Discussion:
HELP: Client-Server code for anonymous authentication NOT working
Mihir Kulkarni
2012-02-06 02:06:12 UTC
Permalink
Hello,
I am part of a team at University of California, Irvine who are trying our
hand at GNUTLS. We installed the package and all its dependencies. But when
trying with the example code given in the documentation, it throws up an
error. The details are:
I tried running the server and client with anonymous authentication. The
exact error that it gives is:

*CLIENT:*
***@GNU-Linux:~/GNUTLS/gnutls-2.8.6/client$ ./a.out
*** Handshake failed
GNUTLS ERROR: A TLS packet with unexpected length was received.

*SERVER:*
***@GNU-Linux:~/GNUTLS/gnutls-2.8.6/server$ ./a.out
Server ready. Listening to port '5556'.

- connection from 127.0.0.1, port 48108
*** Handshake has failed (A TLS packet with unexpected length was received.)

What is figured out so far is that the server goes into an infinite loop on
line 120 for the statements:
do
{
ret = gnutls_handshake (session);
printf("Do...\n");
}
while (gnutls_error_is_fatal (ret) == 0);


Can someone please tell me what might be going wrong?
Thank you for your help.

regards,
Mihir Kulkarni
Graduate Student
University of California, Irvine
http://goo.gl/CvRcG
Patrick Pelletier
2012-02-06 05:19:10 UTC
Permalink
This sounds like the same problem I ran into recently. I saw the
exact same behavior when I tried compiling the current version of the
example programs against the GnuTLS libraries that came with my
operating system. (GnuTLS 2.8.5 on Ubuntu 10.04.)

I'm assuming my issue (and therefore yours) is that I was running
example code that was meant for GnuTLS 3.x against an installed
library that was GnuTLS 2.x. (And, presumably the change in major
version indicates an incompatibility, although unfortunately in this
case it's a rather subtle one.)

When I installed the examples that were meant for the version of
GnuTLS I was actually using (by installing the "gnutls-doc" package on
Ubuntu, which put the example source code in /usr/share/doc/gnutls-doc/
examples), and compiled them, it worked fine.

(Presumably it would also work to build the latest GnuTLS from source,
and then use the latest example code, but that's not the approach I
went with, because I wanted to write code that would work with
Ubuntu's binary packages.)

In particular, the 3.x example code has the while loop you mentioned,
while the 2.x example code does not have the while loop.

(The example anonymous server is ex-anon-serv.c in both the 2.x and
3.x examples, but the anonymous client is called ex-client1.c in 2.x,
while it's called ex-anon-client.c in 3.x.)

I hope that helps,

--Patrick
Post by Mihir Kulkarni
Hello,
I am part of a team at University of California, Irvine who are
trying our hand at GNUTLS. We installed the package and all its
dependencies. But when trying with the example code given in the
I tried running the server and client with anonymous authentication.
*** Handshake failed
GNUTLS ERROR: A TLS packet with unexpected length was received.
Server ready. Listening to port '5556'.
- connection from 127.0.0.1, port 48108
*** Handshake has failed (A TLS packet with unexpected length was received.)
What is figured out so far is that the server goes into an infinite
do
{
ret = gnutls_handshake (session);
printf("Do...\n");
}
while (gnutls_error_is_fatal (ret) == 0);
Can someone please tell me what might be going wrong?
Thank you for your help.
regards,
Mihir Kulkarni
Graduate Student
University of California, Irvine
http://goo.gl/CvRcG
_______________________________________________
Help-gnutls mailing list
https://lists.gnu.org/mailman/listinfo/help-gnutls
Mihir Kulkarni
2012-02-06 05:24:33 UTC
Permalink
Hello Patrick,
Thats exactly my case! GnuTLS 2.8.6 on Ubuntu 10.04. Thanks a lot for the
prompt reply. Though I'm not at my machine right now, but I'll surely do
what you've said and let you know if I face any other problems. But yes,
your observations are exactly correct regarding the client and server code
in 2.x and 3.x!
I hadn't expected an early reply on Superbowl Sunday! [?] Anyways, thanks a
lot.

cheers,
Mihir Kulkarni
Graduate Student
University of California, Irvine
http://goo.gl/CvRcG



On Sun, Feb 5, 2012 at 9:19 PM, Patrick Pelletier
This sounds like the same problem I ran into recently. I saw the exact
same behavior when I tried compiling the current version of the example
programs against the GnuTLS libraries that came with my operating system.
(GnuTLS 2.8.5 on Ubuntu 10.04.)
I'm assuming my issue (and therefore yours) is that I was running example
code that was meant for GnuTLS 3.x against an installed library that was
GnuTLS 2.x. (And, presumably the change in major version indicates an
incompatibility, although unfortunately in this case it's a rather subtle
one.)
When I installed the examples that were meant for the version of GnuTLS I
was actually using (by installing the "gnutls-doc" package on Ubuntu, which
put the example source code in /usr/share/doc/gnutls-doc/examples), and
compiled them, it worked fine.
(Presumably it would also work to build the latest GnuTLS from source, and
then use the latest example code, but that's not the approach I went with,
because I wanted to write code that would work with Ubuntu's binary
packages.)
In particular, the 3.x example code has the while loop you mentioned,
while the 2.x example code does not have the while loop.
(The example anonymous server is ex-anon-serv.c in both the 2.x and 3.x
examples, but the anonymous client is called ex-client1.c in 2.x, while
it's called ex-anon-client.c in 3.x.)
I hope that helps,
--Patrick
Hello,
I am part of a team at University of California, Irvine who are trying our
hand at GNUTLS. We installed the package and all its dependencies. But when
trying with the example code given in the documentation, it throws up an
I tried running the server and client with anonymous authentication. The
*CLIENT:*
*** Handshake failed
GNUTLS ERROR: A TLS packet with unexpected length was received.
*SERVER:*
Server ready. Listening to port '5556'.
- connection from 127.0.0.1, port 48108
*** Handshake has failed (A TLS packet with unexpected length was received.)
What is figured out so far is that the server goes into an infinite loop
do
{
ret = gnutls_handshake (session);
printf("Do...\n");
}
while (gnutls_error_is_fatal (ret) == 0);
Can someone please tell me what might be going wrong?
Thank you for your help.
regards,
Mihir Kulkarni
Graduate Student
University of California, Irvine
http://goo.gl/CvRcG
_______________________________________________
Help-gnutls mailing list
https://lists.gnu.org/mailman/listinfo/help-gnutls
Nikos Mavrogiannopoulos
2012-02-07 18:27:51 UTC
Permalink
This sounds like the same problem I ran into recently. I saw the exact
same behavior when I tried compiling the current version of the example
programs against the GnuTLS libraries that came with my operating
system. (GnuTLS 2.8.5 on Ubuntu 10.04.)
I'm assuming my issue (and therefore yours) is that I was running
example code that was meant for GnuTLS 3.x against an installed library
that was GnuTLS 2.x. (And, presumably the change in major version
indicates an incompatibility, although unfortunately in this case it's a
rather subtle one.)
You are right. The example in the website enables elliptic curve
anonymous Diffie-Hellman which doesn't exist in gnutls 2. The error is
subtle because the examples do not include error checking and thus do
not catch the error in gnutls_priority_set_direct().

If you fix the priority string the same example should work as is.

regards,
Nikos

Continue reading on narkive:
Loading...