my apologies, but i"m concerned of my privacy . this is my spambox address, i don't like to post my web server addresses. and also this information will be publicly available and debian servers forever.
in this configuration there are two ports 8001 and 8002. difference is different "servername" directive in apache conf and listening port. certificate is same for both. in port 8001 servername is set to "mycomp". in port 8002 servername is set to "example.tld" matching to the dns name. in my tests gnutls-cli works fine when --insecure was used. i noticed one difference in gnutls connections.. *** Non fatal error: A TLS warning alert has been received. *** Received alert [112]: The server name sent was not recognized what i can figure gnutls doesn't have problem but it seems wget takes this non- fatal error too seriously. it's possible replicate these results using http server, putting ssl on, creating self-sign certificate and switch servername directive to match/dismatch to hostname/dns-name in wget (wget https://localhost). $ wget -d https://example.tld:8001 DEBUG output created by Wget 1.14 on linux-gnu. URI encoding = ?UTF-8? --2012-09-09 12:38:06-- https://example.tld:8001/ Resolving example.tld (example.tld)... 257.257.257.257 Caching example.tld => 257.257.257.257 Connecting to example.tld (example.tld)|257.257.257.257|:8001... connected. Created socket 4. Releasing 0x0000000002df4aa0 (new refcount 1). GnuTLS: A TLS warning alert has been received. Closed fd 4 Unable to establish SSL connection. $ wget --no-check-certificate -d https://example.tld:8001 DEBUG output created by Wget 1.14 on linux-gnu. URI encoding = ?UTF-8? --2012-09-09 13:30:06-- https://example.tld:8001/ Resolving example.tld (example.tld)... 257.257.257.257 Caching example.tld => 257.257.257.257 Connecting to example.tld (example.tld)|257.257.257.257|:8001... connected. Created socket 4. Releasing 0x0000000001b65a60 (new refcount 1). GnuTLS: A TLS warning alert has been received. Closed fd 4 Unable to establish SSL connection. $ gnutls-cli -d 5 example.tld -p 8001 |<2>| p11: loaded provider 'gnome-keyring-module' with 0 slots |<2>| ASSERT: pkcs11.c:459 Processed 152 CA certificate(s). Resolving 'example.tld'... Connecting to '257.257.257.257:8001'... |<4>| REC[0x96fdc0]: Allocating epoch #0 |<2>| ASSERT: gnutls_constate.c:717 |<4>| REC[0x96fdc0]: Allocating epoch #1 |<3>| HSK[0x96fdc0]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA1 (C0.09) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA256 (C0. 23) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_GCM_SHA256 (C0. 2B) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA1 (C0.0A) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA384 (C0. 24) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_GCM_SHA384 (C0. 2C) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: ECDHE_ECDSA_3DES_EDE_CBC_SHA1 (C0.08) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA1 (C0.13) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA256 (C0.27) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: ECDHE_RSA_AES_128_GCM_SHA256 (C0.2F) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA1 (C0.14) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: ECDHE_RSA_AES_256_GCM_SHA384 (C0.30) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: ECDHE_RSA_3DES_EDE_CBC_SHA1 (C0.12) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1 (00.33) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA256 (00.67) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1 (00.45) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: DHE_RSA_AES_128_GCM_SHA256 (00.9E) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1 (00.39) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA256 (00.6B) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1 (00.88) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1 (00.16) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1 (00.32) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA256 (00.40) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1 (00.44) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: DHE_DSS_AES_128_GCM_SHA256 (00.A2) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1 (00.38) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA256 (00.6A) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1 (00.87) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1 (00.13) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1 (00.66) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1 (00.2F) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: RSA_AES_128_CBC_SHA256 (00.3C) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1 (00.41) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: RSA_AES_128_GCM_SHA256 (00.9C) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1 (00.35) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: RSA_AES_256_CBC_SHA256 (00.3D) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1 (00.84) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1 (00.0A) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: RSA_ARCFOUR_SHA1 (00.05) |<3>| HSK[0x96fdc0]: Keeping ciphersuite: RSA_ARCFOUR_MD5 (00.04) |<3>| EXT[0x96fdc0]: Sending extension SERVER NAME (15 bytes) |<3>| EXT[0x96fdc0]: Sending extension SAFE RENEGOTIATION (1 bytes) |<3>| EXT[0x96fdc0]: Sending extension SUPPORTED ECC (12 bytes) |<3>| EXT[0x96fdc0]: Sending extension SUPPORTED ECC POINT FORMATS (2 bytes) |<3>| EXT[0x96fdc0]: sent signature algo (4.1) RSA-SHA256 |<3>| EXT[0x96fdc0]: sent signature algo (4.2) DSA-SHA256 |<3>| EXT[0x96fdc0]: sent signature algo (4.3) ECDSA-SHA256 |<3>| EXT[0x96fdc0]: sent signature algo (5.1) RSA-SHA384 |<3>| EXT[0x96fdc0]: sent signature algo (5.3) ECDSA-SHA384 |<3>| EXT[0x96fdc0]: sent signature algo (6.1) RSA-SHA512 |<3>| EXT[0x96fdc0]: sent signature algo (6.3) ECDSA-SHA512 |<3>| EXT[0x96fdc0]: sent signature algo (3.1) RSA-SHA224 |<3>| EXT[0x96fdc0]: sent signature algo (3.2) DSA-SHA224 |<3>| EXT[0x96fdc0]: sent signature algo (3.3) ECDSA-SHA224 |<3>| EXT[0x96fdc0]: sent signature algo (2.1) RSA-SHA1 |<3>| EXT[0x96fdc0]: sent signature algo (2.2) DSA-SHA1 |<3>| EXT[0x96fdc0]: sent signature algo (2.3) ECDSA-SHA1 |<3>| EXT[0x96fdc0]: Sending extension SIGNATURE ALGORITHMS (28 bytes) |<3>| HSK[0x96fdc0]: CLIENT HELLO was queued [203 bytes] |<4>| REC[0x96fdc0]: Preparing Packet Handshake(22) with length: 203 |<4>| REC[0x96fdc0]: Sent Packet[1] Handshake(22) in epoch 0 and length: 208 |<2>| ASSERT: gnutls_buffers.c:976 |<4>| REC[0x96fdc0]: SSL 3.3 Alert packet received. Epoch 0, length: 2 |<4>| REC[0x96fdc0]: Expected Packet Handshake(22) |<4>| REC[0x96fdc0]: Received Packet Alert(21) with length: 2 |<4>| REC[0x96fdc0]: Decrypted Packet[0] Alert(21) with length: 2 |<4>| REC[0x96fdc0]: Alert[1|112] - The server name sent was not recognized - was received |<2>| ASSERT: gnutls_record.c:634 |<2>| ASSERT: gnutls_record.c:1118 |<2>| ASSERT: gnutls_buffers.c:1177 |<2>| ASSERT: gnutls_handshake.c:1284 *** Non fatal error: A TLS warning alert has been received. *** Received alert [112]: The server name sent was not recognized |<2>| ASSERT: gnutls_buffers.c:976 |<4>| REC[0x96fdc0]: SSL 3.3 Handshake packet received. Epoch 0, length: 85 |<4>| REC[0x96fdc0]: Expected Packet Handshake(22) |<4>| REC[0x96fdc0]: Received Packet Handshake(22) with length: 85 |<4>| REC[0x96fdc0]: Decrypted Packet[1] Handshake(22) with length: 85 |<3>| HSK[0x96fdc0]: SERVER HELLO was received. Length 81[81], frag offset 