GnuTLS recv error (-9): A TLS packet with unexpected length was received. - with Paypal Website Payment Pro

Dan Winship danw at gnome.org
Thu Feb 3 14:40:21 CET 2011


On 02/03/2011 07:21 AM, Nikos Mavrogiannopoulos wrote:
> Would having a special error code on this issue, such as
> GNUTLS_E_PREMATURE_TERMINATION
> make things better for applications?

Yes, although that should be part of the ABI break you were talking
about so it doesn't break people who expect to see
GNUTLS_E_UNEXPECTED_PACKET_LENGTH for that now.

Another case that currently gets "unexpected packet length" is if you
try to handshake with a peer that's not actually speaking TLS. It seems
like it wouldn't be hard for gnutls to notice that and return
"GNUTLS_E_NOT_TLS" or something in that case. (It only needs to do it
for the first packet received on the first handshake attempt.) This
would let things like "gnutls-cli -p 80 www.gnutls.org" (and equivalent
higher-level actions) fail with a better error message.

> PS. To Zachary... A suggestion would be to ignore that error.

Or, if you're using push/pull funcs, you can have the pull func set a
flag when it gets an EOF, and then later if you get
GNUTLS_E_UNEXPECTED_PACKET_LENGTH, check if you'd gotten an EOF. Then
that at least distinguishes "connection terminated prematurely" from
"the server suddenly started speaking gibberish".

-- Dan





More information about the Gnutls-devel mailing list