CertificateVerify msg with rsae private_key and rsa-pss signature scheme.
Description of problem:
When a client generate CertificateVerify
msg with rsae private_key and with rsa-pss signature scheme, this type of conversation should be rejected with decrypt_error
or illegal_parameter
. GnuTLS continue in a this conversation with ChangeCipherSpec
msg.
Version of gnutls used:
Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
local compile on Fedora 27
How reproducible:
Steps to Reproduce:
- clone https://github.com/tomato42/tlsfuzzer repo
- run
scripts/test-rsa-pss-sigs-on-certificate-verify.py -k tests/clientX509Key.pem -c tests/clientX509Cert.pem -n 2 -s "4+1 8+9 8+4 4+3 8+7 5+1 8+10 8+5 5+3 6+1 8+11 8+6 6+3 2+1 2+3"
Actual results:
tlsfuzzer output
sanity ...
OK
RSA-PSS only ...
OK
check CertificateRequest sigalgs ...
OK
rsa_pss_pss_sha256 in CertificateVerify with rsa key ...
Error encountered while processing node <tlsfuzzer.expect.ExpectAlert object at 0x7f98b48a86a0> (child: <tlsfuzzer.expect.ExpectClose object at 0x7f98b48a8710>) with last message being: <tlslite.messages.Message object at 0x7f98b3d98dd8>
Error while processing
Traceback (most recent call last):
File "scripts/test-rsa-pss-sigs-on-certificate-verify.py", line 615, in main
runner.run()
File "/home/rkolcun/tls_repo/tlsfuzzer/tlsfuzzer/runner.py", line 217, in run
RecordHeader2)))
AssertionError: Unexpected message from peer: ChangeCipherSpec()
rsa_pss_pss_sha384 in CertificateVerify with rsa key ...
Error encountered while processing node <tlsfuzzer.expect.ExpectAlert object at 0x7f98b48a8b70> (child: <tlsfuzzer.expect.ExpectClose object at 0x7f98b48a8be0>) with last message being: <tlslite.messages.Message object at 0x7f98b3d9c4a8>
Error while processing
Traceback (most recent call last):
File "scripts/test-rsa-pss-sigs-on-certificate-verify.py", line 615, in main
runner.run()
File "/home/rkolcun/tls_repo/tlsfuzzer/tlsfuzzer/runner.py", line 217, in run
RecordHeader2)))
AssertionError: Unexpected message from peer: ChangeCipherSpec()
rsa_pss_pss_sha512 in CertificateVerify with rsa key ...
Error encountered while processing node <tlsfuzzer.expect.ExpectAlert object at 0x7f98b48ad080> (child: <tlsfuzzer.expect.ExpectClose object at 0x7f98b48ad0f0>) with last message being: <tlslite.messages.Message object at 0x7f98b3d9cfd0>
Error while processing
Traceback (most recent call last):
File "scripts/test-rsa-pss-sigs-on-certificate-verify.py", line 615, in main
runner.run()
File "/home/rkolcun/tls_repo/tlsfuzzer/tlsfuzzer/runner.py", line 217, in run
RecordHeader2)))
AssertionError: Unexpected message from peer: ChangeCipherSpec()
rsa_pss_rsae_sha256 in CertificateVerify ...
OK
rsa_pss_rsae_sha384 in CertificateVerify ...
OK
rsa_pss_rsae_sha512 in CertificateVerify ...
OK
rsa_pss_rsae_sha256 in CertificateVerify with incorrect salt len ...
OK
rsa_pss_rsae_sha384 in CertificateVerify with incorrect salt len ...
OK
rsa_pss_rsae_sha512 in CertificateVerify with incorrect salt len ...
OK
rsa_pss_rsae_sha256 signature in CertificateVerify with rsa_pkcs1_sha256 id ...
OK
short sig with rsa_pss_rsae_sha256 id ...
OK
malformed rsa-pss in CertificateVerify - xor 0x1 at 0 ...
OK
malformed rsa-pss in CertificateVerify - xor 0x2 at 0 ...
OK
sanity ...
