[Help-gnutls] gnutls-cli with compression against secure.cacert.org

help-gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Help-gnutls] gnutls-cli with compression against secure.cacert.org

From:	Simon Josefsson
Subject:	[Help-gnutls] gnutls-cli with compression against secure.cacert.org
Date:	Mon, 05 Mar 2007 16:20:54 +0100
User-agent:	Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.94 (gnu/linux)

I tried to talk with secure.cacert.org using my cacert
key/certificate, but it doesn't seem to work reliably unless I disable
compression.

The typical errors is:

address@hidden:~/src/gnutls/src$ ./gnutls-cli secure.cacert.org --x509keyfile 
~/self/certs/cacert.key --x509certfile ~/self/certs/cacert.pem --x509cafile 
~/self/certs/cacert-ca.pem
Processed 1 CA certificate(s).
Processed 1 client certificates...
Processed 1 client X.509 certificates...
Resolving 'secure.cacert.org'...
Connecting to '91.112.11.212:443'...
*** Fatal error: A TLS fatal alert has been received.
*** Received alert [20]: Bad record MAC
*** Handshake has failed
GNUTLS ERROR: A TLS fatal alert has been received.
address@hidden:~/src/gnutls/src$

The workaround is of course to add '--comp null'.

If anyone has time to debug this, that would be useful.

/Simon

[Prev in Thread]

Current Thread

[Next in Thread]

[Help-gnutls] gnutls-cli with compression against secure.cacert.org, Simon Josefsson <=

Prev by Date: [Help-gnutls] Re: SMTP TLS & Thunderbird
Next by Date: [Help-gnutls] Re: SMTP TLS & Thunderbird
Previous by thread: [Help-gnutls] Re: SMTP TLS & Thunderbird
Next by thread: [Help-gnutls] Libtasn1 0.3.9
Index(es):
- Date
- Thread