[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnutls] client certificate authentication
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: [Help-gnutls] client certificate authentication |
Date: |
Mon, 19 Jan 2009 22:07:29 +0200 |
User-agent: |
Thunderbird 2.0.0.18 (X11/20081125) |
Tristan Hill wrote:
> I'm trying to troubleshoot the use of gnutls via libcurl in the apt
> https transport. Apt is configured to use a certificate for
> authentication. It works fine without trying to authenticate with a
> certificate (i.e. the server's certificate is verified OK)
>
> I have an apache test server configuration similar to that mentioned
> towards the end of
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480041 - "configured
> for per-location client cert auth".
>
> Attached is output of 'apt-get update' with libcurl recompiled to run
> gnutls_global_set_log_level(10).
>
> I guess things go wrong around:
>
> |<4>| REC[89c1dd0]: Short record length 10 > 16 - 20 (under attack?)
> Your advice appreciated.
Check the server log. The hint is:
|<4>| REC[89c1dd0]: Expected Packet[2] Handshake(22) with length: 1
|<4>| REC[89c1dd0]: Received Packet[2] Alert(21) with length: 32
for some reason the server sent an alert.
regards,
Nikos