OK
version: 2
Test end
successful: 14
failed: 3
'rsa_pss_pss_sha256 in CertificateVerify with rsa key'
'rsa_pss_pss_sha384 in CertificateVerify with rsa key'
'rsa_pss_pss_sha512 in CertificateVerify with rsa key'
GnuTLS output - just failed tests
Processed 1 CA certificate(s).
|<3>| ASSERT: x509_ext.c[gnutls_subject_alt_names_get]:110
|<3>| ASSERT: x509.c[get_alt_name]:1812
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: x509_ext.c[gnutls_subject_alt_names_get]:110
|<3>| ASSERT: x509.c[get_alt_name]:1812
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: x509_ext.c[gnutls_subject_alt_names_get]:110
|<3>| ASSERT: x509.c[get_alt_name]:1812
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: x509_ext.c[gnutls_subject_alt_names_get]:110
|<3>| ASSERT: x509.c[get_alt_name]:1812
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: attributes.c[_x509_parse_attribute]:103
|<3>| ASSERT: attributes.c[_x509_parse_attribute]:174
|<3>| ASSERT: x509_ext.c[gnutls_subject_alt_names_get]:110
|<3>| ASSERT: x509.c[get_alt_name]:1812
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
HTTP Server listening on IPv4 0.0.0.0 port 4433...done
HTTP Server listening on IPv6 :: port 4433...done
|<5>| REC[0x158b7f0]: Allocating epoch #0
|<2>| added 2 protocols, 43 ciphersuites, 18 sig algos and 9 groups into priority list
* Accepted connection from IPv4 127.0.0.1 port 55026 on Mon Dec 10 16:27:53 2018
|<5>| REC[0x158b7f0]: Allocating epoch #1
|<3>| ASSERT: buffers.c[get_last_packet]:1171
|<5>| REC[0x158b7f0]: SSL 3.0 Handshake packet received. Epoch 0, length: 99
|<5>| REC[0x158b7f0]: Expected Packet Handshake(22)
|<5>| REC[0x158b7f0]: Received Packet Handshake(22) with length: 99
|<5>| REC[0x158b7f0]: Decrypted Packet[0] Handshake(22) with length: 99
|<4>| HSK[0x158b7f0]: CLIENT HELLO (1) was received. Length 95[95], frag offset 0, frag length: 95, sequence: 0
|<4>| HSK[0x158b7f0]: Client's version: 3.3
|<3>| ASSERT: db.c[_gnutls_server_restore_session]:298
|<4>| EXT[0x158b7f0]: Parsing extension 'Signature Algorithms/13' (14 bytes)
|<4>| EXT[0x158b7f0]: rcvd signature algo (8.4) RSA-PSS-RSAE-SHA256
|<4>| EXT[0x158b7f0]: rcvd signature algo (8.5) RSA-PSS-RSAE-SHA384
|<4>| EXT[0x158b7f0]: rcvd signature algo (8.6) RSA-PSS-RSAE-SHA512
|<4>| EXT[0x158b7f0]: rcvd signature algo (8.9) RSA-PSS-SHA256
|<4>| EXT[0x158b7f0]: rcvd signature algo (8.10) RSA-PSS-SHA384
|<4>| EXT[0x158b7f0]: rcvd signature algo (8.11) RSA-PSS-SHA512
|<4>| HSK[0x158b7f0]: Received safe renegotiation CS
|<2>| checking c0.13 (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1) for compatibility
|<3>| ASSERT: server_name.c[gnutls_server_name_get]:235
|<4>| HSK[0x158b7f0]: Requested server name: ''
|<4>| HSK[0x158b7f0]: checking compat of GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1 with certificate[3] (RSA-PSS/X.509)
|<4>| checking cert compat with RSA-PSS-RSAE-SHA256
|<4>| checking cert compat with RSA-PSS-RSAE-SHA384
|<4>| checking cert compat with RSA-PSS-RSAE-SHA512
|<4>| checking cert compat with RSA-PSS-SHA256
|<4>| Selected signature algorithm: RSA-PSS-SHA256
|<2>| Selected (RSA-PSS) cert based on ciphersuite c0.13: GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1
