[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnutls] Windows GnuTLS problem in handshaking.
From: |
Rajeev Saini |
Subject: |
Re: [Help-gnutls] Windows GnuTLS problem in handshaking. |
Date: |
Tue, 9 Oct 2007 13:35:29 +0530 |
Hi Nikos,
Thanks for your response.
My client is a Qualcomm 6280 UMTS mobile
and i am provisioning the certificate into it using the attached document.
Now if we see the command to provision
the certificate on the mobile
Command used:-
Step6: openssl
x509 –in cacert.pem –out SuplRootCert –inform PEM –outform DER
It seems that we are converting the
CA certificate to DER format and naming it SuplRootCert and loaded it into
the mobile. This is somewhat saying that we are putting CA public key into
the mobile.
Therefore it seems when the step comes
such that mobile has to send its certificate, it will send an empty certificate,
since it does not have a client certificate.
We are only told that the certificate
should be of the name SuplRootCert and should be in a particular folder
of a mobile.
My understanding so far is that mobile
should have both the CA public key and client Certificate onto it to run
properly.
Regards,
Rajeev Saini
Nikos Mavrogiannopoulos
<address@hidden>
Sent by: Nikos Mavrogiannopoulos <address@hidden>
10/09/2007 04:23 AM
|
To
| address@hidden
|
cc
| Rajeev Saini <address@hidden>
|
Subject
| Re: [Help-gnutls] Windows GnuTLS problem
in handshaking. |
|
On Monday 08 October 2007, Rajeev Saini wrote:
Are you sure the client sends the certificate correctly? As far as I can
see
from the dump (below) the certificate packet sent by the client contains
10
bytes only (not really a certificate). What it the client program you are
using?
Ok... I've translated those bytes to TLS protocol and it seems that this
client is sending "00 00 03 00 00 00" as the certificate (he
means empty
certificate).
The normal way to send it is to send "00 00 00". The one above
confuses as it
seems gnutls. Does the attached patch solve this problem to you?
> |<3>| HSK[ac08a8]: CERTIFICATE was received [10 bytes]
> |<6>| BUF[REC][HD]: Read 6 bytes of Data(22)
> |<6>| BUF[HSK]: Peeked 0 bytes of Data
> |<6>| BUF[HSK]: Emptied buffer
> |<6>| BUF[HSK]: Inserted 4 bytes of Data
> |<6>| BUF[HSK]: Inserted 6 bytes of Data
> |<2>| ASSERT: ../../../../src/gnutls-2.0.0/lib/x509/x509.c:219
> |<2>| ASSERT: ../../../src/gnutls-2.0.0/lib/gnutls_cert.c:758
> |<2>| ASSERT: ../../../src/gnutls-2.0.0/lib/auth_cert.c:932
> |<2>| ASSERT: ../../../src/gnutls-2.0.0/lib/gnutls_kx.c:612
> |<2>| ASSERT: ../../../src/gnutls-2.0.0/lib/gnutls_handshake.c:2568
> |<6>| BUF[HSK]: Cleared Data from buffer
>
> Error in handshake
> Error: ASN1 parser: Error in TAG.
>
> |<4>| REC: Sending Alert[2|42] - Certificate is bad
ForwardSourceID:NT000064D2
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
patch.txt
Description: Text document
Generate SSL certs .doc
Description: Binary data