cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: libcurl + GnuTLS bugs during mutual authentication

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Fri, 10 Oct 2008 21:14:49 +0200 (CEST)

On Fri, 10 Oct 2008, Sergey Gerasimenko wrote:

> Surprisingly, instead of the 200 OK (which would be obvious to receive) i am
> getting back "gnutls_handshake() failed: Decrypti 0"
>
> The first bug - the error code 0 indicates that "All fine" and no error
> occurred. But "reply" from the server tells completely different.

So what gnutls version is this done with?

> I made a small investigation and figured out that curl for command line uses
> OpenSSL by default, but the libcurl for some reasons uses GnuTLS.

That's how your system is designed/installed, it's not something we (in the
curl project) have decided or even suggested to anyway.

> Then changed libcurl.so to use libcurl.so.4.0.1 instead of
> libcurl-gnutls.so. And the simplessl code magically started to work (return
> 200 OK). This is the second bug - most likely licurl uses gnutls (in case of
> mutual authentication) is a wrong way.

Perhaps, or you use a GnuTLS version that has a bug that was fixed in a later
version.... or even there could be a bug present in its current version too.
It's hard to tell without further details.

Can you tell us a public URL we can try a test program with libcurl/GnuTLS
against to repeat the problem?

-- 
  / daniel.haxx.se
Received on 2008-10-10