Author: Phil Pennock Date: To: Janne Snabb CC: exim-users Subject: Re: [exim] Exim 4.80 RC6 + GnuTLS more issues
On 2012-05-29 at 20:16 +0700, Janne Snabb wrote: > On 2012-05-27 22:27, Phil Pennock wrote:
> > I have uploaded Exim 4.80 RC6 to:
>
> Hi again,
>
> I am seeing some GnuTLS 3.0.x issues which I am unable to reproduce when
> using GnuTLS 2.x. This could be a GnuTLS bug.
Argh, this came in just after I sent out the RC7 announcement. :( The
referenced bug-report in that announcement was *not* you.
> TLS: no client certificate specified; okay
> TLS: tls_verify_certificates not set or empty, ignoring
Okay, no client cert to send ...
> GnuTLS<3>: HSK[0x1751460]: SERVER KEY EXCHANGE was received. Length
> 313[313], frag offset 0, frag length: 313, sequence: 0
> GnuTLS<3>: HSK[0x1751460]: Selected ECC curve SECP192R1 (5)
> GnuTLS<3>: HSK[0x1751460]: verify handshake data: using RSA-SHA256
> GnuTLS<2>: ASSERT: signature.c:304
> GnuTLS<2>: ASSERT: gnutls_buffers.c:974
> GnuTLS<4>: REC[0x1751460]: SSL 3.3 Handshake packet received. Epoch 0,
> length: 16384
> GnuTLS<4>: REC[0x1751460]: Expected Packet Handshake(22)
> GnuTLS<4>: REC[0x1751460]: Received Packet Handshake(22) with length: 16384
> GnuTLS<4>: REC[0x1751460]: Decrypted Packet[3] Handshake(22) with
> length: 16384
> GnuTLS<3>: HSK[0x1751460]: CERTIFICATE REQUEST was received. Length
> 18880[16380], frag offset 0, frag length: 18880, sequence: 0
> GnuTLS<2>: ASSERT: gnutls_buffers.c:819
> GnuTLS<2>: ASSERT: gnutls_buffers.c:1031
> GnuTLS<2>: ASSERT: gnutls_handshake.c:1269
> GnuTLS<2>: ASSERT: gnutls_handshake.c:2515
> LOG: MAIN
> TLS error on connection to angkar.epipe.com [174.34.144.197]
> (gnutls_handshake): A TLS packet with unexpected length was received.
So the client is refusing to reply to the server and isn't even getting
to where the server might see that no certificate was sent, but is
aborting before that.
If you convert your ca-certificates.crt file to DER form, does it work
out to be somewhere around 18880 bytes long? (There will be some proto
overhead in TLS too).
Suspiciously, the maximum size of a TLS record is 2^14 octets, or 16K.
If you take a bunch of certs out of the certificates file to shrink it,
so that it comes down to fit inside a single TLS record, does the
GnuTLS 3 client succeed?
If that works, then I think it's a GnuTLS bug. No idea if it's how
GnuTLS2 constructs the fragmented CA cert list across the two records,
or GnuTLS3 decode.