FreeIPA packaging

Bug #997990
Comment #3

Comment 3 for bug 997990

Revision history for this message

pasqual milvaques (pasqual-milvaques) wrote on 2012-05-11:

the problem could be also reproduced with the gnutls-cli command. it seeems that's launching the handshake in an incompatible manner with the server.
the same comman from a centos box works (2.8.5 version of gnutls-cli). in the ubuntu box is version 2.12.14

root@ubuntuprovesfreeipa:/etc/ldap# gnutls-cli -d 4 -p 636 freeipaserver.linux.gva.es
Resolving 'freeipaserver.linux.gva.es'...
Connecting to '192.168.222.99:636'...
|<4>| REC[0x9b5bf68]: Allocating epoch #0
|<2>| ASSERT: gnutls_constate.c:695
|<4>| REC[0x9b5bf68]: Allocating epoch #1
|<3>| HSK[0x9b5bf68]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1
|<3>| HSK[0x9b5bf68]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA256
|<3>| HSK[0x9b5bf68]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[0x9b5bf68]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1
|<3>| HSK[0x9b5bf68]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA256
|<3>| HSK[0x9b5bf68]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[0x9b5bf68]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x9b5bf68]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1
|<3>| HSK[0x9b5bf68]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA256
|<3>| HSK[0x9b5bf68]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1
|<3>| HSK[0x9b5bf68]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1
|<3>| HSK[0x9b5bf68]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA256
|<3>| HSK[0x9b5bf68]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1
|<3>| HSK[0x9b5bf68]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[0x9b5bf68]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1
|<3>| HSK[0x9b5bf68]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1
|<3>| HSK[0x9b5bf68]: Keeping ciphersuite: RSA_AES_128_CBC_SHA256
|<3>| HSK[0x9b5bf68]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[0x9b5bf68]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1
|<3>| HSK[0x9b5bf68]: Keeping ciphersuite: RSA_AES_256_CBC_SHA256
|<3>| HSK[0x9b5bf68]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[0x9b5bf68]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x9b5bf68]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
|<3>| HSK[0x9b5bf68]: Keeping ciphersuite: RSA_ARCFOUR_MD5
|<2>| EXT[0x9b5bf68]: Sending extension SERVER NAME (31 bytes)
|<2>| EXT[0x9b5bf68]: Sending extension SAFE RENEGOTIATION (1 bytes)
|<2>| EXT[0x9b5bf68]: Sending extension SESSION TICKET (0 bytes)
|<2>| EXT[SIGA]: sent signature algo (4.2) DSA-SHA256
|<2>| EXT[SIGA]: sent signature algo (4.1) RSA-SHA256
|<2>| EXT[SIGA]: sent signature algo (2.1) RSA-SHA1
|<2>| EXT[SIGA]: sent signature algo (2.2) DSA-SHA1
|<2>| EXT[0x9b5bf68]: Sending extension SIGNATURE ALGORITHMS (10 bytes)
|<3>| HSK[0x9b5bf68]: CLIENT HELLO was sent [151 bytes]
|<4>| REC[0x9b5bf68]: Sending Packet[0] Handshake(22) with length: 151
|<4>| REC[0x9b5bf68]: Sent Packet[1] Handshake(22) with length: 156
|<2>| ASSERT: gnutls_buffers.c:640
|<2>| ASSERT: gnutls_record.c:969
|<2>| ASSERT: gnutls_handshake.c:2762
*** Fatal error: A TLS packet with unexpected length was received.
|<4>| REC: Sending Alert[2|22] - Record overflow
|<4>| REC[0x9b5bf68]: Sending Packet[1] Alert(21) with length: 2
|<4>| REC[0x9b5bf68]: Sent Packet[2] Alert(21) with length: 7
*** Handshake has failed
GnuTLS error: A TLS packet with unexpected length was received.
|<4>| REC[0x9b5bf68]: Epoch #0 freed
|<4>| REC[0x9b5bf68]: Epoch #1 freed
root@ubuntuprovesfreeipa:/etc/ldap#