0, frag length: 81, sequence: 0 |<3>| HSK[0x96fdc0]: Server's version: 3.3 |<3>| HSK[0x96fdc0]: SessionID length: 32 |<3>| HSK[0x96fdc0]: SessionID: 65464657636534577653 |<3>| HSK[0x96fdc0]: Selected cipher suite: DHE_RSA_AES_128_CBC_SHA1 |<3>| HSK[0x96fdc0]: Selected compression method: NULL (0) |<3>| EXT[0x96fdc0]: Parsing extension 'SERVER NAME/0' (0 bytes) |<3>| EXT[0x96fdc0]: Parsing extension 'SAFE RENEGOTIATION/65281' (1 bytes) |<3>| HSK[0x96fdc0]: Safe renegotiation succeeded |<2>| ASSERT: gnutls_buffers.c:976 |<4>| REC[0x96fdc0]: SSL 3.3 Handshake packet received. Epoch 0, length: 846 |<4>| REC[0x96fdc0]: Expected Packet Handshake(22) |<4>| REC[0x96fdc0]: Received Packet Handshake(22) with length: 846 |<4>| REC[0x96fdc0]: Decrypted Packet[2] Handshake(22) with length: 846 |<3>| HSK[0x96fdc0]: CERTIFICATE was received. Length 842[842], frag offset 0, frag length: 842, sequence: 0 |<2>| ASSERT: verify.c:410 |<2>| ASSERT: verify.c:674 - Peer's certificate issuer is unknown - Peer's certificate is NOT trusted - The hostname in the certificate does NOT match 'example.tld' *** Verifying server certificate failed... |<2>| ASSERT: gnutls_kx.c:688 |<2>| ASSERT: gnutls_handshake.c:2517 *** Fatal error: Error in the certificate. - Certificate type: X.509 - Got a certificate list of 1 certificates. - Certificate[0] info: |<2>| ASSERT: dn.c:286 |<2>| ASSERT: dn.c:286 - subject `O=example,CN=example', issuer `O=example,CN=example', RSA key 2432 bits, signed using RSA-SHA256, activated `2012-04-02 12:26:14 UTC', expires `2017-09-23 12:27:50 UTC', SHA-1 fingerprint `7c38a56bd8037c537c7a6ee83b10565aff6c54d7' Public Key Id: d736c636cbfe73bca76365df373bc3764377c734 Public key's random art: +--[ RSA 2432]----+ | | | | | | | | | | | | | | | | | | +-----------------+ |<4>| REC: Sending Alert[2|42] - Certificate is bad |<4>| REC[0x96fdc0]: Preparing Packet Alert(21) with length: 2 |<4>| REC[0x96fdc0]: Sent Packet[2] Alert(21) in epoch 0 and length: 7 *** Handshake has failed GnuTLS error: Error in the certificate. |<4>| REC[0x96fdc0]: Start of epoch cleanup |<4>| REC[0x96fdc0]: End of epoch cleanup |<4>| REC[0x96fdc0]: Epoch #0 freed |<4>| REC[0x96fdc0]: Epoch #1 freed $ wget -d https://example.tld:8002 DEBUG output created by Wget 1.14 on linux-gnu. URI encoding = ?UTF-8? --2012-09-09 12:38:33-- https://example.tld:8002/ Resolving example.tld (example.tld)... 257.257.257.257 Caching example.tld => 257.257.257.257 Connecting to example.tld (example.tld)|257.257.257.257|:8002... connected. Created socket 4. Releasing 0x0000000002b54aa0 (new refcount 1). ERROR: The certificate of ?example.tld? is not trusted. ERROR: The certificate of ?example.tld? hasn't got a known issuer. The certificate's owner does not match hostname ?example.tld? $ wget --no-check-certificate -d https://example.tld:8002 DEBUG output created by Wget 1.14 on linux-gnu. URI encoding = ?UTF-8? --2012-09-09 13:30:09-- https://example.tld:8002/ Resolving example.tld (example.tld)... 257.257.257.257 Caching example.tld => 257.257.257.257 Connecting to example.tld (example.tld)|257.257.257.257|:8002... connected. Created socket 4. Releasing 0x0000000002f43a60 (new refcount 1). WARNING: The certificate of ?example.tld? is not trusted. WARNING: The certificate of ?example.tld? hasn't got a known issuer. The certificate's owner does not match hostname ?example.tld? ---request begin--- GET / HTTP/1.1 User-Agent: Wget/1.14 (linux-gnu) Accept: */* Host: example.tld:8002 Connection: Keep-Alive ---request end--- HTTP request sent, awaiting response... ---response begin--- HTTP/1.1 200 OK Date: Sun, 09 Sep 2012 13:31:33 GMT Server: Apache/2.2.22 (Debian) Vary: Accept-Encoding Content-Length: 1509 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html;charset=UTF-8 ---response end--- 200 OK Registered socket 4 for persistent reuse. URI content encoding = ?UTF-8? Length: 1509 (1.5K) [text/html] Saving to: ?index.html? 100% [==========================================================================================================>] 1,509 --.