[gnutls-help] error -24 GNUTLS_E_DECRYPTION_FAILED with two possible causes

Michel Briand michelbriand at free.fr
Mon Jan 26 13:07:57 CET 2015 

Hello,

I'm new to GnuTLS, cheers all.

I've a strange bug in a client/server application using GnuTLS 3.3.8-5
on Debian.

I use async (non-blocking) send/recv.

99% of my messages are ok.

But when I fork the server to proxy messages I got this strange error
on the read side. Having first successfully sent a message, the other
side (symetric = this is the same program) answers and it get the
error :

ret = -24
GNUTLS_E_DECRYPTION_FAILED
Decryption has failed

There is two possible causes : in each errno has a different value.

* 1st case: errno = 9

[13754|10] READ: Got 5 bytes from 0x9
[13754|10] READ: read 5 bytes from 0x9
[13754|10] RB: Have 0 bytes into buffer. Adding 5 bytes.
[13754|10] RB: Requested 5 bytes
[13754| 5] REC[0x89ee3c8]: SSL 3.3 Application Data packet received.
Epoch 0, length: 225
[13754| 5] REC[0x89ee3c8]: Expected Packet Application Data(23)
[13754| 5] REC[0x89ee3c8]: Received Packet Application Data(23) with
length: 225
[13754|10] READ: Got 225 bytes from 0x9
[13754|10] READ: read 225 bytes from 0x9
[13754|10] RB: Have 5 bytes into buffer. Adding 225 bytes.
[13754|10] RB: Requested 230 bytes
[13754| 3] ASSERT: gnutls_cipher.c:728
[13754| 3] ASSERT: gnutls_cipher.c:167
[13754| 3] ASSERT: gnutls_record.c:1245
[13754| 1] Discarded message[2] due to invalid decryption
[13754| 3] ASSERT: gnutls_record.c:1437
error: *** Fatal error: Decryption has failed.
error[9]: Bad file descriptor; reading from 9 [-24]

In the last message my program combines the ret error from gnutls (-24)
and errno (9, which may be irrelevant I don't know)

* 2nd case: errno = 115

[19569|10] READ: Got 5 bytes from 0x9
[19569|10] READ: read 5 bytes from 0x9
[19569|10] RB: Have 0 bytes into buffer. Adding 5 bytes.
[19569|10] RB: Requested 5 bytes
[19569| 5] REC[0x93913d8]: SSL 3.3 Application Data packet received.
Epoch 0, length: 225 [19569| 5] REC[0x93913d8]: Expected Packet
Application Data(23) [19569| 5] REC[0x93913d8]: Received Packet
Application Data(23) with length: 225 [19569|10] READ: Got 225 bytes
from 0x9 [19569|10] READ: read 225 bytes from 0x9
[19569|10] RB: Have 5 bytes into buffer. Adding 225 bytes.
[19569|10] RB: Requested 230 bytes
[19569| 3] ASSERT: gnutls_cipher.c:728
[19569| 3] ASSERT: gnutls_cipher.c:167
[19569| 3] ASSERT: gnutls_record.c:1245
[19569| 1] Discarded message[2] due to invalid decryption
[19569| 3] ASSERT: gnutls_record.c:1437
error: *** Fatal error: Decryption has failed.
error[115]: Operation now in progress; reading from 9 [-24]

In the last message my program combines the ret error from gnutls (-24)
and errno (115, which may be irrelevant I don't know).


The only Internet ressource I could found related to that error is this
thread:
http://comments.gmane.org/gmane.emacs.gnus.general/83641

which tell about this patch:
https://projects.archlinux.org/svntogit/packages.git/commit/trunk/tls_fix.diff?h=packages/gnutls&id=bd985e895a39a755c350c7433a1edc1f8a0bd06e


Any help appreciated :) !

Best regards,
Michel

More information about the Gnutls-help mailing list