|<4>| HSK[0x158b7f0]: Selected group SECP256R1 (2)
|<4>| HSK[0x158b7f0]: Selected cipher suite: GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1
|<4>| HSK[0x158b7f0]: Selected version TLS1.2
|<4>| HSK[0x158b7f0]: Safe renegotiation succeeded
|<4>| HSK[0x158b7f0]: SessionID: 719abe2cc6b2b34cd3a6c5bcdaf897759f241cefba32255c6e9665ffc1e8ac9d
|<4>| EXT[0x158b7f0]: Preparing extension (Maximum Record Size/1) for 'TLS 1.2 server hello'
|<4>| EXT[0x158b7f0]: Preparing extension (OCSP Status Request/5) for 'TLS 1.2 server hello'
|<4>| EXT[0x158b7f0]: Preparing extension (Client Certificate Type/19) for 'TLS 1.2 server hello'
|<4>| EXT[0x158b7f0]: Preparing extension (Server Certificate Type/20) for 'TLS 1.2 server hello'
|<4>| EXT[0x158b7f0]: Preparing extension (Supported Groups/10) for 'TLS 1.2 server hello'
|<4>| EXT[0x158b7f0]: Preparing extension (Supported EC Point Formats/11) for 'TLS 1.2 server hello'
|<4>| EXT[0x158b7f0]: Not sending extension (SRP/12) for 'TLS 1.2 server hello'
|<4>| EXT[0x158b7f0]: Not sending extension (Signature Algorithms/13) for 'TLS 1.2 server hello'
|<4>| EXT[0x158b7f0]: Preparing extension (SRTP/14) for 'TLS 1.2 server hello'
|<4>| EXT[0x158b7f0]: Preparing extension (Heartbeat/15) for 'TLS 1.2 server hello'
|<4>| EXT[0x158b7f0]: Preparing extension (ALPN/16) for 'TLS 1.2 server hello'
|<4>| EXT[0x158b7f0]: Preparing extension (Encrypt-then-MAC/22) for 'TLS 1.2 server hello'
|<4>| EXT[0x158b7f0]: Preparing extension (Extended Master Secret/23) for 'TLS 1.2 server hello'
|<4>| EXT[0x158b7f0]: Preparing extension (Session Ticket/35) for 'TLS 1.2 server hello'
|<4>| EXT[0x158b7f0]: Not sending extension (Key Share/51) for 'TLS 1.2 server hello'
|<4>| EXT[0x158b7f0]: Preparing extension (Supported Versions/43) for 'TLS 1.2 server hello'
|<4>| EXT[0x158b7f0]: Not sending extension (Post Handshake Auth/49) for 'TLS 1.2 server hello'
|<4>| EXT[0x158b7f0]: Preparing extension (Safe Renegotiation/65281) for 'TLS 1.2 server hello'
|<4>| EXT[0x158b7f0]: Sending extension Safe Renegotiation/65281 (1 bytes)
|<4>| EXT[0x158b7f0]: Preparing extension (Server Name Indication/0) for 'TLS 1.2 server hello'
|<4>| EXT[0x158b7f0]: Not sending extension (Cookie/44) for 'TLS 1.2 server hello'
|<4>| EXT[0x158b7f0]: Not sending extension (Early Data/42) for 'TLS 1.2 server hello'
|<4>| EXT[0x158b7f0]: Not sending extension (PSK Key Exchange Modes/45) for 'TLS 1.2 server hello'
|<4>| EXT[0x158b7f0]: Preparing extension (Record Size Limit/28) for 'TLS 1.2 server hello'
|<4>| EXT[0x158b7f0]: Not sending extension (ClientHello Padding/21) for 'TLS 1.2 server hello'
|<4>| EXT[0x158b7f0]: Not sending extension (Pre Shared Key/41) for 'TLS 1.2 server hello'
|<4>| HSK[0x158b7f0]: SERVER HELLO was queued [81 bytes]
|<4>| HSK[0x158b7f0]: CERTIFICATE was queued [871 bytes]
|<4>| HSK[0x158b7f0]: signing TLS 1.2 handshake data: using RSA-PSS-SHA256
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<4>| HSK[0x158b7f0]: SERVER KEY EXCHANGE was queued [333 bytes]
|<4>| EXT[0x158b7f0]: sent signature algo (4.1) RSA-SHA256
|<4>| EXT[0x158b7f0]: sent signature algo (8.9) RSA-PSS-SHA256
