Hi, I try since some hours deploy a webdav server using apache under ubuntu 12.4 using client certificates.
I already setup apache+webdav and I can access it through firefox using the client certificate. Now I want to use davfs2 which use gnutls but it exits with an gnutls error (handshake failed, no details) I tried with gnutls-cli and I also get an error (with more details), but I am not able to understand it (or what is incorrect). gnutls-cli -d 9 --x509cafile ca.crt --x509keyfile client.key --x509certfile client.crt -p 443 myserver Processed 1 CA certificate(s). Processed 1 client certificates... Processed 1 client X.509 certificates... Resolving 'myserver'... Connecting to '192.168.1.10:443'... |<4>| REC[0x1495a80]: Allocating epoch #0 |<2>| ASSERT: gnutls_constate.c:695 |<4>| REC[0x1495a80]: Allocating epoch #1 |<3>| HSK[0x1495a80]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1 |<3>| HSK[0x1495a80]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA256 |<3>| HSK[0x1495a80]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1 |<3>| HSK[0x1495a80]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1 |<3>| HSK[0x1495a80]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA256 |<3>| HSK[0x1495a80]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1 |<3>| HSK[0x1495a80]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1 |<3>| HSK[0x1495a80]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1 |<3>| HSK[0x1495a80]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA256 |<3>| HSK[0x1495a80]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1 |<3>| HSK[0x1495a80]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1 |<3>| HSK[0x1495a80]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA256 |<3>| HSK[0x1495a80]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1 |<3>| HSK[0x1495a80]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1 |<3>| HSK[0x1495a80]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1 |<3>| HSK[0x1495a80]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1 |<3>| HSK[0x1495a80]: Keeping ciphersuite: RSA_AES_128_CBC_SHA256 |<3>| HSK[0x1495a80]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1 |<3>| HSK[0x1495a80]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1 |<3>| HSK[0x1495a80]: Keeping ciphersuite: RSA_AES_256_CBC_SHA256 |<3>| HSK[0x1495a80]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1 |<3>| HSK[0x1495a80]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1 |<3>| HSK[0x1495a80]: Keeping ciphersuite: RSA_ARCFOUR_SHA1 |<3>| HSK[0x1495a80]: Keeping ciphersuite: RSA_ARCFOUR_MD5 |<2>| EXT[0x1495a80]: Sending extension SERVER NAME (19 bytes) |<2>| EXT[0x1495a80]: Sending extension SAFE RENEGOTIATION (1 bytes) |<2>| EXT[0x1495a80]: Sending extension SESSION TICKET (0 bytes) |<2>| EXT[SIGA]: sent signature algo (4.2) DSA-SHA256 |<2>| EXT[SIGA]: sent signature algo (4.1) RSA-SHA256 |<2>| EXT[SIGA]: sent signature algo (2.1) RSA-SHA1 |<2>| EXT[SIGA]: sent signature algo (2.2) DSA-SHA1 |<2>| EXT[0x1495a80]: Sending extension SIGNATURE ALGORITHMS (10 bytes) |<3>| HSK[0x1495a80]: CLIENT HELLO was sent [139 bytes] |<4>| REC[0x1495a80]: Sending Packet[0] Handshake(22) with length: 139 |<4>| REC[0x1495a80]: Sent Packet[1] Handshake(22) with length: 144 |<4>| REC[0x1495a80]: Expected Packet[0] Handshake(22) with length: 1 |<4>| REC[0x1495a80]: Received Packet[0] Alert(21) with length: 2 |<4>| REC[0x1495a80]: Decrypted Packet[0] Alert(21) with length: 2 |<4>| REC[0x1495a80]: Alert[1|112] - The server name sent was not recognized - was received |<2>| ASSERT: gnutls_record.c:726 |<2>| ASSERT: gnutls_record.c:1122 *** Non fatal error: A TLS warning alert has been received. *** Received alert [112]: The