[gnutls-devel] interoperability issue 3.3.x vs. 3.5.5

Wed Oct 26 13:12:13 CEST 2016

Hello,

a gnutls server running 3.5.5 is not accessible by a client using GnuTLS
3.3.x. This popped up in Debian https://bugs.debian.org/841723 against
3.3.8 vs 3.5.5 but also applies to 3.3.25/3.5.5. It is reproducible with
gnutls-serv and gnutls-cli without any special options (just
--x509keyfile/--x509certfile).

git bisect finds 6b76e0c899b1ff08df9bd9b41588f771f050be89 as the first
bad commit.

the failing client (3.3.8) log ends with:
|<3>| ASSERT: gnutls_buffers.c:1104
|<10>| READ: Got 5 bytes from 0x4
|<10>| READ: read 5 bytes from 0x4
|<10>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<10>| RB: Requested 5 bytes
|<5>| REC[0x1ffb020]: SSL 3.3 Handshake packet received. Epoch 0, length: 445
|<5>| REC[0x1ffb020]: Expected Packet Handshake(22)
|<5>| REC[0x1ffb020]: Received Packet Handshake(22) with length: 445
|<10>| READ: Got 445 bytes from 0x4
|<10>| READ: read 445 bytes from 0x4
|<10>| RB: Have 5 bytes into buffer. Adding 445 bytes.
|<10>| RB: Requested 450 bytes
|<5>| REC[0x1ffb020]: Decrypted Packet[2] Handshake(22) with length: 445
|<13>| BUF[REC]: Inserted 445 bytes of Data(22)
|<4>| HSK[0x1ffb020]: SERVER KEY EXCHANGE (12) was received. Length 441[441], frag offset 0, frag length: 441, sequence: 0
|<3>| ASSERT: gnutls_buffers.c:1095
|<3>| ASSERT: gnutls_handshake.c:1428
|<3>| ASSERT: status_request.c:600
|<3>| ASSERT: gnutls_handshake.c:2728
*** Fatal error: An unexpected TLS handshake packet was received.
|<5>| REC: Sending Alert[2|10] - Unexpected message
|<5>| REC[0x1ffb020]: Preparing Packet Alert(21) with length: 2 and min pad: 0
|<9>| ENC[0x1ffb020]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
|<11>| WRITE: enqueued 7 bytes for 0x4. Total 7 bytes.
|<11>| WRITE FLUSH: 7 bytes in buffer.
|<11>| WRITE: wrote 7 bytes, 0 bytes left.
|<5>| REC[0x1ffb020]: Sent Packet[2] Alert(21) in epoch 0 and length: 7
*** Handshake has failed
GnuTLS error: An unexpected TLS handshake packet was received.
|<5>| REC[0x1ffb020]: Start of epoch cleanup
|<5>| REC[0x1ffb020]: End of epoch cleanup
|<5>| REC[0x1ffb020]: Epoch #0 freed
|<5>| REC[0x1ffb020]: Epoch #1 freed

Server side log:
|<5>| REC[0x55ce1ad22430]: SSL 3.3 Alert packet received. Epoch 0, length: 2
|<5>| REC[0x55ce1ad22430]: Expected Packet Handshake(22)
|<5>| REC[0x55ce1ad22430]: Received Packet Alert(21) with length: 2
|<10>| READ: Got 2 bytes from 0x5
|<10>| READ: read 2 bytes from 0x5
|<10>| RB: Have 5 bytes into buffer. Adding 2 bytes.
|<10>| RB: Requested 7 bytes
|<5>| REC[0x55ce1ad22430]: Decrypted Packet[1] Alert(21) with length: 2
|<5>| REC[0x55ce1ad22430]: Alert[2|10] - Unexpected message - was received
|<3>| ASSERT: record.c[record_add_to_buffers]:782
|<3>| ASSERT: record.c[record_add_to_buffers]:789
|<3>| ASSERT: record.c[_gnutls_recv_in_buffers]:1323
|<3>| ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1414
|<3>| ASSERT: handshake.c[_gnutls_recv_handshake]:1448
|<3>| ASSERT: handshake.c[handshake_server]:3277
Error in handshake
|<5>| REC: Sending Alert[2|80] - Internal error
|<5>| REC[0x55ce1ad22430]: Preparing Packet Alert(21) with length: 2 and min pad: 0
|<9>| ENC[0x55ce1ad22430]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
|<11>| WRITE: enqueued 7 bytes for 0x5. Total 7 bytes.
|<11>| WRITE FLUSH: 7 bytes in buffer.
|<11>| WRITE: wrote 7 bytes, 0 bytes left.
|<5>| REC[0x55ce1ad22430]: Sent Packet[6] Alert(21) in epoch 0 and length: 7
|<5>| REC[0x55ce1ad22430]: Start of epoch cleanup
|<5>| REC[0x55ce1ad22430]: End of epoch cleanup
|<5>| REC[0x55ce1ad22430]: Epoch #0 freed
|<5>| REC[0x55ce1ad22430]: Epoch #1 freed

Comparing successful and failing logs shows an addition of
client: |<4>| EXT[0x00]: Parsing extension 'STATUS REQUEST/5' (0 bytes)
server: |<4>| EXT[0x0]: Sending extension OCSP Status Request (0 bytes)

cu Andreas

-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'