I tried to talk with secure.cacert.org using my cacert key/certificate, but it doesn't seem to work reliably unless I disable compression.
The typical errors is: [EMAIL PROTECTED]:~/src/gnutls/src$ ./gnutls-cli secure.cacert.org --x509keyfile ~/self/certs/cacert.key --x509certfile ~/self/certs/cacert.pem --x509cafile ~/self/certs/cacert-ca.pem Processed 1 CA certificate(s). Processed 1 client certificates... Processed 1 client X.509 certificates... Resolving 'secure.cacert.org'... Connecting to '91.112.11.212:443'... *** Fatal error: A TLS fatal alert has been received. *** Received alert [20]: Bad record MAC *** Handshake has failed GNUTLS ERROR: A TLS fatal alert has been received. [EMAIL PROTECTED]:~/src/gnutls/src$ The workaround is of course to add '--comp null'. If anyone has time to debug this, that would be useful. /Simon _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
