[gnutls-help] error -24 GNUTLS_E_DECRYPTION_FAILED with two possible causes

michelbriand at free.fr michelbriand at free.fr
Mon Jan 26 19:45:02 CET 2015

> On Mon, 2015-01-26 at 15:57 +0100, michelbriand at free.fr wrote:
> > > Based on the error you see, I'd bet that you either receive or
> > > send
> > > by
> > > the parent when the child already exists.
> > Yes. Indeed.
> > The parent process send a last message on the socket before it is
> > given to the child.
> > Is it the cause of the error ?
> Yes, TLS is a stateful protocol. In that case you modify the state
> and
> then you continue from a previous state in the child. You have to
> send
> your last message either from the child itself, or before it is
> created.
> > In that case, what could I do to prevent it ?
> > For example in the child I could use a gnutls "reset" function ?
> I was thinking to add a function to serialize the session data and
> deserialize them on a different process, but I never got to finish
> it;
> so the answer is there is no reset function.
> regards,
> Nikos


waiting for your answer, very quick BTW, I've modified the logic 
in my program to create the child processes after all messages have 
been exchanged by parents. It works nicely.

Anyway, I think about your idea above.

Serialize the session data would be nice, but the hard task would
be to synchronize it between processes : that would go against the
very advantage of creating a child process (to not bother about

Is it possible to improve the documentation to help people 
not to fall into this pitfall in the future ?

Thank you very much !

More information about the Gnutls-help mailing list