GnuTLS recv error (-9): A TLS packet with unexpected length was received. - with Paypal Website Payment Pro

Dan Winship danw at
Thu Feb 3 14:40:21 CET 2011

On 02/03/2011 07:21 AM, Nikos Mavrogiannopoulos wrote:
> Would having a special error code on this issue, such as
> make things better for applications?

Yes, although that should be part of the ABI break you were talking
about so it doesn't break people who expect to see

Another case that currently gets "unexpected packet length" is if you
try to handshake with a peer that's not actually speaking TLS. It seems
like it wouldn't be hard for gnutls to notice that and return
"GNUTLS_E_NOT_TLS" or something in that case. (It only needs to do it
for the first packet received on the first handshake attempt.) This
would let things like "gnutls-cli -p 80" (and equivalent
higher-level actions) fail with a better error message.

> PS. To Zachary... A suggestion would be to ignore that error.

Or, if you're using push/pull funcs, you can have the pull func set a
flag when it gets an EOF, and then later if you get
GNUTLS_E_UNEXPECTED_PACKET_LENGTH, check if you'd gotten an EOF. Then
that at least distinguishes "connection terminated prematurely" from
"the server suddenly started speaking gibberish".

-- Dan

More information about the Gnutls-devel mailing list