|<4>| EXT[0x158b7f0]: sent signature algo (8.4) RSA-PSS-RSAE-SHA256
|<4>| EXT[0x158b7f0]: sent signature algo (4.3) ECDSA-SHA256
|<4>| EXT[0x158b7f0]: sent signature algo (8.7) EdDSA-Ed25519
|<4>| EXT[0x158b7f0]: sent signature algo (5.1) RSA-SHA384
|<4>| EXT[0x158b7f0]: sent signature algo (8.10) RSA-PSS-SHA384
|<4>| EXT[0x158b7f0]: sent signature algo (8.5) RSA-PSS-RSAE-SHA384
|<4>| EXT[0x158b7f0]: sent signature algo (5.3) ECDSA-SHA384
|<4>| EXT[0x158b7f0]: sent signature algo (6.1) RSA-SHA512
|<4>| EXT[0x158b7f0]: sent signature algo (8.11) RSA-PSS-SHA512
|<4>| EXT[0x158b7f0]: sent signature algo (8.6) RSA-PSS-RSAE-SHA512
|<4>| EXT[0x158b7f0]: sent signature algo (6.3) ECDSA-SHA512
|<4>| EXT[0x158b7f0]: sent signature algo (2.1) RSA-SHA1
|<4>| EXT[0x158b7f0]: sent signature algo (2.3) ECDSA-SHA1
|<4>| HSK[0x158b7f0]: CERTIFICATE REQUEST was queued [71 bytes]
|<4>| HSK[0x158b7f0]: SERVER HELLO DONE was queued [4 bytes]
|<5>| REC[0x158b7f0]: Preparing Packet Handshake(22) with length: 81 and min pad: 0
|<5>| REC[0x158b7f0]: Sent Packet[1] Handshake(22) in epoch 0 and length: 86
|<5>| REC[0x158b7f0]: Preparing Packet Handshake(22) with length: 871 and min pad: 0
|<5>| REC[0x158b7f0]: Sent Packet[2] Handshake(22) in epoch 0 and length: 876
|<5>| REC[0x158b7f0]: Preparing Packet Handshake(22) with length: 333 and min pad: 0
|<5>| REC[0x158b7f0]: Sent Packet[3] Handshake(22) in epoch 0 and length: 338
|<5>| REC[0x158b7f0]: Preparing Packet Handshake(22) with length: 71 and min pad: 0
|<5>| REC[0x158b7f0]: Sent Packet[4] Handshake(22) in epoch 0 and length: 76
|<5>| REC[0x158b7f0]: Preparing Packet Handshake(22) with length: 4 and min pad: 0
|<5>| REC[0x158b7f0]: Sent Packet[5] Handshake(22) in epoch 0 and length: 9
|<3>| ASSERT: buffers.c[get_last_packet]:1171
|<5>| REC[0x158b7f0]: SSL 3.3 Handshake packet received. Epoch 0, length: 781
|<5>| REC[0x158b7f0]: Expected Packet Handshake(22)
|<5>| REC[0x158b7f0]: Received Packet Handshake(22) with length: 781
|<5>| REC[0x158b7f0]: Decrypted Packet[1] Handshake(22) with length: 781
|<4>| HSK[0x158b7f0]: CERTIFICATE (11) was received. Length 777[777], frag offset 0, frag length: 777, sequence: 0
- Peer's certificate was NOT verified.
|<3>| ASSERT: buffers.c[get_last_packet]:1171
|<5>| REC[0x158b7f0]: SSL 3.3 Handshake packet received. Epoch 0, length: 70
|<5>| REC[0x158b7f0]: Expected Packet Handshake(22)
|<5>| REC[0x158b7f0]: Received Packet Handshake(22) with length: 70
|<5>| REC[0x158b7f0]: Decrypted Packet[2] Handshake(22) with length: 70
|<4>| HSK[0x158b7f0]: CLIENT KEY EXCHANGE (16) was received. Length 66[66], frag offset 0, frag length: 66, sequence: 0
|<3>| ASSERT: buffers.c[get_last_packet]:1171
|<5>| REC[0x158b7f0]: SSL 3.3 Handshake packet received. Epoch 0, length: 264
|<5>| REC[0x158b7f0]: Expected Packet Handshake(22)
|<5>| REC[0x158b7f0]: Received Packet Handshake(22) with length: 264
|<5>| REC[0x158b7f0]: Decrypted Packet[3] Handshake(22) with length: 264
|<4>| HSK[0x158b7f0]: CERTIFICATE VERIFY (15) was received. Length 260[260], frag offset 0, frag length: 260, sequence: 0
|<4>| HSK[0x158b7f0]: verify cert vrfy: using RSA-PSS-SHA256
