[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [gnutls-dev] SRP compatibility problem between different GnuTLS vers
|
From: |
Yoann Vandoorselaere |
|
Subject: |
Re: [gnutls-dev] SRP compatibility problem between different GnuTLS version |
|
Date: |
Thu, 25 Jan 2007 12:17:08 +0100 |
Le jeudi 25 janvier 2007 à 11:21 +0100, Simon Josefsson a écrit :
> Yoann Vandoorselaere <address@hidden> writes:
>
> > Hi,
> >
> > It appear there are compatibility issues with SRP between different
> > GnuTLS version. As an example, peers using GnuTLS-1.4.0 are not able to
> > proceed authentication with peers using GnuTLS-1.4.5: the handshake
> > terminate with a "GnuTLS internal error".
> >
> > I suspect this is due to the following change in GnuTLS-1.4.2:
> > ** Change SRP and Cert-Type extensions to match IANA registry.
>
> Hi! Ah, yes, I can see how that becomes an interoperability problem.
>
> It seems bad if it causes internal errors though. If I read you
> correctly, this only happens on the GnuTLS 1.4.0 side? Does a 1.4.5
> peer terminate with an internal error when it tries to negotiate with
> a 1.4.0 peer?
[1.4.5 changed to 1.4.4].
It happen both way around:
- 1.4.0 client connecting to 1.4.4 server: fail.
- 1.4.4 client connecting to 1.4.0 server: fail.
gnutls_handshake() fail on both end of the peer returning -59 (GnuTLS
internal error).
When looking at the TLS debug log, one can see that a TLS alert is
raised (although it is never returned by gnutls_handshake): "The SRP
username was not sent".
See attached srp-server.log and srp-client.log TLS debug file.
[...]
--
Yoann Vandoorselaere <address@hidden>
srp-client.log
Description: Text Data
srp-server.log
Description: Text Data