[Modules] mod_gnutls: any chance for TLS-PSK (previous msg was wrong!)
Hardy Griech
ntbox at mardys.de
Wed Nov 17 05:12:35 EST 2010
On 16.11.2010 09:46, Nikos Mavrogiannopoulos wrote:
:
> This is pretty strange. Could you send me the whole debug output of the
> server?
:
I admit, I'm confused...
I've tested two mod_gnutls setups: one with RSA key exchange, the other
with PSK. Test client for both cases is gnutls-cli. Command lines are
gnutls-cli --x509cafile ~/ssl/demoCA/cacert.pem --x509keyfile
~/ssl/client_key.pem --x509certfile ~/ssl/client_cert.pem --port 443
--insecure qnap110.fritz.box --debug 11
and
gnutls-cli -p 443 qnap110.fritz.box --pskusername psk_identity --pskkey
8a05f507da91c51c23e85309c046fd6aee17489b --debug 99
Both connections return the expected http, and _both_ end with a fatal
error:
RSA:
|<7>| READ: Got 0 bytes from 0x4
|<7>| READ: read 0 bytes from 0x4
|<7>| 0000 -
|<2>| ASSERT: gnutls_buffers.c:601
|<2>| ASSERT: gnutls_record.c:917
*** Fatal error: A TLS packet with unexpected length was received.
*** Server has terminated the connection abnormally.
random usage: poolsize=600 mixed=18 polls=25/57 added=314/8032
outmix=4 getlvl1=4/134 getlvl2=0/0
|<6>| BUF[HSK]: Cleared Data from buffer
PSK:
|<7>| READ: Got 0 bytes from 0x4
|<7>| READ: read 0 bytes from 0x4
|<7>| 0000 -
|<2>| ASSERT: gnutls_buffers.c:601
|<2>| ASSERT: gnutls_record.c:917
*** Fatal error: A TLS packet with unexpected length was received.
*** Server has terminated the connection abnormally.
random usage: poolsize=600 mixed=23 polls=25/112 added=587/12864
outmix=2 getlvl1=2/9 getlvl2=0/0
|<6>| BUF[HSK]: Cleared Data from buffer
With mod_gnutls 0.5.9 the RSA case returns the same error as above with
0.5.9 (RSA).
Nevertheless my test client for the RSA case works with mod_gnutls
without problems (even keep alive).
I will try to ignore the fatal error gnutls-cli returns and will modify
my own test client to do PSK-TLS.
Hardy
More information about the Modules
mailing list