[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Handshake fails with Internal error in memory allocation
|
From: |
Simon Josefsson |
|
Subject: |
Re: Handshake fails with Internal error in memory allocation |
|
Date: |
Thu, 01 May 2008 22:32:29 +0200 |
|
User-agent: |
Gnus/5.110009 (No Gnus v0.9) Emacs/22.2 (gnu/linux) |
Andreas Metzler <address@hidden> writes:
> ... but this suddenly doesn't (with
> the old #define MAX_HANDSHAKE_PACKET_SIZE 16*1024):
> *server* gnutls-serv --port 666 --x509certfile /etc/exim4/exim.crt \
> --x509keyfile /etc/exim4/exim.key \
> --x509cafile /etc/ssl/certs/ca-certificates.crt
> *client* gnutls-cli localhost -p 666
>
> I do not understand why specifying a list of irrelevant trusted CAs
> changes the the TLS dialogue at all.
It does change the TLS dialogue.
The problem may be that /etc/ssl/certs/ca-certificates.crt contains a
lot of CA certificates. A setting of trusting all CAs shipped with
debian seems rather weird to me, I'd expect the default to be to not
trust any CA and that administrators can selectively add CAs.
> Afaict this is not the case for openssl, this won't break gnutls:
> openssl s_server -accept 666 -cert /etc/exim4/exim.crt -key
> /etc/exim4/exim.key -CAfile /etc/ssl/certs/ca-certificates.crt
But does openssl request a client certificate? The list of CAs isn't
sent otherwise.
/Simon