On Friday 04 January 2008, Simon Josefsson wrote: > Simon Josefsson <[EMAIL PROTECTED]> writes: > >> It might be possible (judging from > >> https://www.ritlabs.com/bt/view.php?id=5785) that The Bat by default > >> refuses to talk TLS to a server presenting a self-signed certificate. > > > > I also note that it is possible to download trial versions of TheBat. > > If we can get a recipe to reproduce the problem using it, that would > > help a lot. > TheBat works under Wine, so I downloaded it and debugged this... FWIW, I > can reproduce the problem: > 2008-01-04 19:03:02 TLS error on connection from xxx.bredband.comhem.se > (mocca.local) [x.y.z.q] (gnutls_handshake): An error was encountered at the > TLS Finished packet calculation. > Using gnutls-serv, I get the connection debug log [1] below. TheBat > complains that the CA is untrusted, and I have to click continue. Then > it fails with the TLS Finished packet calculation error.
Could you try with different protocol/algorithm combinations? I think the output of connection with gnutls using SSL 3.0 and arcfour might be useful too. > However, if I start gnutls-serv with --disable-client-cert I get the > debug log [2] which is a successful TLS handshake! An idea might be that it doesn't insert the certificate request message to the handshake hash. Openssl has several compatibility options enabled by default and this might be one, but I am not sure, I only speculate! regards, Nikos -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
