Interoperability issue with The Bat (Debian Bug #316522)

Nikos Mavrogiannopoulos nmav at
Tue Jan 8 20:19:15 CET 2008

On Friday 04 January 2008, Simon Josefsson wrote:
> Simon Josefsson <simon at> writes:
> >> It might be possible (judging from
> >> that The Bat by default
> >> refuses to talk TLS to a server presenting a self-signed certificate.
> >
> > I also note that it is possible to download trial versions of TheBat.
> > If we can get a recipe to reproduce the problem using it, that would
> > help a lot.
> TheBat works under Wine, so I downloaded it and debugged this... FWIW, I
> can reproduce the problem:
> 2008-01-04 19:03:02 TLS error on connection from
> (mocca.local) [x.y.z.q] (gnutls_handshake): An error was encountered at the
> TLS Finished packet calculation.
> Using gnutls-serv, I get the connection debug log [1] below.  TheBat
> complains that the CA is untrusted, and I have to click continue.  Then
> it fails with the TLS Finished packet calculation error.

Could you try with different protocol/algorithm combinations? I think the 
output of connection with gnutls using SSL 3.0 and arcfour might be useful 

> However, if I start gnutls-serv with --disable-client-cert I get the
> debug log [2] which is a successful TLS handshake!

An idea might be that it doesn't insert the certificate request message to the 
handshake hash. Openssl has several compatibility options enabled by default 
and this might be one, but I am not sure, I only speculate!


More information about the Gnutls-devel mailing list