headers
Nikos Mavrogiannopoulos | 2 Nov 2008 13:35

Re: Key usage violation in certificate

Kevin P. Fleming wrote:
> I'm fighting the same problem other Subversion users have been the past
> few months, with the switch to Subversion on Ubuntu being built against
> GNUTLS instead of OpenSSL, users cannot connect to our server.
> 
> I've rebuilt the server's cert with the X509v3 Key Usage set to 'Digital
> Signature' and 'Key Encipherment', but that has not solved the problem.
> 
> Can someone please connect to https://origsvn.digium.com and tell me why
> GNUTLS won't accept the server's cert? Thanks.

Hello,
 Could you (or some of your users that have problem) please send me the
output you get with the gnutls client if you issue a similar command as
below[0]. With gnutls-cli from 2.6.x I connected normally[1].

regards,
Nikos

[0]: ./gnutls-cli origsvn.digium.com -d 2 --x509keyfile key
--x509certfile cert
(the files cert and key are attached)

[1]:

$ ./gnutls-cli origsvn.digium.com --x509keyfile key --x509certfile cert
Processed 1 client certificates...
Processed 1 client X.509 certificates...
Resolving 'origsvn.digium.com'...
Connecting to '216.207.245.42:443'...
(Continue reading)

Permalink | Reply | 5 comments |
headers
Martin Knappe | 3 Nov 2008 13:33
Picon

Diffie Hellman

hi

i have a question

i have seen source code where the server makes a call to gnutls_dh_set_prime_bits
the way i understand it, this doesnt really make sense: the server suggests these parameters to the client, and the client only uses this function to determine whether the parameters offered by the server are acceptable, right?
is there any point in calling gnutls_dh_set_prime_bits on the server side?
many thanks

martin

_______________________________________________
Help-gnutls mailing list
Help-gnutls <at> gnu.org
http://lists.gnu.org/mailman/listinfo/help-gnutls
Permalink | Reply | 2 comments |
headers
Lennart Koopmann | 3 Nov 2008 14:02
Gravatar

Re: Diffie Hellman

On Monday 03 November 2008 13:33:11 Martin Knappe wrote:
> is there any point in calling gnutls_dh_set_prime_bits on the server side?
> many thanks

Yes. On the server side you set the number of DH prime bits the server offers 
in maximum. You will notice that your GnuTLS initialization process will take 
longer the higher you set the DH prime bits because generation takes longer.

You should regularly re-call gnutls_dh_set_prime_bits for security reasons.

So long
Lennart Koopmann
Permalink | Reply | 0 comments |
headers
Lennart Koopmann | 3 Nov 2008 14:26
Gravatar

Re: Diffie Hellman

On Monday 03 November 2008 14:14:11 you wrote:
> I don't see how all this makes sense:
>
> The number of DH prime bits is established on a call to
> gnutls_dh_params_generate2 (dh_params, DH_BITS);
> This is when the prime and generator are generated.

That's true. Sorry my reply was quite unspecific about that.
But as far as I understand gnutls_dh_params_generate2() generates the pair of 
prime and generator, while gnutls_dh_set_prime_bits() sets a minimum DH size 
for a conversation. I did not test it, but this might enable you to allow 
different DH sizes in different conversations.

I am handing over to the GnuTLS experts! ;)
Permalink | Reply | 1 comment |
headers
Kevin P. Fleming | 3 Nov 2008 14:40
Favicon
Gravatar

Re: Key usage violation in certificate

Nikos Mavrogiannopoulos wrote:

>  Could you (or some of your users that have problem) please send me the
> output you get with the gnutls client if you issue a similar command as
> below[0]. With gnutls-cli from 2.6.x I connected normally[1].

OK, this is bizarre. Using gnutls-cli from Ubuntu's gnutls-bin
2.4.1-1build1 (which uses libgnutls.so.26 from libgnutls-2.4.1-1build1
(strange version numbering)), the connection works fine; the output is
the same as you posted.

Does this mean that the real problem is that something in the way
libneon is using GNUTLS is really causing the issue, or that gnutls-cli
is not requiring the same validity checks that libneon is asking for?

--

-- 
Kevin P. Fleming
Director of Software Technologies
Digium, Inc. - "The Genuine Asterisk Experience" (TM)
Permalink | Reply | 4 comments |
headers
Nikos Mavrogiannopoulos | 3 Nov 2008 16:46

Re: Key usage violation in certificate

>>  Could you (or some of your users that have problem) please send me the
>> output you get with the gnutls client if you issue a similar command as
>> below[0]. With gnutls-cli from 2.6.x I connected normally[1].
>
> OK, this is bizarre. Using gnutls-cli from Ubuntu's gnutls-bin
> 2.4.1-1build1 (which uses libgnutls.so.26 from libgnutls-2.4.1-1build1
> (strange version numbering)), the connection works fine; the output is
> the same as you posted.
>
> Does this mean that the real problem is that something in the way
> libneon is using GNUTLS is really causing the issue, or that gnutls-cli
> is not requiring the same validity checks that libneon is asking for?

I don't think this can be the case, but cannot be sure. Does libneon
can be run with gnutls debugging on?

regards,
Nikos
Permalink | Reply | 3 comments |
headers
Martin Knappe | 3 Nov 2008 16:48
Picon

Re: Diffie Hellman

Yeah, you see that explanation doesnt really make sense. The parameters are generated when gnutls_dh_params_generate2 is called, and this function also has a DH_BITS, so I don't see the point in specifying the parameter width again in a separate function.



On Mon, Nov 3, 2008 at 2:26 PM, Lennart Koopmann <lennart <at> scopeport.org> wrote:
On Monday 03 November 2008 14:14:11 you wrote:
> I don't see how all this makes sense:
>
> The number of DH prime bits is established on a call to
> gnutls_dh_params_generate2 (dh_params, DH_BITS);
> This is when the prime and generator are generated.

That's true. Sorry my reply was quite unspecific about that.
But as far as I understand gnutls_dh_params_generate2() generates the pair of
prime and generator, while gnutls_dh_set_prime_bits() sets a minimum DH size
for a conversation. I did not test it, but this might enable you to allow
different DH sizes in different conversations.

I am handing over to the GnuTLS experts! ;)


_______________________________________________
Help-gnutls mailing list
Help-gnutls <at> gnu.org
http://lists.gnu.org/mailman/listinfo/help-gnutls

_______________________________________________
Help-gnutls mailing list
Help-gnutls <at> gnu.org
http://lists.gnu.org/mailman/listinfo/help-gnutls
Permalink | Reply | 0 comments |
headers
Martin Knappe | 3 Nov 2008 17:39
Picon

handshake

hi

im having a problem with making a handshake between client and server
the problem is that my client seems to "think" it is really a server, because instead of sending a client hello. it does a receive when initiating the handshake (i checked with strace)
could someone have a look at this snippet and tell me why this client might think it is a server:

    if (gnutls_init(&session, GNUTLS_CLIENT) != 0) {
        return E_GNUTLS_INIT;
    }
    if (gnutls_set_default_priority(session) != 0) {
        return E_GNUTLS_SET_DEFAULT_PRIORITY;
    }
    if (gnutls_kx_set_priority(session, (const int[]) {GNUTLS_KX_DHE_PSK, 0})) {
        return E_GNUTLS_KX_SET_PRIORITY;
    }
    if (gnutls_credentials_set (session, GNUTLS_CRD_PSK, psk_cred) != 0) {
        return E_GNUTLS_CREDENTIALS_SET;
    }
    gnutls_transport_set_ptr(session, (gnutls_transport_ptr_t) sockfd);
    printf("BEFORE HANDSHAKE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n");
    if (gnutls_handshake(session) < 0) {
        return E_HANDSHAKE;
    }
    printf("AFTER HANDSHAKE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n");
    return E_SUCCESS;

when i execute this, I get the message "BEFORE HANDSHAKE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!", and then my client blocks!

many thanks

martin

_______________________________________________
Help-gnutls mailing list
Help-gnutls <at> gnu.org
http://lists.gnu.org/mailman/listinfo/help-gnutls
Permalink | Reply | 1 comment |
headers
Kevin P. Fleming | 3 Nov 2008 18:58
Favicon
Gravatar

Re: Key usage violation in certificate

Nikos Mavrogiannopoulos wrote:

> I don't think this can be the case, but cannot be sure. Does libneon
> can be run with gnutls debugging on?

