GnuTLS issue (Mandos Server/Client)

Adam Williamson awilliam at
Wed Apr 2 17:15:19 UTC 2014

On Wed, 2014-04-02 at 10:50 -0600, Nathanael D. Noblet wrote:
> Hello,
>   I'm working on getting a package (mandos) included in Fedora/EPEL.
> Currently its heavily focused on debian based distros so I'm not ready
> for a review. However I have it working in a few situations but have
> some issues in others. I'm hoping someone here may be able to shed light
> on what may be going on. So that I can finish adding the bits needed to
> be fully functional and then included.
>   So the whole thing works only if servers and clients are on the same
> OS version. Different errors are thrown for different combinations.
> Client OS  Server OS	Error
> F20        CentOS 6     TLS packet with unexpected length was received
> CentOS 6   F20          The TLS connection was non-properly terminated
> CentOS 6   CentOS 6     No error
> F20        F20          No error
> CentOS gnutls versions
> CentOS 6 = gnutls 2.8.5
> F20      = gnutls 3.1.20
> The server is a python app and sets the priority string as follows:
> priority=SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP
> this is fed to some gnutls function somewhere in the stack.
> I'm at a complete loss as to why it doesn't work. Pointers or docs or
> anything else that can help me figure out why an app can talk to itself
> as long as the same base OS is used would be GREATLY appreciated..

Well, have you tried the 'obvious' - building the newer gnutls on CentOS
6 (or the older on Fedora 20) and building mandos against that, to see
if the issue is in gnutls or somewhere else in the 'base system'? That'd
narrow it down at least.
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net

More information about the devel mailing list