SSL handshake fails between libcurl and libgnutls/MHD

Daniel Stenberg daniel at
Thu Jan 19 23:40:44 CET 2012

On Thu, 19 Jan 2012, Christian Grothoff wrote:

> One of our tests also provokes a failure by selecting incompatible versions 
> of the SSL protocol.  With older versions, that test produces ONCE:
> curl version: libcurl/7.21.3 GnuTLS/2.8.6 zlib/ libidn/1.18
> curl_easy_perform failed: `SSL connect error'
> Error: received handshake message out of context
> With the latest version, the two lines are repeated several times (and the 
> test now fails).

Can you try with only changing libcurl OR gnutls to see which change that 
introduces the problem?

> My guess right now is that there must have been some incompatible (!) 
> protocol change in gnutls with itself (!?) or a significant change in how 
> libcurl uses gnutls (i.e. change of supported ciphers, certificate checking, 
> etc.).

I know GnuTLS has changed default crypto backend which probably implies some 
amount of changes. libcurl has not changed the GnuTLS-layer code in any 
significant way in a long time AFAICS. Although I don't think that a bug 
necessarily needs a significant change to occur...

I've not seen or heard anyone else report about similar problems with 



More information about the Gnutls-devel mailing list