Thanks very much for your help!

I've built Subversion 1.5.4 with libneon 0.28.2 (both from source, but
gnutls using the Ubuntu packages) configured to force the gnutls global
debug level to 4711, and here's the output from a failed connection attempt:

|<2>| ASSERT: dn.c:444
|<2>| ASSERT: dn.c:374
|<2>| ASSERT: dn.c:492
ah_create, for WWW-Authenticate
Running pre_send hooks
compress: Initialization.
Sending request headers:
OPTIONS /svn/asterisk HTTP/1.1
Host: origsvn.digium.com
User-Agent: SVN/1.5.4 (r33841) neon/0.28.2
Keep-Alive:
Connection: TE, Keep-Alive
TE: trailers
DAV: http://subversion.tigris.org/xmlns/dav/svn/depth
DAV: http://subversion.tigris.org/xmlns/dav/svn/mergeinfo
DAV: http://subversion.tigris.org/xmlns/dav/svn/log-revprops
Accept-Encoding: gzip

Sending request-line and headers:
Doing DNS lookup on origsvn.digium.com...
Connecting to 10.19.29.201
Negotiating SSL connection.
|<3>| HSK[11ea380]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1
|<3>| HSK[11ea380]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[11ea380]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1
|<3>| HSK[11ea380]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[11ea380]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[11ea380]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1
|<3>| HSK[11ea380]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1
|<3>| HSK[11ea380]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1
|<3>| HSK[11ea380]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1
|<3>| HSK[11ea380]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[11ea380]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1
|<3>| HSK[11ea380]: Removing ciphersuite: DHE_PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[11ea380]: Removing ciphersuite: DHE_PSK_SHA_AES_256_CBC_SHA1
|<3>| HSK[11ea380]: Removing ciphersuite: DHE_PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[11ea380]: Removing ciphersuite: DHE_PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[11ea380]: Removing ciphersuite: SRP_SHA_RSA_AES_128_CBC_SHA1
|<3>| HSK[11ea380]: Removing ciphersuite: SRP_SHA_RSA_AES_256_CBC_SHA1
|<3>| HSK[11ea380]: Removing ciphersuite: SRP_SHA_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[11ea380]: Removing ciphersuite: SRP_SHA_DSS_AES_128_CBC_SHA1
|<3>| HSK[11ea380]: Removing ciphersuite: SRP_SHA_DSS_AES_256_CBC_SHA1
|<3>| HSK[11ea380]: Removing ciphersuite: SRP_SHA_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[11ea380]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1
|<3>| HSK[11ea380]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[11ea380]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1
|<3>| HSK[11ea380]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[11ea380]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[11ea380]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
|<3>| HSK[11ea380]: Keeping ciphersuite: RSA_ARCFOUR_MD5
|<3>| HSK[11ea380]: Removing ciphersuite: PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[11ea380]: Removing ciphersuite: PSK_SHA_AES_256_CBC_SHA1
|<3>| HSK[11ea380]: Removing ciphersuite: PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[11ea380]: Removing ciphersuite: PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[11ea380]: Removing ciphersuite: SRP_SHA_AES_128_CBC_SHA1
|<3>| HSK[11ea380]: Removing ciphersuite: SRP_SHA_AES_256_CBC_SHA1
|<3>| HSK[11ea380]: Removing ciphersuite: SRP_SHA_3DES_EDE_CBC_SHA1
|<2>| EXT[11ea380]: Sending extension CERT_TYPE
|<2>| EXT[11ea380]: Sending extension SERVER_NAME
|<3>| HSK[11ea380]: CLIENT HELLO was send [115 bytes]
|<6>| BUF[HSK]: Peeked 0 bytes of Data
|<6>| BUF[HSK]: Emptied buffer
|<4>| REC[11ea380]: Sending Packet[0] Handshake(22) with length: 115
|<2>| ASSERT: gnutls_cipher.c:205
|<7>| WRITE: Will write 120 bytes to 5.
|<7>| WRITE: wrote 120 bytes to 5. Left 0 bytes. Total 120 bytes.
|<7>| 0000 - 16 03 02 00 73 01 00 00 6f 03 02 49 0f 3b 13 28
|<7>| 0001 - 48 2f 40 67 f3 dd 20 4e f9 bc 5b 85 87 43 27 79
|<7>| 0002 - fa 20 6a 58 a3 26 4c 29 38 aa 78 00 00 24 00 33
|<7>| 0003 - 00 45 00 39 00 88 00 16 00 32 00 44 00 38 00 87
|<7>| 0004 - 00 13 00 66 00 2f 00 41 00 35 00 84 00 0a 00 05
|<7>| 0005 - 00 04 01 00 00 22 00 09 00 03 02 00 01 00 00 00
|<7>| 0006 - 17 00 15 00 00 12 6f 72 69 67 73 76 6e 2e 64 69
|<7>| 0007 - 67 69 75 6d 2e 63 6f 6d
|<4>| REC[11ea380]: Sent Packet[1] Handshake(22) with length: 120
|<7>| READ: Got 5 bytes from 5
|<7>| READ: read 5 bytes from 5
|<7>| 0000 - 16 03 01 00 4a
|<7>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<7>| RB: Requested 5 bytes
|<4>| REC[11ea380]: Expected Packet[0] Handshake(22) with length: 1
|<4>| REC[11ea380]: Received Packet[0] Handshake(22) with length: 74
|<7>| READ: Got 74 bytes from 5
|<7>| READ: read 74 bytes from 5
|<7>| 0000 - 02 00 00 46 03 01 49 0f 3b 18 a0 df 9f e4 70 f5
|<7>| 0001 - 46 1e f4 06 7f 04 15 3f 7e a6 ab 55 8c d6 0b fc
|<7>| 0002 - 8c 37 24 8d 79 a1 20 25 44 5d 3e 03 f2 4b 38 e1
|<7>| 0003 - 5a c7 1e ba 1c 63 4c 93 ef 1c 9d b7 04 23 cd 5b
|<7>| 0004 - 59 d1 58 70 ea 65 6c 00 33 00
|<7>| RB: Have 5 bytes into buffer. Adding 74 bytes.
|<7>| RB: Requested 79 bytes
|<2>| ASSERT: gnutls_cipher.c:205
|<4>| REC[11ea380]: Decrypted Packet[0] Handshake(22) with length: 74
|<6>| BUF[HSK]: Inserted 74 bytes of Data(22)
|<6>| BUF[REC][HD]: Read 1 bytes of Data(22)
|<6>| BUF[REC][HD]: Read 3 bytes of Data(22)
|<3>| HSK[11ea380]: SERVER HELLO was received [74 bytes]
|<6>| BUF[REC][HD]: Read 70 bytes of Data(22)
|<6>| BUF[HSK]: Peeked 0 bytes of Data
|<6>| BUF[HSK]: Emptied buffer
|<6>| BUF[HSK]: Inserted 4 bytes of Data
|<6>| BUF[HSK]: Inserted 70 bytes of Data
|<3>| HSK[11ea380]: Server's version: 3.1
|<3>| HSK[11ea380]: SessionID length: 32
|<3>| HSK[11ea380]: SessionID:
25445d3e03f24b38e15ac71eba1c634c93ef1c9db70423cd5b59d15870ea656c
|<3>| HSK[11ea380]: Selected cipher suite: DHE_RSA_AES_128_CBC_SHA1

|<2>| ASSERT: gnutls_extensions.c:165

|<7>| READ: Got 5 bytes from 5

|<7>| READ: read 5 bytes from 5

|<7>| 0000 - 16 03 01 0b 1e

|<7>| RB: Have 0 bytes into buffer. Adding 5 bytes.