-K/s in 0.003s 2012-09-09 13:30:10 (549 KB/s) - ?index.html? saved [1509/1509] $ gnutls-cli -d 5 example.tld -p 8002 |<2>| p11: loaded provider 'gnome-keyring-module' with 0 slots |<2>| ASSERT: pkcs11.c:459 Processed 152 CA certificate(s). Resolving 'example.tld'... Connecting to '257.257.257.257:8002'... |<4>| REC[0x254bdc0]: Allocating epoch #0 |<2>| ASSERT: gnutls_constate.c:717 |<4>| REC[0x254bdc0]: Allocating epoch #1 |<3>| HSK[0x254bdc0]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA1 (C0.09) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA256 (C0. 23) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_GCM_SHA256 (C0. 2B) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA1 (C0.0A) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA384 (C0. 24) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_GCM_SHA384 (C0. 2C) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: ECDHE_ECDSA_3DES_EDE_CBC_SHA1 (C0. 08) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA1 (C0.13) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA256 (C0.27) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: ECDHE_RSA_AES_128_GCM_SHA256 (C0.2F) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA1 (C0.14) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: ECDHE_RSA_AES_256_GCM_SHA384 (C0.30) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: ECDHE_RSA_3DES_EDE_CBC_SHA1 (C0.12) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1 (00.33) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA256 (00.67) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1 (00.45) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: DHE_RSA_AES_128_GCM_SHA256 (00.9E) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1 (00.39) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA256 (00.6B) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1 (00.88) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1 (00.16) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1 (00.32) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA256 (00.40) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1 (00.44) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: DHE_DSS_AES_128_GCM_SHA256 (00.A2) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1 (00.38) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA256 (00.6A) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1 (00.87) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1 (00.13) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1 (00.66) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1 (00.2F) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: RSA_AES_128_CBC_SHA256 (00.3C) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1 (00.41) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: RSA_AES_128_GCM_SHA256 (00.9C) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1 (00.35) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: RSA_AES_256_CBC_SHA256 (00.3D) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1 (00.84) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1 (00.0A) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: RSA_ARCFOUR_SHA1 (00.05) |<3>| HSK[0x254bdc0]: Keeping ciphersuite: RSA_ARCFOUR_MD5 (00.04) |<3>| EXT[0x254bdc0]: Sending extension SERVER NAME (15 bytes) |<3>| EXT[0x254bdc0]: Sending extension SAFE RENEGOTIATION (1 bytes) |<3>| EXT[0x254bdc0]: Sending extension SUPPORTED ECC (12 bytes) |<3>| EXT[0x254bdc0]: Sending extension SUPPORTED ECC POINT FORMATS (2 bytes) |<3>| EXT[0x254bdc0]: sent signature algo (4.1) RSA-SHA256 |<3>| EXT[0x254bdc0]: sent signature algo (4.2) DSA-SHA256 |<3>| EXT[0x254bdc0]: sent signature algo (4.3) ECDSA-SHA256 |<3>| EXT[0x254bdc0]: sent signature algo (5.1) RSA-SHA384 |<3>| EXT[0x254bdc0]: sent signature algo (5.3) ECDSA-SHA384 |<3>| EXT[0x254bdc0]: sent signature algo (6.1) RSA-SHA512 |<3>| EXT[0x254bdc0]: sent signature algo (6.3) ECDSA-SHA512 |<3>| EXT[0x254bdc0]: sent signature algo (3.1) RSA-SHA224 |<3>| EXT[0x254bdc0]: sent signature algo (3.2) DSA-SHA224 |<3>| EXT[0x254bdc0]: sent signature algo (3.3) ECDSA-SHA224 |<3>| EXT[0x254bdc0]: sent signature algo (2.1) RSA-SHA1 |<3>| EXT[0x254bdc0]: sent signature algo (2.2) DSA-SHA1 |<3>| EXT[0x254bdc0]: sent signature algo (2.3) ECDSA-SHA1 |<3>| EXT[0x254bdc0]: Sending extension SIGNATURE ALGORITHMS (28 bytes) |<3>| HSK[0x254bdc0]: CLIENT HELLO was queued [203 bytes] |<4>| REC[0x254bdc0]: Preparing Packet Handshake(22) with length: 203 |<4>| REC[0x254bdc0]: Sent Packet[1] Handshake(22) in epoch 0 and length: 208 |<2>| ASSERT: gnutls_buffers.c:976 |<4>| REC[0x254bdc0]: SSL 3.3 Handshake packet received. Epoch 0, length: 85 |<4>| REC[0x254bdc0]: Expected Packet Handshake(22) |<4>| REC[0x254bdc0]: Received Packet Handshake(22) with length: 85 |<4>| REC[0x254bdc0]: Decrypted Packet[0] Handshake(22) with length: 85 |<3>| HSK[0x254bdc0]: SERVER HELLO was received. Length 81[81], frag offset 0, frag length: 81, sequence: 0 |<3>| HSK[0x254bdc0]: Server's version: 3.3 |<3>| HSK[0x254bdc0]: SessionID length: 32 |<3>| HSK[0x254bdc0]: SessionID: 953576535765dc4543bd456 |<3>| HSK[0x254bdc0]: Selected cipher suite: DHE_RSA_AES_128_CBC_SHA1 |<3>| HSK[0x254bdc0]: Selected compression method: NULL (0) |<3>| EXT[0x254bdc0]: Parsing extension 'SERVER NAME/0' (0 bytes) |<3>| EXT[0x254bdc0]: Parsing extension 'SAFE RENEGOTIATION/65281' (1 bytes) |<3>| HSK[0x254bdc0]: Safe renegotiation succeeded |<2>| ASSERT: gnutls_buffers.c:976 |<4>| REC[0x254bdc0]: SSL 3.3 Handshake packet received. Epoch 0, length: 846 |<4>| REC[0x254bdc0]: Expected Packet Handshake(22) |<4>| REC[0x254bdc0]: Received Packet Handshake(22) with length: 846 |<4>| REC[0x254bdc0]: Decrypted Packet[1] Handshake(22) with length: 846 |<3>| HSK[0x254bdc0]: CERTIFICATE was received. Length 842[842], frag offset 0, frag length: 842, sequence: 0 |<2>| ASSERT: verify.c:410 |<2>| ASSERT: verify.c:674 - Peer's certificate issuer is unknown - Peer's certificate is NOT trusted - The hostname in the certificate does NOT match 'example.tld' *** Verifying server certificate failed... |<2>| ASSERT: gnutls_kx.c:688 |<2>| ASSERT: gnutls_handshake.c:2517 *** Fatal error: Error in the certificate. - Certificate type: X.509 - Got a certificate list of 1 certificates. - Certificate[0] info: |<2>| ASSERT: dn.c:286 |<2>| ASSERT: dn.c:286 - subject `O=example,CN=example', issuer `O=example,CN=example', RSA key 2432 bits, signed using RSA-SHA256, activated `2012-04-02 12:26:14 UTC', expires `2017-09-23 12:27:50 UTC', SHA-1 fingerprint `7c38a56bd8037c537c7a6ee83b10565aff6c54d7' Public Key Id: d736c636cbfe73bca76365df373bc3764377c734 Public key's random art: +--[ RSA 2432]----+ | | | | | | | | | | | | | | | | | | +-----------------+ |<4>| REC: Sending Alert[2|42] - Certificate is bad |<4>| REC[0x254bdc0]: Preparing Packet Alert(21) with length: 2 |<4>| REC[0x254bdc0]: Sent Packet[2] Alert(21) in epoch 0 and length: 7 *** Handshake has failed GnuTLS error: Error in the certificate. |<4>| REC[0x254bdc0]: Start of epoch cleanup |<4>| REC[0x254bdc0]: End of epoch cleanup |<4>| REC[0x254bdc0]: Epoch #0 freed |<4>| REC[0x254bdc0]: Epoch #1 freed -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
