On Jul 28 15:28:48, Antoine Jacoutot wrote: > On Sat, Jul 28, 2012 at 02:14:41PM +0100, Stuart Henderson wrote: > > On 2012/07/28 13:48, Jan Stary wrote: > > > > > > gnutls_handshake failed -110 fatal 1 GNUTLS version is too old > > > to provide human readable error. > > > > > > I am not very proficient in the ways of TLS, so please bare with me. > > > Is this one error (namely, that my GNUTLS is too old to make a handshake), > > > or two separate errors (namely, that the handshake failed, and moreover, > > > it cannot provide a readable error)? > > > > I think you should forget about debugging in the browser and move to the > > simpler tools, > > > > $ gnutls-cli --x509cafile /etc/ssl/cert.pem cz.mbank.eu > > Processed 36 CA certificate(s). > > Resolving 'cz.mbank.eu'... > > Connecting to '193.41.230.85:443'... > > *** Fatal error: The TLS connection was non-properly terminated. > > No certificates found! > > *** Handshake has failed > > GnuTLS error: The TLS connection was non-properly terminated. > > > > So, as this basic gnutls tool also fails, there's no point trying to > > debug via a browser. > > > > If you turn on debugging in gnutls-cli you see that gnutls writes > > some data and then tries to read from the server but gets zero bytes > > back, I imagine the remote side didn't like something sent to it > > and dropped the connection.. Trying with --disable-extensions, same. > > Might be worth playing with different --priorities strings perhaps. > > > > Do you have another OS handy with a recent gnutls 3.x you can test > > to identify whether the problem is specific to OpenBSD or the port, > > or whether it's a general gnutls problem? > > > > If it affects other OS too, you're probably better off reporting > > it upstream. > > > ### gnutls 2.12.18 on OpenBSD > $ gnutls-cli --x509cafile /etc/ssl/cert.pem cz.mbank.eu > Processed 36 CA certificate(s). > Resolving 'cz.mbank.eu'... > Connecting to '193.41.230.85:443'... > *** Fatal error: A TLS packet with unexpected length was received. > *** Handshake has failed > GnuTLS error: A TLS packet with unexpected length was received. > > So it's not a regression. > > ### gnutls 3.0.21 on Arch Linux > $ gnutls-cli --x509cafile /etc/ssl/cert.pem cz.mbank.eu > Error setting the x509 trust file > Resolving 'cz.mbank.eu'... > Connecting to '193.41.230.85:443'... > *** Fatal error: The TLS connection was non-properly terminated. > No certificates found! > *** Handshake has failed > GnuTLS error: The TLS connection was non-properly terminated
# gnutls 2.8.6 on Debian $ gnutls-cli --x509cafile /etc/ssl/cert.pem cz.mbank.eu Error setting the x509 trust file Resolving 'cz.mbank.eu'... Connecting to '193.41.230.85:443'... *** Fatal error: A TLS packet with unexpected length was received. *** Handshake has failed GnuTLS error: A TLS packet with unexpected length was received. # gnutls 3.0.23 on OpenBSD ~$ gnutls-cli --x509cafile /etc/ssl/cert.pem cz.mbank.eu Processed 36 CA certificate(s). Resolving 'cz.mbank.eu'... Connecting to '193.41.230.85:443'... *** Fatal error: The TLS connection was non-properly terminated. No certificates found! *** Handshake has failed GnuTLS error: The TLS connection was non-properly terminated. # gnutls 3.1.1 on OpenBSD ~$ gnutls-cli --x509cafile /etc/ssl/cert.pem cz.mbank.eu Processed 36 CA certificate(s). Resolving 'cz.mbank.eu'... Connecting to '193.41.230.85:443'... *** Fatal error: Error in the pull function. No certificates found! *** Handshake has failed GnuTLS error: Error in the pull function. That's three different error messages. Does anyone please have a clue about what this means?