|<7>| RB: Requested 5 bytes

|<4>| REC[11ea380]: Expected Packet[1] Handshake(22) with length: 1

|<4>| REC[11ea380]: Received Packet[1] Handshake(22) with length: 2846

|<7>| READ: Got 2846 bytes from 5

|<7>| READ: read 2846 bytes from 5

|<7>| 0000 - 0b 00 0b 1a 00 0b 17 00 05 8e 30 82 05 8a 30 82

|<7>| 0001 - 04 72 a0 03 02 01 02 02 02 00 fe 30 0d 06 09 2a

|<7>| 0002 - 86 48 86 f7 0d 01 01 04 05 00 30 81 af 31 0b 30

|<7>| 0003 - 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06 03

|<7>| 0004 - 55 04 08 13 07 41 6c 61 62 61 6d 61 31 13 30 11

|<7>| 0005 - 06 03 55 04 07 13 0a 48 75 6e 74 73 76 69 6c 6c

|<7>| 0006 - 65 31 15 30 13 06 03 55 04 0a 13 0c 44 69 67 69

|<7>| 0007 - 75 6d 2c 20 49 6e 63 2e 31 22 30 20 06 03 55 04

|<7>| 0008 - 0b 13 19 41 73 74 65 72 69 73 6b 20 44 65 76 65

|<7>| 0009 - 6c 6f 70 6d 65 6e 74 20 54 65 61 6d 31 16 30 14

|<7>| 000a - 06 03 55 04 03 13 0d 44 69 67 69 75 6d 20 53 56

|<7>| 000b - 4e 20 43 41 31 26 30 24 06 09 2a 86 48 86 f7 0d

|<7>| 000c - 01 09 01 16 17 61 73 74 65 72 69 73 6b 74 65 61

|<7>| 000d - 6d 40 64 69 67 69 75 6d 2e 63 6f 6d 30 1e 17 0d

|<7>| 000e - 30 38 31 30 33 31 31 34 35 38 30 30 5a 17 0d 31

|<7>| 000f - 35 31 31 30 34 31 34 35 38 30 30 5a 30 81 ae 31

|<7>| 0010 - 0b 30 09 06 03 55 04 06 13 02 55 53 31 10 30 0e

|<7>| 0011 - 06 03 55 04 08 13 07 41 6c 61 62 61 6d 61 31 13

|<7>| 0012 - 30 11 06 03 55 04 07 13 0a 48 75 6e 74 73 76 69

|<7>| 0013 - 6c 6c 65 31 0f 30 0d 06 03 55 04 0a 13 06 44 69

|<7>| 0014 - 67 69 75 6d 31 22 30 20 06 03 55 04 0b 13 19 41

|<7>| 0015 - 73 74 65 72 69 73 6b 20 44 65 76 65 6c 6f 70 6d

|<7>| 0016 - 65 6e 74 20 54 65 61 6d 31 1b 30 19 06 03 55 04

|<7>| 0017 - 03 13 12 6f 72 69 67 73 76 6e 2e 64 69 67 69 75

|<7>| 0018 - 6d 2e 63 6f 6d 31 26 30 24 06 09 2a 86 48 86 f7

|<7>| 0019 - 0d 01 09 01 16 17 61 73 74 65 72 69 73 6b 74 65

|<7>| 001a - 61 6d 40 64 69 67 69 75 6d 2e 63 6f 6d 30 82 01

|<7>| 001b - 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00

|<7>| 001c - 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 c4 2a

|<7>| 001d - 9a 2d a4 3e 36 91 ba 99 b8 22 6a 7d 0a 10 fd 6b

|<7>| 001e - dd 7c 86 00 53 56 b0 e0 de 5d 14 68 b5 b6 ee 09

|<7>| 001f - 13 e6 14 b0 12 b4 f8 5f b5 6d 70 1d 55 82 bd 0e

|<7>| 0020 - 46 01 d2 03 2c 94 67 a8 a1 4a d2 3a 5d 5c d2 8a

|<7>| 0021 - 1f f6 f9 bd 9a ec 50 cd f8 13 e1 4e b3 87 91 bc

|<7>| 0022 - 6c 47 6d 59 0e b0 7d 89 5c 12 ac 3a fb cb 4f c1

|<7>| 0023 - 43 9e a3 b7 4c e4 60 88 f7 4f 7d c7 6a 01 36 03

|<7>| 0024 - 50 e9 ad 6e b7 1a 32 dc 70 54 d0 65 8d 0b d9 77

|<7>| 0025 - c4 5a 5b 2d 85 b9 9b 21 17 e4 13 d8 a3 ea 58 ce

|<7>| 0026 - 78 27 ff 78 22 07 5f a5 96 79 fb 3e 7d ed c0 b7

|<7>| 0027 - 2d c8 85 28 c7 03 b6 85 59 f2 4e 24 0d 69 d0 60

|<7>| 0028 - ea 77 68 73 de 69 91 c8 f0 9a eb 21 d2 5f 29 a6

|<7>| 0029 - 40 73 ef 8b 09 5f 5e 32 dd bd 9f ba 98 4c 11 72

|<7>| 002a - 5d 20 1b 37 dc cd 3c d2 63 11 bb bd ce 4a d2 ab

|<7>| 002b - b9 1f 41 c2 eb 0e 1a 2e a1 0f 3e 4a ad 1d 68 8f

|<7>| 002c - 94 1b 18 8c 49 66 31 65 0c 63 8d 40 7f 83 02 03

|<7>| 002d - 01 00 01 a3 82 01 ad 30 82 01 a9 30 09 06 03 55

|<7>| 002e - 1d 13 04 02 30 00 30 11 06 09 60 86 48 01 86 f8

|<7>| 002f - 42 01 01 04 04 03 02 06 40 30 2b 06 09 60 86 48

|<7>| 0030 - 01 86 f8 42 01 0d 04 1e 16 1c 54 69 6e 79 43 41

|<7>| 0031 - 20 47 65 6e 65 72 61 74 65 64 20 43 65 72 74 69

|<7>| 0032 - 66 69 63 61 74 65 30 1d 06 03 55 1d 0e 04 16 04

|<7>| 0033 - 14 cb 95 0f de 61 ca a3 08 95 bc 6c 6a 9e d7 bf

|<7>| 0034 - ae 64 bd c8 cd 30 81 e4 06 03 55 1d 23 04 81 dc

|<7>| 0035 - 30 81 d9 80 14 50 d3 ee fd 08 95 06 26 16 49 04

|<7>| 0036 - 90 bf 35 02 11 30 92 bd 27 a1 81 b5 a4 81 b2 30

|<7>| 0037 - 81 af 31 0b 30 09 06 03 55 04 06 13 02 55 53 31

|<7>| 0038 - 10 30 0e 06 03 55 04 08 13 07 41 6c 61 62 61 6d

|<7>| 0039 - 61 31 13 30 11 06 03 55 04 07 13 0a 48 75 6e 74

|<7>| 003a - 73 76 69 6c 6c 65 31 15 30 13 06 03 55 04 0a 13

|<7>| 003b - 0c 44 69 67 69 75 6d 2c 20 49 6e 63 2e 31 22 30

|<7>| 003c - 20 06 03 55 04 0b 13 19 41 73 74 65 72 69 73 6b

