Maiku cmaiku at
Mon Mar 31 09:14:58 CEST 2008

I discovered that if you try to connect to with GNU TLS (I
used gnutls-cli) and send any data to it, after a successful connection,
when it gets to the end of receiving a response to that data, it throws a
GNUTLS_E_UNEXPECTED_PACKET_LENGTH error. I tried the same test on another
SSL server ( and it worked fine, so I imagine it's
something that is doing specifically. I tested it with the
version of GNU TLS that comes with Ubuntu 7.10, 8.04 beta, and the
2.3.4source package from the GNU TLS site, and all of them had the
same results.

I went digging through the code and found that the problem seems to be in
gnutls_record.c in the function _gnutls_recv_int on line 899 (at least
that's the line in version 2.3.4). The line reads:

   if (ret < 0 && gnutls_error_is_fatal (ret) == 0)

I believe this should be changed to:

   if (gnutls_error_is_fatal (ret) == 0)

because the a return value of zero is not fatal, but as the code currently
reads it doesn't return (as I think it should).

I tried it and the change seemed to remedy my problem. I'm happy to
formalize a patch for it. Although I'm not not sure which format it should
be in, where to send it to, or if this post is sufficient.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20080331/aa3a8d3c/attachment.htm>

More information about the Gnutls-devel mailing list