ECDHE_ECDSA_AES_256_CBC_SHA384 (C0.24)
|<3>| HSK[0x24e4120]: Keeping ciphersuite:
ECDHE_ECDSA_AES_256_GCM_SHA384 (C0.2C)
|<3>| HSK[0x24e4120]: Keeping ciphersuite: ECDHE_ECDSA_3DES_EDE_CBC_SHA1
(C0.08)
|<3>| HSK[0x24e4120]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA1
(C0.13)
|<3>| HSK[0x24e4120]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA256
(C0.27)
|<3>| HSK[0x24e4120]: Keeping ciphersuite: ECDHE_RSA_AES_128_GCM_SHA256
(C0.2F)
|<3>| HSK[0x24e4120]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA1
(C0.14)
|<3>| HSK[0x24e4120]: Keeping ciphersuite: ECDHE_RSA_AES_256_GCM_SHA384
(C0.30)
|<3>| HSK[0x24e4120]: Keeping ciphersuite: ECDHE_RSA_3DES_EDE_CBC_SHA1
(C0.12)
|<3>| HSK[0x24e4120]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1 (00.33)
|<3>| HSK[0x24e4120]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA256
(00.67)
|<3>| HSK[0x24e4120]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1
(00.45)
|<3>| HSK[0x24e4120]: Keeping ciphersuite: DHE_RSA_AES_128_GCM_SHA256
(00.9E)
|<3>| HSK[0x24e4120]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1 (00.39)
|<3>| HSK[0x24e4120]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA256
(00.6B)
|<3>| HSK[0x24e4120]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1
(00.88)
|<3>| HSK[0x24e4120]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1 (00.16)
|<3>| HSK[0x24e4120]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1 (00.32)
|<3>| HSK[0x24e4120]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA256
(00.40)
|<3>| HSK[0x24e4120]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1
(00.44)
|<3>| HSK[0x24e4120]: Keeping ciphersuite: DHE_DSS_AES_128_GCM_SHA256
(00.A2)
|<3>| HSK[0x24e4120]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1 (00.38)
|<3>| HSK[0x24e4120]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA256
(00.6A)
|<3>| HSK[0x24e4120]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1
(00.87)
|<3>| HSK[0x24e4120]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1 (00.13)
|<3>| HSK[0x24e4120]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1 (00.66)
|<3>| HSK[0x24e4120]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1 (00.2F)
|<3>| HSK[0x24e4120]: Keeping ciphersuite: RSA_AES_128_CBC_SHA256 (00.3C)
|<3>| HSK[0x24e4120]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1 (00.41)
|<3>| HSK[0x24e4120]: Keeping ciphersuite: RSA_AES_128_GCM_SHA256 (00.9C)
|<3>| HSK[0x24e4120]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1 (00.35)
|<3>| HSK[0x24e4120]: Keeping ciphersuite: RSA_AES_256_CBC_SHA256 (00.3D)
|<3>| HSK[0x24e4120]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1 (00.84)
|<3>| HSK[0x24e4120]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1 (00.0A)
|<3>| HSK[0x24e4120]: Keeping ciphersuite: RSA_ARCFOUR_SHA1 (00.05)
|<3>| HSK[0x24e4120]: Keeping ciphersuite: RSA_ARCFOUR_MD5 (00.04)
|<3>| EXT[0x24e4120]: Sending extension SERVER NAME (14 bytes)
|<3>| EXT[0x24e4120]: Sending extension SAFE RENEGOTIATION (1 bytes)
|<3>| EXT[0x24e4120]: Sending extension SUPPORTED ECC (12 bytes)
|<3>| EXT[0x24e4120]: Sending extension SUPPORTED ECC POINT FORMATS (2
bytes)
|<3>| EXT[0x24e4120]: sent signature algo (4.1) RSA-SHA256
|<3>| EXT[0x24e4120]: sent signature algo (4.2) DSA-SHA256
|<3>| EXT[0x24e4120]: sent signature algo (4.3) ECDSA-SHA256
|<3>| EXT[0x24e4120]: sent signature algo (5.1) RSA-SHA384
|<3>| EXT[0x24e4120]: sent signature algo (5.3) ECDSA-SHA384
|<3>| EXT[0x24e4120]: sent signature algo (6.1) RSA-SHA512
|<3>| EXT[0x24e4120]: sent signature algo (6.3) ECDSA-SHA512
|<3>| EXT[0x24e4120]: sent signature algo (3.1) RSA-SHA224
|<3>| EXT[0x24e4120]: sent signature algo (3.2) DSA-SHA224
|<3>| EXT[0x24e4120]: sent signature algo (3.3) ECDSA-SHA224
|<3>| EXT[0x24e4120]: sent signature algo (2.1) RSA-SHA1
|<3>| EXT[0x24e4120]: sent signature algo (2.2) DSA-SHA1
|<3>| EXT[0x24e4120]: sent signature algo (2.3) ECDSA-SHA1