|<7>| 003d - 20 44 65 76 65 6c 6f 70 6d 65 6e 74 20 54 65 61

|<7>| 003e - 6d 31 16 30 14 06 03 55 04 03 13 0d 44 69 67 69

|<7>| 003f - 75 6d 20 53 56 4e 20 43 41 31 26 30 24 06 09 2a

|<7>| 0040 - 86 48 86 f7 0d 01 09 01 16 17 61 73 74 65 72 69

|<7>| 0041 - 73 6b 74 65 61 6d 40 64 69 67 69 75 6d 2e 63 6f

|<7>| 0042 - 6d 82 09 00 c5 45 59 56 d9 a7 ac 12 30 22 06 03

|<7>| 0043 - 55 1d 12 04 1b 30 19 81 17 61 73 74 65 72 69 73

|<7>| 0044 - 6b 74 65 61 6d 40 64 69 67 69 75 6d 2e 63 6f 6d

|<7>| 0045 - 30 22 06 03 55 1d 11 04 1b 30 19 81 17 61 73 74

|<7>| 0046 - 65 72 69 73 6b 74 65 61 6d 40 64 69 67 69 75 6d

|<7>| 0047 - 2e 63 6f 6d 30 0e 06 03 55 1d 0f 01 01 ff 04 04

|<7>| 0048 - 03 02 05 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01

|<7>| 0049 - 04 05 00 03 82 01 01 00 d7 ad d4 0c ed 93 74 af

|<7>| 004a - 9b b1 3e 3b ae 7f a7 32 9e f6 fc c3 6a ef 6a 71

|<7>| 004b - 16 bd 37 4e 24 f4 b5 46 ec 0c f5 eb 6f 8e b5 b5

|<7>| 004c - a4 ae 94 50 c5 f2 06 3d 26 06 6c fb 8a dc 67 16

|<7>| 004d - 67 c6 0c 72 b3 7b 72 04 e4 f9 0c 37 e0 4b 1c 53

|<7>| 004e - ea c6 01 52 9d 13 f5 ca 98 a4 da 93 ea b0 a9 21

|<7>| 004f - c6 32 7f 19 35 61 b9 db 74 b5 49 00 27 3e 40 37

|<7>| 0050 - e3 ec 20 b0 75 08 a0 f5 9e 8e ac 69 31 7c 0d 45

|<7>| 0051 - 17 3b f4 77 81 f6 d5 b8 80 0a cf ec 66 b6 16 89

|<7>| 0052 - 01 b3 2b 02 e7 1b 0b 88 de bc b2 77 76 4d 7e 4c

|<7>| 0053 - 72 75 d4 18 c7 f7 20 7e 92 97 25 33 90 85 c7 ad

|<7>| 0054 - e0 94 16 b6 27 4a d5 1b 37 e3 44 d0 6a 9a fa 1d

|<7>| 0055 - 54 87 d7 c6 81 d9 1d 38 e0 c2 69 03 38 99 d6 ae

|<7>| 0056 - 7f 68 59 9d aa 18 22 de 62 81 17 f0 1e 31 c1 af

|<7>| 0057 - d5 8b e0 23 95 0c fd 06 9b 8f 55 79 93 f8 d3 69

|<7>| 0058 - 06 15 42 02 ef ff 13 cb 31 f0 c0 3d e7 2f 03 f0

|<7>| 0059 - db 18 25 5c fe ad 21 94 00 05 83 30 82 05 7f 30

|<7>| 005a - 82 04 67 a0 03 02 01 02 02 09 00 c5 45 59 56 d9

|<7>| 005b - a7 ac 12 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04

|<7>| 005c - 05 00 30 81 af 31 0b 30 09 06 03 55 04 06 13 02

|<7>| 005d - 55 53 31 10 30 0e 06 03 55 04 08 13 07 41 6c 61

|<7>| 005e - 62 61 6d 61 31 13 30 11 06 03 55 04 07 13 0a 48

|<7>| 005f - 75 6e 74 73 76 69 6c 6c 65 31 15 30 13 06 03 55

|<7>| 0060 - 04 0a 13 0c 44 69 67 69 75 6d 2c 20 49 6e 63 2e

|<7>| 0061 - 31 22 30 20 06 03 55 04 0b 13 19 41 73 74 65 72

|<7>| 0062 - 69 73 6b 20 44 65 76 65 6c 6f 70 6d 65 6e 74 20

|<7>| 0063 - 54 65 61 6d 31 16 30 14 06 03 55 04 03 13 0d 44

|<7>| 0064 - 69 67 69 75 6d 20 53 56 4e 20 43 41 31 26 30 24

|<7>| 0065 - 06 09 2a 86 48 86 f7 0d 01 09 01 16 17 61 73 74

|<7>| 0066 - 65 72 69 73 6b 74 65 61 6d 40 64 69 67 69 75 6d

|<7>| 0067 - 2e 63 6f 6d 30 1e 17 0d 30 35 31 31 32 35 32 33

|<7>| 0068 - 33 31 34 37 5a 17 0d 31 35 31 31 32 33 32 33 33

|<7>| 0069 - 31 34 37 5a 30 81 af 31 0b 30 09 06 03 55 04 06

|<7>| 006a - 13 02 55 53 31 10 30 0e 06 03 55 04 08 13 07 41

|<7>| 006b - 6c 61 62 61 6d 61 31 13 30 11 06 03 55 04 07 13

|<7>| 006c - 0a 48 75 6e 74 73 76 69 6c 6c 65 31 15 30 13 06

|<7>| 006d - 03 55 04 0a 13 0c 44 69 67 69 75 6d 2c 20 49 6e

|<7>| 006e - 63 2e 31 22 30 20 06 03 55 04 0b 13 19 41 73 74

|<7>| 006f - 65 72 69 73 6b 20 44 65 76 65 6c 6f 70 6d 65 6e

|<7>| 0070 - 74 20 54 65 61 6d 31 16 30 14 06 03 55 04 03 13

|<7>| 0071 - 0d 44 69 67 69 75 6d 20 53 56 4e 20 43 41 31 26

|<7>| 0072 - 30 24 06 09 2a 86 48 86 f7 0d 01 09 01 16 17 61

|<7>| 0073 - 73 74 65 72 69 73 6b 74 65 61 6d 40 64 69 67 69

|<7>| 0074 - 75 6d 2e 63 6f 6d 30 82 01 22 30 0d 06 09 2a 86

|<7>| 0075 - 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82

|<7>| 0076 - 01 0a 02 82 01 01 00 e1 98 dd 86 39 24 bf 1a f6

|<7>| 0077 - 2b d4 c3 e4 c4 26 69 e8 2c da bc 11 38 03 66 8a

|<7>| 0078 - e6 3c 37 2d 1c 4a a7 4b 4f 4a 72 3e e0 80 08 f1

|<7>| 0079 - c2 17 9a b5 d5 f1 a6 d8 64 f3 cc d1 1b 04 cb b0

|<7>| 007a - 7d 75 87 52 9a 7a ea ab f2 64 f1 0e d4 95 fa 60

|<7>| 007b - a5 1e fa d6 5d 8a 55 a8 38 98 4d a7 04 29 4c ad

|<7>| 007c - 2d 21 27 d5 87 b6 88 93 e2 fc 15 82 6e b5 cc 7c

