[gnutls-help] No supported cipher suites have been found.

Sun Dec 13 20:17:56 CET 2015

After patching openpgp_auth.c to work with the new example keys, it
exhibits the same using master key message.

On Sun, Dec 13, 2015 at 12:26 PM, Mike Mestnik
<cheako+gnutls at mikemestnik.net> wrote:
> On Sun, Dec 13, 2015 at 10:41 AM, Nikos Mavrogiannopoulos
> <nmav at gnutls.org> wrote:
>> On Sat, 2015-12-12 at 17:29 -0600, Mike Mestnik wrote:
>>> Still chipping away at this and I've found a way to get more
>>> information.
>>>
>>> Here is the Client Hello I'm sending:
>>> Data::Hexdumper: data length isn't an integer multiple of lines
>>> so has been padded with NULLs at the end.
>>
>> I'd suggest to try to make the minimal program needed to replicate that
>> behavior you see. I referred you to the test programs because they are
>> small programs that utilize openpgp authentication. You can also start
>> from the examples in the documentation.
>>
> I'll work on this.
>
> One issue with the test is that it uses sockpair and fork to connect
> the client and server, so it'll require some doing to be able to test
> this against another server or client.
>
>>> [ 4718| 9] Signing using master PGP key
>>> [ 4718| 3] ASSERT: privkey.c:1230
>>
>> That's already a hint. Have you tried specifying the exact subkey to
>> use for signing?
>>
> I'm copying the command line example, keys and all.  This includes
> using gnutls_certificate_set_openpgp_key_file and thus the master PGP
> key.
>
> The reason to copy this example is that it was simple to connect it's
> client portion to the server I'm working on.
>
>> regards,
>> Nikos
>>
>>
-------------- next part --------------

diff --git a/example/openpgp-auth.c b/example/openpgp-auth.c
index 1ce29bd..e2a8a22 100644
--- a/example/openpgp-auth.c
+++ b/example/openpgp-auth.c
@@ -81,12 +81,11 @@ void check_loaded_key(gnutls_certificate_credentials_t cred)
 	if (err != 0)
 		fail("get openpgp key %s\n",
 		     gnutls_strerror(err));
-
 #if GNUTLS_VERSION_NUMBER >= 0x030400
 	gnutls_openpgp_privkey_get_subkey_id(key, 0, keyid);
-	if (keyid[0] != 0xf3 || keyid[1] != 0x0f || keyid[2] != 0xd4 || keyid[3] != 0x23 ||
-	    keyid[4] != 0xc1 || keyid[5] != 0x43 || keyid[6] != 0xe7 || keyid[7] != 0xba)
-		fail("incorrect key id (privkey)\n");
+	if (keyid[0] != 0x83 || keyid[1] != 0x7b || keyid[2] != 0x6f || keyid[3] != 0xb4 ||
+	    keyid[4] != 0x2e || keyid[5] != 0x0f || keyid[6] != 0xe1 || keyid[7] != 0x76)
+		fail("\n\nincorrect key id (privkey)\n");
 
 	err = gnutls_certificate_get_openpgp_crt(cred, 0, &crts, &n_crts);
 	if (err != 0)
@@ -98,8 +97,8 @@ void check_loaded_key(gnutls_certificate_credentials_t cred)
 		fail("openpgp n_crts != 1\n");
 
 	gnutls_openpgp_crt_get_subkey_id(crts[0], 0, keyid);
-	if (keyid[0] != 0xf3 || keyid[1] != 0x0f || keyid[2] != 0xd4 || keyid[3] != 0x23 ||
-	    keyid[4] != 0xc1 || keyid[5] != 0x43 || keyid[6] != 0xe7 || keyid[7] != 0xba)
+	if (keyid[0] != 0x83 || keyid[1] != 0x7b || keyid[2] != 0x6f || keyid[3] != 0xb4 ||
+	    keyid[4] != 0x2e || keyid[5] != 0x0f || keyid[6] != 0xe1 || keyid[7] != 0x76)
 		fail("incorrect key id (pubkey)\n");
 
 	for (i = 0; i < n_crts; ++i)
@@ -126,10 +125,10 @@ void doit(void)
 		else if (i == 2)
 			key_id = "auto";	/* test auto */
 		else if (i >= 3)
-			key_id = "f30fd423c143e7ba";
+			key_id = "837b6fb42e0fe176";
 
 		if (debug) {
-			gnutls_global_set_log_level(5);
+			gnutls_global_set_log_level(9999);
 			gnutls_global_set_log_function(log_message);
 		}
 
@@ -172,11 +171,11 @@ void doit(void)
 
 			if (i == 0)	/* we use the primary key which is RSA. Test the RSA ciphersuite */
 				gnutls_priority_set_direct(session,
-							   "NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+RSA:+CTYPE-OPENPGP",
+							   "NORMAL:+CTYPE-OPENPGP",
 							   NULL);
 			else
 				gnutls_priority_set_direct(session,
-							   "NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+DHE-RSA:+CTYPE-OPENPGP",
+							   "NORMAL:+CTYPE-OPENPGP",
 							   NULL);
 			gnutls_transport_set_int(session, sockets[0]);
 
@@ -257,7 +256,7 @@ void doit(void)
 				fail("server session %d\n", err);
 
 			gnutls_priority_set_direct(session,
-						   "NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+DHE-RSA:+RSA:+CTYPE-OPENPGP",
+						   "NORMAL:+CTYPE-OPENPGP",
 						   NULL);
 			gnutls_transport_set_int(session, sockets[1]);
 