server name sent was not recognized |<4>| REC[0x1495a80]: Expected Packet[1] Handshake(22) with length: 1 |<4>| REC[0x1495a80]: Received Packet[1] Handshake(22) with length: 57 |<4>| REC[0x1495a80]: Decrypted Packet[1] Handshake(22) with length: 57 |<3>| HSK[0x1495a80]: SERVER HELLO was received [57 bytes] |<3>| HSK[0x1495a80]: Server's version: 3.3 |<3>| HSK[0x1495a80]: SessionID length: 0 |<3>| HSK[0x1495a80]: SessionID: 00 |<3>| HSK[0x1495a80]: Selected cipher suite: DHE_RSA_AES_128_CBC_SHA1 |<2>| EXT[0x1495a80]: Parsing extension 'SERVER NAME/0' (0 bytes) |<2>| EXT[0x1495a80]: Parsing extension 'SAFE RENEGOTIATION/65281' (1 bytes) |<2>| EXT[0x1495a80]: Parsing extension 'SESSION TICKET/35' (0 bytes) |<3>| HSK[0x1495a80]: Safe renegotiation succeeded |<4>| REC[0x1495a80]: Expected Packet[2] Handshake(22) with length: 1 |<4>| REC[0x1495a80]: Received Packet[2] Handshake(22) with length: 2510 |<4>| REC[0x1495a80]: Decrypted Packet[2] Handshake(22) with length: 2510 |<3>| HSK[0x1495a80]: CERTIFICATE was received [2510 bytes] |<2>| ASSERT: ext_signature.c:388 |<2>| ASSERT: ext_signature.c:388 |<2>| ASSERT: mpi.c:609 |<2>| ASSERT: dn.c:1209 |<4>| REC[0x1495a80]: Expected Packet[3] Handshake(22) with length: 1 |<4>| REC[0x1495a80]: Received Packet[3] Handshake(22) with length: 527 |<4>| REC[0x1495a80]: Decrypted Packet[3] Handshake(22) with length: 527 |<3>| HSK[0x1495a80]: SERVER KEY EXCHANGE was received [527 bytes] |<3>| HSK[0x1495a80]: verify handshake data: using RSA-SHA256 |<2>| ASSERT: ext_signature.c:388 |<4>| REC[0x1495a80]: Expected Packet[4] Handshake(22) with length: 1 |<4>| REC[0x1495a80]: Received Packet[4] Handshake(22) with length: 97 |<4>| REC[0x1495a80]: Decrypted Packet[4] Handshake(22) with length: 97 |<3>| HSK[0x1495a80]: CERTIFICATE REQUEST was received [93 bytes] |<2>| EXT[SIGA]: rcvd signature algo (6.1) RSA-SHA512 |<2>| EXT[SIGA]: rcvd signature algo (6.2) GOST R 34.10-94 |<2>| EXT[SIGA]: rcvd signature algo (6.3) GOST R 34.10-94 |<2>| EXT[SIGA]: rcvd signature algo (5.1) RSA-SHA384 |<2>| EXT[SIGA]: rcvd signature algo (5.2) GOST R 34.10-94 |<2>| EXT[SIGA]: rcvd signature algo (5.3) GOST R 34.10-94 |<2>| EXT[SIGA]: rcvd signature algo (4.1) RSA-SHA256 |<2>| EXT[SIGA]: rcvd signature algo (4.2) DSA-SHA256 |<2>| EXT[SIGA]: rcvd signature algo (4.3) GOST R 34.10-94 |<2>| EXT[SIGA]: rcvd signature algo (3.1) RSA-SHA224 |<2>| EXT[SIGA]: rcvd signature algo (3.2) DSA-SHA224 |<2>| EXT[SIGA]: rcvd signature algo (3.3) GOST R 34.10-94 |<2>| EXT[SIGA]: rcvd signature algo (2.1) RSA-SHA1 |<2>| EXT[SIGA]: rcvd signature algo (2.2) DSA-SHA1 |<2>| EXT[SIGA]: rcvd signature algo (2.3) GOST R 34.10-94 |<2>| EXT[SIGA]: rcvd signature algo (1.1) RSA-MD5 |<3>| HSK[0x1495a80]: SERVER HELLO DONE was received [4 bytes] |<3>| HSK[0x1495a80]: CERTIFICATE was sent [1137 bytes] |<3>| HSK[0x1495a80]: CLIENT KEY EXCHANGE was sent [134 bytes] |<2>| sign handshake cert vrfy: picked RSA-SHA512 with SHA512 |<2>| ASSERT: gnutls_sig.c:630 |<2>| ASSERT: auth_cert.c:1562 |<2>| ASSERT: gnutls_kx.c:336 |<2>| ASSERT: gnutls_handshake.c:2833 *** Fatal error: GnuTLS internal error. |<4>| REC: Sending Alert[2|80] - Internal error |<4>| REC[0x1495a80]: Sending Packet[1] Alert(21) with length: 2 |<4>| REC[0x1495a80]: Sent Packet[2] Alert(21) with length: 7 *** Handshake has failed GnuTLS error: GnuTLS internal error. |<4>| REC[0x1495a80]: Epoch #0 freed |<4>| REC[0x1495a80]: Epoch #1 freed Using "openssl client -connect ..." I am able to connect apache with the client certificate and execute a GET request. I only found one post refering to unimplemented SHA512 in gnutls. Is that the reason? Best regards, Frederic
_______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