|<3>| EXT[0x24e4120]: Sending extension SIGNATURE ALGORITHMS (28 bytes)
|<3>| HSK[0x24e4120]: CLIENT HELLO was queued [202 bytes]
|<4>| REC[0x24e4120]: Preparing Packet Handshake(22) with length: 202
|<9>| ENC[0x24e4120]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
|<4>| REC[0x24e4120]: Sent Packet[1] Handshake(22) in epoch 0 and
length: 207
|<2>| ASSERT: gnutls_buffers.c:974
|<4>| REC[0x24e4120]: SSL 3.3 Handshake packet received. Epoch 0, length: 87
|<4>| REC[0x24e4120]: Expected Packet Handshake(22)
|<4>| REC[0x24e4120]: Received Packet Handshake(22) with length: 87
|<4>| REC[0x24e4120]: Decrypted Packet[0] Handshake(22) with length: 87
|<3>| HSK[0x24e4120]: SERVER HELLO was received. Length 83[83], frag
offset 0, frag length: 83, sequence: 0
|<3>| HSK[0x24e4120]: Server's version: 3.3
|<3>| HSK[0x24e4120]: SessionID length: 32
|<3>| HSK[0x24e4120]: SessionID:
176537c551ca398133358e980be582adc4243490f0d5d9559384190fd366d705
|<3>| HSK[0x24e4120]: Selected cipher suite: ECDHE_RSA_AES_128_CBC_SHA1
|<3>| HSK[0x24e4120]: Selected compression method: NULL (0)
|<3>| EXT[0x24e4120]: Parsing extension 'SAFE RENEGOTIATION/65281' (1 bytes)
|<3>| EXT[0x24e4120]: Parsing extension 'SUPPORTED ECC POINT FORMATS/11'
(2 bytes)
|<3>| HSK[0x24e4120]: Safe renegotiation succeeded
|<2>| ASSERT: gnutls_buffers.c:974
|<4>| REC[0x24e4120]: SSL 3.3 Handshake packet received. Epoch 0,
length: 816
|<4>| REC[0x24e4120]: Expected Packet Handshake(22)
|<4>| REC[0x24e4120]: Received Packet Handshake(22) with length: 816
|<4>| REC[0x24e4120]: Decrypted Packet[1] Handshake(22) with length: 816
|<3>| HSK[0x24e4120]: CERTIFICATE was received. Length 812[812], frag
offset 0, frag length: 812, sequence: 0
|<2>| ASSERT: dn.c:1190
|<2>| ASSERT: verify.c:395
|<2>| ASSERT: verify.c:642
|<2>| ASSERT: dn.c:362
|<2>| ASSERT: dn.c:481
|<2>| ASSERT: gnutls_buffers.c:974
|<4>| REC[0x24e4120]: SSL 3.3 Handshake packet received. Epoch 0,
length: 365
|<4>| REC[0x24e4120]: Expected Packet Handshake(22)
|<4>| REC[0x24e4120]: Received Packet Handshake(22) with length: 365
|<4>| REC[0x24e4120]: Decrypted Packet[2] Handshake(22) with length: 365
|<3>| HSK[0x24e4120]: SERVER KEY EXCHANGE was received. Length 361[361],
frag offset 0, frag length: 361, sequence: 0
|<3>| HSK[0x24e4120]: Selected ECC curve SECP192R1 (5)
|<3>| HSK[0x24e4120]: verify handshake data: using RSA-SHA256
|<2>| ASSERT: signature.c:304
|<2>| ASSERT: gnutls_buffers.c:974
|<4>| REC[0x24e4120]: SSL 3.3 Handshake packet received. Epoch 0,
length: 16384
|<4>| REC[0x24e4120]: Expected Packet Handshake(22)
|<4>| REC[0x24e4120]: Received Packet Handshake(22) with length: 16384
|<4>| REC[0x24e4120]: Decrypted Packet[3] Handshake(22) with length: 16384
|<3>| HSK[0x24e4120]: CERTIFICATE REQUEST was received. Length
17025[16380], frag offset 0, frag length: 17025, sequence: 0
|<2>| ASSERT: gnutls_buffers.c:819
|<2>| ASSERT: gnutls_buffers.c:1031
|<2>| ASSERT: gnutls_handshake.c:1269
|<2>| ASSERT: gnutls_handshake.c:2515
*** Fatal error: A TLS packet with unexpected length was received.
|<4>| REC: Sending Alert[2|22] - Record overflow
|<4>| REC[0x24e4120]: Preparing Packet Alert(21) with length: 2
|<9>| ENC[0x24e4120]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
|<4>| REC[0x24e4120]: Sent Packet[2] Alert(21) in epoch 0 and length: 7
*** Handshake has failed
GnuTLS error: A TLS packet with unexpected length was received.
|<4>| REC[0x24e4120]: Start of epoch cleanup
|<4>| REC[0x24e4120]: End of epoch cleanup
|<4>| REC[0x24e4120]: Epoch #0 freed
|<4>| REC[0x24e4120]: Epoch #1 freed
Processed 141 CA certificate(s).
Resolving 'localhost'...
Connecting to '127.0.0.1:5556'...
- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- The hostname in the certificate does NOT match 'localhost'
*** Verifying server certificate failed...


-- 
Janne Snabb / EPIPE Communications
snabb at epipe.com - http://epipe.com/




More information about the Gnutls-help mailing list