|<7>| 007d - 45 a5 88 0c 5d 71 29 f2 9d 95 ea 9c ff 01 55 7b

|<7>| 007e - c7 de 8d 79 24 49 00 02 69 a9 ac fa 39 e5 37 5d

|<7>| 007f - 49 f1 40 a7 62 c0 9e a2 21 d9 c5 21 a2 a9 83 99

|<7>| 0080 - 65 82 8e 73 61 89 8c 1d 18 2f 38 29 63 19 20 6a

|<7>| 0081 - 42 a3 22 4c 08 73 8a 56 fd 0d a8 a7 10 e8 ba e9

|<7>| 0082 - eb 90 ae 48 10 63 5a 33 13 bd 22 b8 50 a6 0d 18

|<7>| 0083 - 4b d1 81 d2 60 27 7d 38 c6 f2 b5 2e ce ef 5a e1

|<7>| 0084 - 86 33 ce 0d df 80 e9 b7 84 f3 f6 d1 cf e1 b8 aa

|<7>| 0085 - ad 9f 23 eb 04 58 0f c6 68 5f 3b e5 f1 7c 9b 2c

|<7>| 0086 - 63 bb 8b fa fd d5 25 02 03 01 00 01 a3 82 01 9a

|<7>| 0087 - 30 82 01 96 30 1d 06 03 55 1d 0e 04 16 04 14 50

|<7>| 0088 - d3 ee fd 08 95 06 26 16 49 04 90 bf 35 02 11 30

|<7>| 0089 - 92 bd 27 30 81 e4 06 03 55 1d 23 04 81 dc 30 81

|<7>| 008a - d9 80 14 50 d3 ee fd 08 95 06 26 16 49 04 90 bf

|<7>| 008b - 35 02 11 30 92 bd 27 a1 81 b5 a4 81 b2 30 81 af

|<7>| 008c - 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 10 30

|<7>| 008d - 0e 06 03 55 04 08 13 07 41 6c 61 62 61 6d 61 31

|<7>| 008e - 13 30 11 06 03 55 04 07 13 0a 48 75 6e 74 73 76

|<7>| 008f - 69 6c 6c 65 31 15 30 13 06 03 55 04 0a 13 0c 44

|<7>| 0090 - 69 67 69 75 6d 2c 20 49 6e 63 2e 31 22 30 20 06

|<7>| 0091 - 03 55 04 0b 13 19 41 73 74 65 72 69 73 6b 20 44

|<7>| 0092 - 65 76 65 6c 6f 70 6d 65 6e 74 20 54 65 61 6d 31

|<7>| 0093 - 16 30 14 06 03 55 04 03 13 0d 44 69 67 69 75 6d

|<7>| 0094 - 20 53 56 4e 20 43 41 31 26 30 24 06 09 2a 86 48

|<7>| 0095 - 86 f7 0d 01 09 01 16 17 61 73 74 65 72 69 73 6b

|<7>| 0096 - 74 65 61 6d 40 64 69 67 69 75 6d 2e 63 6f 6d 82

|<7>| 0097 - 09 00 c5 45 59 56 d9 a7 ac 12 30 0f 06 03 55 1d

|<7>| 0098 - 13 01 01 ff 04 05 30 03 01 01 ff 30 11 06 09 60

|<7>| 0099 - 86 48 01 86 f8 42 01 01 04 04 03 02 01 06 30 09

|<7>| 009a - 06 03 55 1d 12 04 02 30 00 30 2b 06 09 60 86 48

|<7>| 009b - 01 86 f8 42 01 0d 04 1e 16 1c 54 69 6e 79 43 41

|<7>| 009c - 20 47 65 6e 65 72 61 74 65 64 20 43 65 72 74 69

|<7>| 009d - 66 69 63 61 74 65 30 22 06 03 55 1d 11 04 1b 30

|<7>| 009e - 19 81 17 61 73 74 65 72 69 73 6b 74 65 61 6d 40

|<7>| 009f - 64 69 67 69 75 6d 2e 63 6f 6d 30 0e 06 03 55 1d

|<7>| 00a0 - 0f 01 01 ff 04 04 03 02 01 06 30 0d 06 09 2a 86

|<7>| 00a1 - 48 86 f7 0d 01 01 04 05 00 03 82 01 01 00 59 1f

|<7>| 00a2 - 70 32 9d c6 b4 2d 27 02 66 38 d8 66 c3 e6 5e be

|<7>| 00a3 - ef bd 24 3c c3 b9 05 76 ed f6 3c 0b 64 da 6b cd

|<7>| 00a4 - ff 0e 8a be 26 68 4d 89 ff 33 ce 08 e9 1f 42 80

|<7>| 00a5 - 05 cf d0 f6 33 a4 82 99 c0 f0 45 7f ba 96 e6 f5

|<7>| 00a6 - ae f3 d1 e9 bb 75 8b 69 2a 32 b2 44 0f f5 0d fb

|<7>| 00a7 - b3 f7 5f e8 50 1e 1f db dd f4 06 43 71 cc 1f 57

|<7>| 00a8 - dd 5a e3 4c 0e a0 76 79 0a 93 bc 42 aa f5 b0 bc

|<7>| 00a9 - 59 e2 f0 63 8f 03 9e 51 97 d6 21 90 14 e4 96 c1

|<7>| 00aa - d6 d7 9a 61 76 f3 7c 48 ee 3b 57 23 cb cd 76 fb

|<7>| 00ab - dc 84 11 99 c7 fe 4c 36 6e 10 27 3c 38 39 b9 32

|<7>| 00ac - fc f3 75 b8 d8 72 7c c2 4b 85 3f e8 a0 dc 02 bb

|<7>| 00ad - a0 81 90 d7 82 0a c7 e1 5d a1 99 9e 87 16 28 50

|<7>| 00ae - 5e 47 32 34 c6 9d 2b 1a 06 74 89 61 97 99 7b 86

|<7>| 00af - 68 a3 ef 1f 3a 58 c6 69 2a 89 75 ff 82 75 52 d6

|<7>| 00b0 - f6 9d d5 0a 42 2d 65 5d a4 39 d6 4c da bd 76 6f

|<7>| 00b1 - af 9d c3 2b 72 80 c3 68 79 c6 4e 0b 4b 6a

|<7>| RB: Have 5 bytes into buffer. Adding 2846 bytes.

|<7>| RB: Requested 2851 bytes

|<2>| ASSERT: gnutls_cipher.c:205

|<4>| REC[11ea380]: Decrypted Packet[1] Handshake(22) with length: 2846

|<6>| BUF[HSK]: Inserted 2846 bytes of Data(22)

|<6>| BUF[REC][HD]: Read 1 bytes of Data(22)

|<6>| BUF[REC][HD]: Read 3 bytes of Data(22)

|<3>| HSK[11ea380]: CERTIFICATE was received [2846 bytes]

|<6>| BUF[REC][HD]: Read 2842 bytes of Data(22)

|<6>| BUF[HSK]: Peeked 74 bytes of Data

|<6>| BUF[HSK]: Emptied buffer

|<6>| BUF[HSK]: Inserted 4 bytes of Data

|<6>| BUF[HSK]: Inserted 2842 bytes of Data

|<7>| READ: Got 5 bytes from 5

|<7>| READ: read 5 bytes from 5

|<7>| 0000 - 16 03 01 02 0d

|<7>| RB: Have 0 bytes into buffer. Adding 5 bytes.

