Package: libgnutls11
Version: 1.0.16-13.1
Severity: normal
When using a non-blocking socket (created by the socket() call)_gnutls_read
fails with EAGAIN which propagates up the call stack accompanied by the
following assertions. Where upon in gnutls_recv_client_cert it gets
converted to GNUTLS_E_NO_CERTIFICATE if CERT_REQUIRE is set. However the
client hasn't had anywhere near enough time to send the certificate.
Debug output from gnutls:
ASSERT: gnutls_buffers.c:231
ASSERT: gnutls_buffers.c:888
ASSERT: gnutls_handshake.c:851
ASSERT: gnutls_kx.c:473
ASSERT: gnutls_handshake.c:2254
Thus either this should be well documented as a fundamental flaw of GnuTLS
(i.e. it does not fully support non-blocking sockets) or patched to
propagate GNUTLS_E_AGAIN to the caller of gnutls_handshake instead of
E_NO_CERTIFICATE, so the caller can decide when to abandon the quest for a
client certificate. I haven't checked whether receiveing another header that
isn't a cert causes an appropriate failiure, if we just naively pass E_AGAIN
back up the stack.
(Posted on behalf of Ian Abel, [EMAIL PROTECTED])
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.11.9-p2-smp-1
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Versions of packages libgnutls11 depends on:
ii libc6 2.3.5-6 GNU C Library: Shared libraries an
ii libgcrypt11 1.2.1-4 LGPL Crypto library - runtime libr
ii libgpg-error0 1.1-4 library for common error values an
ii liblzo1 1.08-2 data compression library
ii libopencdk8 0.5.7-2 Open Crypto Development Kit (OpenC
ii libtasn1-2 0.2.13-1 Manage ASN.1 structures (runtime)
ii zlib1g 1:1.2.3-4 compression library - runtime
libgnutls11 recommends no packages.
-- debconf-show failed
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
