[Help-gnutls] Re: Windows GnuTLS problem in handshaking.

Simon Josefsson simon at josefsson.org
Tue Oct 9 16:30:21 CEST 2007


Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:

> On Monday 08 October 2007, Rajeev Saini wrote:
>
> Are you sure the client sends the certificate correctly? As far as I can see 
> from the dump (below) the certificate packet sent by the client contains 10 
> bytes only (not really a certificate). What it the client program you are 
> using?
>
> Ok... I've translated those bytes to TLS protocol and it seems that this 
> client is sending "00 00 03 00 00 00" as the certificate (he means empty 
> certificate).
>
> The normal way to send it is to send "00 00 00". The one above confuses as it 
> seems gnutls. Does the attached patch solve this problem to you?

Supporting this may be needed, although I think we should add a
gnutls_assert or similar to make sure it can be noticed during
debugging.  The TLS 1.2 has some wording to make it explicit that the
_list_ should be empty rather than having an empty certificate in the
list.

It would be great if we can confirm that the patch solves the problem.

/Simon





More information about the Gnutls-help mailing list