|<7>| RB: Requested 5 bytes

|<4>| REC[11ea380]: Expected Packet[2] Handshake(22) with length: 1

|<4>| REC[11ea380]: Received Packet[2] Handshake(22) with length: 525

|<7>| READ: Got 525 bytes from 5

|<7>| READ: read 525 bytes from 5

|<7>| 0000 - 0c 00 02 09 00 80 e6 96 9d 3d 49 5b e3 2c 7c f1

|<7>| 0001 - 80 c3 bd d4 79 8e 91 b7 81 82 51 bb 05 5e 2a 20

|<7>| 0002 - 64 90 4a 79 a7 70 fa 15 a2 59 cb d5 23 a6 a6 ef

|<7>| 0003 - 09 c4 30 48 d5 a2 2f 97 1f 3c 20 12 9b 48 00 0e

|<7>| 0004 - 6e dd 06 1c bc 05 3e 37 1d 79 4e 53 27 df 61 1e

|<7>| 0005 - bb be 1b ac 9b 5c 60 44 cf 02 3d 76 e0 5e ea 9b

|<7>| 0006 - ad 99 1b 13 a6 3c 97 4e 9e f1 83 9e b5 db 12 51

|<7>| 0007 - 36 f7 26 2e 56 a8 87 15 38 df d8 23 c6 50 50 85

|<7>| 0008 - e2 1f 0d d5 c8 6b 00 01 02 00 80 1d 78 2e 66 4a

|<7>| 0009 - 1f 22 5a 0d 43 a2 2f c5 be b9 18 ed fa 5b 12 f4

|<7>| 000a - 2b f7 b4 19 3d 3e 9b 40 b5 87 a8 5a 2a bd 9f fc

|<7>| 000b - cf f1 ef 56 13 6c b7 55 2e 4f ac 0b 4e 56 9a 94

|<7>| 000c - 2a 53 67 ae 10 56 ff 80 a0 48 4d 87 18 ce 8d 48

|<7>| 000d - 1f bd 47 6f 70 92 3c 0c d7 a5 eb 90 a0 b4 84 7a

|<7>| 000e - 83 64 32 41 47 00 ba 0b d3 78 fe 32 8d a2 4f 93

|<7>| 000f - 20 3b d7 36 5d 5c f9 eb 86 a1 17 5a 4e a4 7b 2f

|<7>| 0010 - 81 c6 b6 42 2e 74 ca db cc 57 e3 01 00 3c 84 29

|<7>| 0011 - 2e a6 fd 5b 9b f5 c4 71 49 98 6e 1d 99 e6 43 f3

|<7>| 0012 - 7c 40 de 60 28 00 a5 a5 5c d8 25 62 07 4a 00 4a

|<7>| 0013 - a0 4c 10 d6 93 99 bb c6 f5 a6 0c 93 8c 4a 65 34

|<7>| 0014 - 91 99 12 ca 61 e4 83 ef a5 c3 36 1b 2e 02 7e 9b

|<7>| 0015 - 91 25 bd a7 cd 40 ab ff 2c 2d c5 ca ee 1b cc 69

|<7>| 0016 - a7 40 89 33 9c 4f 4c dd 3c 97 5d a4 fc 77 eb 07

|<7>| 0017 - 5c 36 95 1d d2 8f 94 ea d4 02 35 5c cf f5 9d 21

|<7>| 0018 - d8 db f7 92 30 30 fc 3f 27 61 c3 44 70 ca fc ff

|<7>| 0019 - b6 e9 80 47 bc c7 ec d0 82 25 73 1c 61 52 ed d6

|<7>| 001a - a9 e6 e9 07 47 6c 1b 22 34 cc bd 7e 6b 89 7f ff

|<7>| 001b - fc 0c 64 b1 1b d7 24 f2 de e6 df 4a 60 83 e2 97

|<7>| 001c - f9 32 86 61 88 91 31 b4 62 66 9a 9e bc 67 33 c4

|<7>| 001d - 2a da 67 8a ec 0e 95 22 6b e1 12 05 1f 48 94 ad

|<7>| 001e - a4 e7 82 17 a0 5f 1b 24 38 ad 66 50 39 dc e9 43

|<7>| 001f - ef 21 9d 8c c2 28 90 6b d8 f3 83 f4 aa 6b d7 9c

|<7>| 0020 - c0 ff 53 b6 5b 9e 1a d6 79 c9 92 f9 b0

|<7>| RB: Have 5 bytes into buffer. Adding 525 bytes.

|<7>| RB: Requested 530 bytes

|<2>| ASSERT: gnutls_cipher.c:205

|<4>| REC[11ea380]: Decrypted Packet[2] Handshake(22) with length: 525

|<6>| BUF[HSK]: Inserted 525 bytes of Data(22)

|<6>| BUF[REC][HD]: Read 1 bytes of Data(22)

|<6>| BUF[REC][HD]: Read 3 bytes of Data(22)

|<3>| HSK[11ea380]: SERVER KEY EXCHANGE was received [525 bytes]

|<6>| BUF[REC][HD]: Read 521 bytes of Data(22)

|<6>| BUF[HSK]: Peeked 2846 bytes of Data

|<6>| BUF[HSK]: Emptied buffer

|<6>| BUF[HSK]: Inserted 4 bytes of Data

|<6>| BUF[HSK]: Inserted 521 bytes of Data

|<7>| READ: Got 5 bytes from 5

|<7>| READ: read 5 bytes from 5

|<7>| 0000 - 16 03 01 00 c3

|<7>| RB: Have 0 bytes into buffer. Adding 5 bytes.

|<7>| RB: Requested 5 bytes

|<4>| REC[11ea380]: Expected Packet[3] Handshake(22) with length: 1

|<4>| REC[11ea380]: Received Packet[3] Handshake(22) with length: 195

|<7>| READ: Got 195 bytes from 5

|<7>| READ: read 195 bytes from 5

|<7>| 0000 - 0d 00 00 bb 04 03 04 01 02 00 b4 00 b2 30 81 af

|<7>| 0001 - 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 10 30

|<7>| 0002 - 0e 06 03 55 04 08 13 07 41 6c 61 62 61 6d 61 31

|<7>| 0003 - 13 30 11 06 03 55 04 07 13 0a 48 75 6e 74 73 76

|<7>| 0004 - 69 6c 6c 65 31 15 30 13 06 03 55 04 0a 13 0c 44

|<7>| 0005 - 69 67 69 75 6d 2c 20 49 6e 63 2e 31 22 30 20 06

|<7>| 0006 - 03 55 04 0b 13 19 41 73 74 65 72 69 73 6b 20 44

|<7>| 0007 - 65 76 65 6c 6f 70 6d 65 6e 74 20 54 65 61 6d 31

|<7>| 0008 - 16 30 14 06 03 55 04 03 13 0d 44 69 67 69 75 6d

|<7>| 0009 - 20 53 56 4e 20 43 41 31 26 30 24 06 09 2a 86 48

|<7>| 000a - 86 f7 0d 01 09 01 16 17 61 73 74 65 72 69 73 6b

|<7>| 000b - 74 65 61 6d 40 64 69 67 69 75 6d 2e 63 6f 6d 0e

|<7>| 000c - 00 00 00

|<7>| RB: Have 5 bytes into buffer. Adding 195 bytes.

|<7>| RB: Requested 200 bytes

|<2>| ASSERT: gnutls_cipher.c:205

|<4>| REC[11ea380]: Decrypted Packet[3] Handshake(22) with length: 195

|<6>| BUF[HSK]: Inserted 195 bytes of Data(22)

|<6>| BUF[REC][HD]: Read 1 bytes of Data(22)

|<6>| BUF[REC][HD]: Read 3 bytes of Data(22)

|<3>| HSK[11ea380]: CERTIFICATE REQUEST was received [191 bytes]

|<6>| BUF[REC][HD]: Read 187 bytes of Data(22)

|<6>| BUF[HSK]: Peeked 525 bytes of Data

|<6>| BUF[HSK]: Emptied buffer

|<6>| BUF[HSK]: Inserted 4 bytes of Data

|<6>| BUF[HSK]: Inserted 187 bytes of Data

|<2>| ASSERT: pkcs12.c:1082

|<9>| salt.size: 8

|<9>| iterationCount: 2048

|<2>| ASSERT: pkcs12_bag.c:646

|<9>| salt.size: 8

|<9>| iterationCount: 2048

|<2>| ASSERT: dn.c:444

|<2>| ASSERT: dn.c:374

|<2>| ASSERT: dn.c:492

|<2>| ASSERT: dn.c:444

|<2>| ASSERT: dn.c:374

|<2>| ASSERT: dn.c:492

In client cert provider callback.

