SSL_ERROR_ZERO_RETURN for no reason
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnutls13 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
The upgrade from libgnutls13 (1.4.4-3build1) to 1.6.3-1build1 introduced something that i suppose to be bug, though I cannot really track down the problem.
The function SSL_connect returns in the new version with SSL_ERROR_
I found this problem when trying to wput a file to a TLS-enabled proftpd-server.
Using it in current gutsy, it won't be able to able to make a TLS-connection. However when compiled agains libgnutls13 1.4.4-3build1 it suddenly starts to work. It does not work either though for the 2.0.4-version in hardy.
Complete crap that I wrote. Sorry. It does not work after downgrading to 1.4.4! However on a debian-machine with 1.4.4 it works fine.
ssldump shows the following. teRequest
certificate_ types rsa_fixed_dh
certificate_ types dss_fixed_dh
certificate_ types rsa_sign
certificate_ types dss_sign
certificate_ types unknown value loDone Exchange
working library (debian):
[...]
1 5 0.2804 (0.0000) S>C Handshake
Certifica
ServerHel
1 6 0.3393 (0.0588) C>S Handshake
Certificate
1 7 0.5232 (0.1839) C>S Handshake
ClientKey
[...]
maybe broken library: teRequest
certificate_ types rsa_fixed_dh
certificate_ types dss_fixed_dh
certificate_ types rsa_sign
certificate_ types dss_sign
certificate_ types unknown value loDone
[...]
1 5 13.3543 (0.0000) S>C Handshake
Certifica
ServerHel
Unknown SSL content type 85
1 6 13.4411 (0.0868) S>C Alert
level fatal
value protocol_version
Unknown SSL content type 53
1 7 13.4421 (0.0010) C>SShort record
1 8 13.5264 (0.0843) S>CShort record
Unknown SSL content type 53
[...]
The initial is the same for both. However after the ServerHelloDone SSL_connect() returns the error, which in this example causes the client to continue in plain-text. I don't now if the S>C message about the wrong protocol-version is related to the certificate or just because the client sent plaintext.
However since both welcome each-other with Version 3.1 this should not be the problem.
1 1 13.2530 (13.2530) C>S Handshake
ClientHello
Version 3.1
1 2 13.3543 (0.1012) S>C Handshake
ServerHello
Version 3.1