On 03.03.2011 09:57, Simon Josefsson wrote: > Vedran Furač <vedran.fu...@gmail.com> writes: > >> - subject `blahblah', issuer `blahblah', RSA key 1024 bits, signed >> using RSA-SHA, activated `2006-07-22 12:59:58 UTC', expires `2009-07-21 >> 12:59:58 UTC', SHA-1 fingerprint `ec5248b3194be9fda5639b59458962bc9bee32cc' > > Looks like one of certs had expired?
That could be the problem, but that would indicate a bug in the all previous versions of gnutls. Also note that same certificate works with apache, postfix, dovecot,... and their clients (firefox, thunderbird,...). > Please re-run with '-d 4711 -V' to > get more information. You removed the subject/issuer names so I cannot > tell if that is the trusted root CA cert or an intermediate cert. If it > is an intermediate untrusted cert, the error is expected. It's a self-signed certificate with more/less dummy data. I can't send it. ... |<7>| RB: Requested 1923 bytes |<4>| REC[0xc8cfd0]: Decrypted Packet[1] Handshake(22) with length: 1918 |<6>| BUF[HSK]: Inserted 1918 bytes of Data(22) |<6>| BUF[REC][HD]: Read 1 bytes of Data(22) |<6>| BUF[REC][HD]: Read 3 bytes of Data(22) |<3>| HSK[0xc8cfd0]: CERTIFICATE was received [1918 bytes] |<6>| BUF[REC][HD]: Read 1914 bytes of Data(22) |<6>| BUF[HSK]: Peeked 231 bytes of Data |<6>| BUF[HSK]: Emptied buffer |<6>| BUF[HSK]: Inserted 4 bytes of Data |<6>| BUF[HSK]: Inserted 1914 bytes of Data |<2>| ASSERT: mpi.c:606 |<2>| ASSERT: dn.c:1211 *** Verifying server certificate failed... |<2>| ASSERT: gnutls_kx.c:736 |<2>| ASSERT: gnutls_handshake.c:2804 |<6>| BUF[HSK]: Cleared Data from buffer *** Fatal error: Error in the certificate. |<4>| REC: Sending Alert[2|42] - Certificate is bad |<4>| REC[0xc8cfd0]: Sending Packet[1] Alert(21) with length: 2 |<7>| WRITE: Will write 7 bytes to 0x4. |<7>| WRITE: wrote 7 bytes to 0x4. Left 0 bytes. Total 7 bytes. |<7>| 0000 - 15 03 02 00 02 02 2a |<4>| REC[0xc8cfd0]: Sent Packet[2] Alert(21) with length: 7 *** Handshake has failed GnuTLS error: Error in the certificate. Regards, Vedran
<<attachment: vedran_furac.vcf>>