Supplying client certificate.

|<6>| BUF[REC][HD]: Read 1 bytes of Data(22)

|<6>| BUF[REC][HD]: Read 3 bytes of Data(22)

|<3>| HSK[11ea380]: SERVER HELLO DONE was received [4 bytes]

|<6>| BUF[HSK]: Peeked 191 bytes of Data

|<6>| BUF[HSK]: Emptied buffer

|<6>| BUF[HSK]: Inserted 4 bytes of Data

|<3>| HSK[11ea380]: CERTIFICATE was send [1421 bytes]

|<6>| BUF[HSK]: Peeked 4 bytes of Data

|<6>| BUF[HSK]: Emptied buffer

|<4>| REC[11ea380]: Sending Packet[1] Handshake(22) with length: 1421

|<2>| ASSERT: gnutls_cipher.c:205

|<7>| WRITE: Will write 1426 bytes to 5.

|<7>| WRITE: wrote 1426 bytes to 5. Left 0 bytes. Total 1426 bytes.

|<7>| 0000 - 16 03 01 05 8d 0b 00 05 89 00 05 86 00 05 83 30

|<7>| 0001 - 82 05 7f 30 82 04 67 a0 03 02 01 02 02 09 00 c5

|<7>| 0002 - 45 59 56 d9 a7 ac 12 30 0d 06 09 2a 86 48 86 f7

|<7>| 0003 - 0d 01 01 04 05 00 30 81 af 31 0b 30 09 06 03 55

|<7>| 0004 - 04 06 13 02 55 53 31 10 30 0e 06 03 55 04 08 13

|<7>| 0005 - 07 41 6c 61 62 61 6d 61 31 13 30 11 06 03 55 04

|<7>| 0006 - 07 13 0a 48 75 6e 74 73 76 69 6c 6c 65 31 15 30

|<7>| 0007 - 13 06 03 55 04 0a 13 0c 44 69 67 69 75 6d 2c 20

|<7>| 0008 - 49 6e 63 2e 31 22 30 20 06 03 55 04 0b 13 19 41

|<7>| 0009 - 73 74 65 72 69 73 6b 20 44 65 76 65 6c 6f 70 6d

|<7>| 000a - 65 6e 74 20 54 65 61 6d 31 16 30 14 06 03 55 04

|<7>| 000b - 03 13 0d 44 69 67 69 75 6d 20 53 56 4e 20 43 41

|<7>| 000c - 31 26 30 24 06 09 2a 86 48 86 f7 0d 01 09 01 16

|<7>| 000d - 17 61 73 74 65 72 69 73 6b 74 65 61 6d 40 64 69

|<7>| 000e - 67 69 75 6d 2e 63 6f 6d 30 1e 17 0d 30 35 31 31

|<7>| 000f - 32 35 32 33 33 31 34 37 5a 17 0d 31 35 31 31 32

|<7>| 0010 - 33 32 33 33 31 34 37 5a 30 81 af 31 0b 30 09 06

|<7>| 0011 - 03 55 04 06 13 02 55 53 31 10 30 0e 06 03 55 04

|<7>| 0012 - 08 13 07 41 6c 61 62 61 6d 61 31 13 30 11 06 03

|<7>| 0013 - 55 04 07 13 0a 48 75 6e 74 73 76 69 6c 6c 65 31

|<7>| 0014 - 15 30 13 06 03 55 04 0a 13 0c 44 69 67 69 75 6d

|<7>| 0015 - 2c 20 49 6e 63 2e 31 22 30 20 06 03 55 04 0b 13

|<7>| 0016 - 19 41 73 74 65 72 69 73 6b 20 44 65 76 65 6c 6f

|<7>| 0017 - 70 6d 65 6e 74 20 54 65 61 6d 31 16 30 14 06 03

|<7>| 0018 - 55 04 03 13 0d 44 69 67 69 75 6d 20 53 56 4e 20

|<7>| 0019 - 43 41 31 26 30 24 06 09 2a 86 48 86 f7 0d 01 09

|<7>| 001a - 01 16 17 61 73 74 65 72 69 73 6b 74 65 61 6d 40

|<7>| 001b - 64 69 67 69 75 6d 2e 63 6f 6d 30 82 01 22 30 0d

|<7>| 001c - 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01

|<7>| 001d - 0f 00 30 82 01 0a 02 82 01 01 00 e1 98 dd 86 39

|<7>| 001e - 24 bf 1a f6 2b d4 c3 e4 c4 26 69 e8 2c da bc 11

|<7>| 001f - 38 03 66 8a e6 3c 37 2d 1c 4a a7 4b 4f 4a 72 3e

|<7>| 0020 - e0 80 08 f1 c2 17 9a b5 d5 f1 a6 d8 64 f3 cc d1

|<7>| 0021 - 1b 04 cb b0 7d 75 87 52 9a 7a ea ab f2 64 f1 0e

|<7>| 0022 - d4 95 fa 60 a5 1e fa d6 5d 8a 55 a8 38 98 4d a7

|<7>| 0023 - 04 29 4c ad 2d 21 27 d5 87 b6 88 93 e2 fc 15 82

|<7>| 0024 - 6e b5 cc 7c 45 a5 88 0c 5d 71 29 f2 9d 95 ea 9c

|<7>| 0025 - ff 01 55 7b c7 de 8d 79 24 49 00 02 69 a9 ac fa

|<7>| 0026 - 39 e5 37 5d 49 f1 40 a7 62 c0 9e a2 21 d9 c5 21

|<7>| 0027 - a2 a9 83 99 65 82 8e 73 61 89 8c 1d 18 2f 38 29

|<7>| 0028 - 63 19 20 6a 42 a3 22 4c 08 73 8a 56 fd 0d a8 a7

|<7>| 0029 - 10 e8 ba e9 eb 90 ae 48 10 63 5a 33 13 bd 22 b8

|<7>| 002a - 50 a6 0d 18 4b d1 81 d2 60 27 7d 38 c6 f2 b5 2e

|<7>| 002b - ce ef 5a e1 86 33 ce 0d df 80 e9 b7 84 f3 f6 d1

|<7>| 002c - cf e1 b8 aa ad 9f 23 eb 04 58 0f c6 68 5f 3b e5

|<7>| 002d - f1 7c 9b 2c 63 bb 8b fa fd d5 25 02 03 01 00 01

|<7>| 002e - a3 82 01 9a 30 82 01 96 30 1d 06 03 55 1d 0e 04

|<7>| 002f - 16 04 14 50 d3 ee fd 08 95 06 26 16 49 04 90 bf

|<7>| 0030 - 35 02 11 30 92 bd 27 30 81 e4 06 03 55 1d 23 04

|<7>| 0031 - 81 dc 30 81 d9 80 14 50 d3 ee fd 08 95 06 26 16

|<7>| 0032 - 49 04 90 bf 35 02 11 30 92 bd 27 a1 81 b5 a4 81

|<7>| 0033 - b2 30 81 af 31 0b 30 09 06 03 55 04 06 13 02 55

|<7>| 0034 - 53 31 10 30 0e 06 03 55 04 08 13 07 41 6c 61 62

|<7>| 0035 - 61 6d 61 31 13 30 11 06 03 55 04 07 13 0a 48 75

|<7>| 0036 - 6e 74 73 76 69 6c 6c 65 31 15 30 13 06 03 55 04

|<7>| 0037 - 0a 13 0c 44 69 67 69 75 6d 2c 20 49 6e 63 2e 31

|<7>| 0038 - 22 30 20 06 03 55 04 0b 13 19 41 73 74 65 72 69

|<7>| 0039 - 73 6b 20 44 65 76 65 6c 6f 70 6d 65 6e 74 20 54

|<7>| 003a - 65 61 6d 31 16 30 14 06 03 55 04 03 13 0d 44 69

