[gnutls-dev] Re: Bug#134584: noch ein gnutls problem

Andrew McDonald andrew at mcdonald.org.uk
Thu Feb 21 20:51:01 CET 2002

I'm Cc'ing gnutls-dev on this to get some more ideas. (See
http://bugs.debian.org/134584 for info). Main symptom is a
"FATAL_ALERT_RECEIVED" - mutt now suggests RC4/ARCFOUR so that
shouldn't be the problem.

On Thu, Feb 21, 2002 at 06:36:17AM +0100, Martin Samuelsson wrote:
> On Tue, Feb 19, 2002 at 07:55:56PM +0000, Andrew McDonald wrote:
> > Next thing to try, does the server only accepts SSLv2 hellos?
> > (The server's broken if this is the case). Try connecting to the
> > IMAP/SSL port (tcp 993) with
> > openssl s_client -tls1 -connect host:port
> > to check this. (If this fails you might want to try -no_tls or -ssl2 as
> > well).
> as far as i can understand, it works ok.

Yes, that looks like TLS1 is OK for it.

> > Does the server have a DSS certificate? (Not supported in gnutls 0.3.5,
> > but will be in some future releases). If you control the server you
> > might be able to try:
> > openssl x509 -in certificate_file -text -noout
> I don't think I have the priviliges needed.

I thought the OpenSSL s_client connection might have shown whether it
was using RSA or DSS, but didn't. Anyway, try copying the certificate
sent as part of the exchange into a file and running openssl x509 on

> > Other testing is likely to require recompiling gnutls with debugging
> > enabled.
> Tell me what to do, and it'll be done.

Recompiling gnutls with some of the DEBUGs in lib/gnutls_int.h #defined
will print out lots of information. I think WRITE_DEBUG is probably the
main one of interest.

Andrew McDonald
E-mail: andrew at mcdonald.org.uk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: </pipermail/attachments/20020221/f1648ead/attachment.pgp>

More information about the Gnutls-devel mailing list