|<7>| 003b - 67 69 75 6d 20 53 56 4e 20 43 41 31 26 30 24 06

|<7>| 003c - 09 2a 86 48 86 f7 0d 01 09 01 16 17 61 73 74 65

|<7>| 003d - 72 69 73 6b 74 65 61 6d 40 64 69 67 69 75 6d 2e

|<7>| 003e - 63 6f 6d 82 09 00 c5 45 59 56 d9 a7 ac 12 30 0f

|<7>| 003f - 06 03 55 1d 13 01 01 ff 04 05 30 03 01 01 ff 30

|<7>| 0040 - 11 06 09 60 86 48 01 86 f8 42 01 01 04 04 03 02

|<7>| 0041 - 01 06 30 09 06 03 55 1d 12 04 02 30 00 30 2b 06

|<7>| 0042 - 09 60 86 48 01 86 f8 42 01 0d 04 1e 16 1c 54 69

|<7>| 0043 - 6e 79 43 41 20 47 65 6e 65 72 61 74 65 64 20 43

|<7>| 0044 - 65 72 74 69 66 69 63 61 74 65 30 22 06 03 55 1d

|<7>| 0045 - 11 04 1b 30 19 81 17 61 73 74 65 72 69 73 6b 74

|<7>| 0046 - 65 61 6d 40 64 69 67 69 75 6d 2e 63 6f 6d 30 0e

|<7>| 0047 - 06 03 55 1d 0f 01 01 ff 04 04 03 02 01 06 30 0d
|<7>| 0048 - 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 03 82 01
|<7>| 0049 - 01 00 59 1f 70 32 9d c6 b4 2d 27 02 66 38 d8 66
|<7>| 004a - c3 e6 5e be ef bd 24 3c c3 b9 05 76 ed f6 3c 0b
|<7>| 004b - 64 da 6b cd ff 0e 8a be 26 68 4d 89 ff 33 ce 08
|<7>| 004c - e9 1f 42 80 05 cf d0 f6 33 a4 82 99 c0 f0 45 7f
|<7>| 004d - ba 96 e6 f5 ae f3 d1 e9 bb 75 8b 69 2a 32 b2 44
|<7>| 004e - 0f f5 0d fb b3 f7 5f e8 50 1e 1f db dd f4 06 43
|<7>| 004f - 71 cc 1f 57 dd 5a e3 4c 0e a0 76 79 0a 93 bc 42
|<7>| 0050 - aa f5 b0 bc 59 e2 f0 63 8f 03 9e 51 97 d6 21 90
|<7>| 0051 - 14 e4 96 c1 d6 d7 9a 61 76 f3 7c 48 ee 3b 57 23
|<7>| 0052 - cb cd 76 fb dc 84 11 99 c7 fe 4c 36 6e 10 27 3c
|<7>| 0053 - 38 39 b9 32 fc f3 75 b8 d8 72 7c c2 4b 85 3f e8
|<7>| 0054 - a0 dc 02 bb a0 81 90 d7 82 0a c7 e1 5d a1 99 9e
|<7>| 0055 - 87 16 28 50 5e 47 32 34 c6 9d 2b 1a 06 74 89 61
|<7>| 0056 - 97 99 7b 86 68 a3 ef 1f 3a 58 c6 69 2a 89 75 ff
|<7>| 0057 - 82 75 52 d6 f6 9d d5 0a 42 2d 65 5d a4 39 d6 4c
|<7>| 0058 - da bd 76 6f af 9d c3 2b 72 80 c3 68 79 c6 4e 0b
|<7>| 0059 - 4b 6a
|<4>| REC[11ea380]: Sent Packet[2] Handshake(22) with length: 1426
|<3>| HSK[11ea380]: CLIENT KEY EXCHANGE was send [134 bytes]
|<6>| BUF[HSK]: Peeked 0 bytes of Data
|<6>| BUF[HSK]: Emptied buffer
|<4>| REC[11ea380]: Sending Packet[2] Handshake(22) with length: 134
|<2>| ASSERT: gnutls_cipher.c:205
|<7>| WRITE: Will write 139 bytes to 5.
|<7>| WRITE: wrote 139 bytes to 5. Left 0 bytes. Total 139 bytes.
|<7>| 0000 - 16 03 01 00 86 10 00 00 82 00 80 7a 6f 3b eb 5b
|<7>| 0001 - 36 5c ed 9b 77 53 d5 be ec af 56 32 9c fa 37 f9
|<7>| 0002 - e0 d4 31 90 a4 9e 31 43 6d ed e6 39 83 26 b1 6c
|<7>| 0003 - f2 3f 7d 1d a5 55 e1 8e bd 17 42 3e b2 4d e8 15
|<7>| 0004 - be 10 16 0f 98 49 0f 84 a2 08 41 0d 15 9c ab f2
|<7>| 0005 - f2 7f c8 dc d6 c1 d6 75 a8 d5 a5 78 d1 af 9e e7
|<7>| 0006 - 85 e5 40 c2 72 aa df 94 df 03 bf be 19 c2 94 10
|<7>| 0007 - 22 80 2c 04 36 cf e1 a1 8d b3 cd 6b 3b aa 52 25
|<7>| 0008 - bd 68 c8 2a b9 df 13 53 4f 27 81
|<4>| REC[11ea380]: Sent Packet[3] Handshake(22) with length: 139
|<2>| ASSERT: gnutls_sig.c:275
|<2>| ASSERT: gnutls_sig.c:117
|<2>| ASSERT: auth_cert.c:1405
|<2>| ASSERT: gnutls_kx.c:355
|<2>| ASSERT: gnutls_handshake.c:2402
|<6>| BUF[HSK]: Cleared Data from buffer
sess: Closing connection.
|<2>| ASSERT: gnutls_record.c:262
sess: Connection closed.
Request ends, status 0 class 0xx, error line:
SSL negotiation failed: SSL error: Key usage violation in certificate
has been detected.
Running destroy hooks.
Request ends.
svn: OPTIONS of 'https://origsvn.digium.com/svn/asterisk': SSL
negotiation failed: SSL error: Key usage violation in certificate has
been detected. (https://origsvn.digium.com)
sess: Destroying session.
sess: Destroying session.

--

-- 
Kevin P. Fleming
Director of Software Technologies
Digium, Inc. - "The Genuine Asterisk Experience" (TM)
Permalink | Reply | 2 comments |
headers
Nikos Mavrogiannopoulos | 3 Nov 2008 20:43

Re: Diffie Hellman

Martin Knappe wrote:
> hi
> 
> i have a question
> 
> i have seen source code where the server makes a call to
> gnutls_dh_set_prime_bits
> the way i understand it, this doesnt really make sense: the server suggests
> these parameters to the client, and the client only uses this function to
> determine whether the parameters offered by the server are acceptable,
> right?
> is there any point in calling gnutls_dh_set_prime_bits on the server side?

No, there is no point.

regards,
Nikos
Permalink | Reply | 0 comments |

Gmane