|<5>| REC[0x158b7f0]: SSL 3.3 ChangeCipherSpec packet received. Epoch 0, length: 1
|<5>| REC[0x158b7f0]: Expected Packet ChangeCipherSpec(20)
|<5>| REC[0x158b7f0]: Received Packet ChangeCipherSpec(20) with length: 1
|<5>| REC[0x158b7f0]: Decrypted Packet[4] ChangeCipherSpec(20) with length: 1
|<5>| REC[0x158b7f0]: Initializing epoch #1
|<5>| REC[0x158b7f0]: Epoch #1 ready
|<4>| HSK[0x158b7f0]: Cipher Suite: GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1
|<3>| ASSERT: buffers.c[get_last_packet]:1171
|<5>| REC[0x158b7f0]: SSL 3.3 Handshake packet received. Epoch 1, length: 64
|<5>| REC[0x158b7f0]: Expected Packet Handshake(22)
|<5>| REC[0x158b7f0]: Received Packet Handshake(22) with length: 64
|<5>| REC[0x158b7f0]: Decrypted Packet[0] Handshake(22) with length: 16
|<4>| HSK[0x158b7f0]: FINISHED (20) was received. Length 12[12], frag offset 0, frag length: 12, sequence: 0
|<4>| HSK[0x158b7f0]: recording tls-unique CB (recv)
|<4>| REC[0x158b7f0]: Sent ChangeCipherSpec
|<4>| HSK[0x158b7f0]: Cipher Suite: GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1
|<4>| HSK[0x158b7f0]: Initializing internal [write] cipher sessions
|<4>| HSK[0x158b7f0]: FINISHED was queued [16 bytes]
|<5>| REC[0x158b7f0]: Preparing Packet ChangeCipherSpec(20) with length: 1 and min pad: 0
|<5>| REC[0x158b7f0]: Sent Packet[6] ChangeCipherSpec(20) in epoch 0 and length: 6
|<5>| REC[0x158b7f0]: Preparing Packet Handshake(22) with length: 16 and min pad: 0
|<5>| REC[0x158b7f0]: Sent Packet[1] Handshake(22) in epoch 1 and length: 69
|<5>| REC[0x158b7f0]: Start of epoch cleanup
|<5>| REC[0x158b7f0]: Epoch #0 freed
|<5>| REC[0x158b7f0]: End of epoch cleanup
- Description: (TLS1.2)-(ECDHE-SECP256R1)-(RSA-PSS-SHA256)-(AES-128-CBC)-(SHA1
- Session ID: 71:9A:BE:2C:C6:B2:B3:4C:D3:A6:C5:BC:DA:F8:97:75:9F:24:1C:EF:BA:32:25:5C:6E:96:65:FF:C1:E8:AC:9D
|<3>| ASSERT: server_name.c[gnutls_server_name_get]:235
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: x509.c[gnutls_x509_crt_get_issuer_unique_id]:3946
|<3>| ASSERT: x509.c[gnutls_x509_crt_get_subject_unique_id]:3896
|<3>| ASSERT: common.c[_gnutls_copy_data]:1608
|<3>| ASSERT: x509.c[gnutls_x509_crt_get_signature]:1104
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
- X.509 Certificate Information:
Version: 3
Serial Number (hex): 00e941e48ca36c3efb
Issuer: CN=Some Client
Validity:
Not Before: Thu Mar 09 12:32:25 UTC 2017
Not After: Sat Apr 08 12:32:25 UTC 2017
Subject: CN=Some Client
Subject Public Key Algorithm: RSA
Algorithm Security Level: Medium (2048 bits)
Modulus (bits 2048):
00:ee:41:3a:a7:1a:17:08:4d:87:b0:2a:37:e8:15:88
a5:d0:c9:25:35:16:b0:69:b0:7e:26:df:46:0b:2c:6f
d0:71:a9:d1:25:48:4a:0c:55:92:39:1d:9e:f6:7a:85
82:99:c1:d9:39:60:82:23:b6:e8:69:f4:a3:21:76:5e
86:81:79:f0:77:ad:2a:2d:62:1e:fc:e9:82:83:6a:05
cc:c0:85:91:14:11:95:91:d1:30:92:c1:29:0b:eb:b6
25:5d:c3:03:dc:72:ca:24:f8:f7:5c:b9:31:3e:af:c0
43:70:89:d5:bd:63:fa:d9:75:f8:90:ee:15:44:62:f5
af:0a:89:8b:19:77:44:8a:9d:2b:00:f2:ee:96:75:05
6a:4a:27:10:63:ca:69:31:69:75:da:d9:d9:19:14:fd
6d:86:79:04:c0:21:b6:0e:09:a8:d2:a0:6c:45:c1:42
62:5f:78:f1:31:4f:9d:0d:31:d3:2d:ea:96:3c:8f:4d
5e:7c:61:2d:db:08:99:68:0d:2d:a7:e2:68:c2:bf:7d
40:07:24:c3:0e:a2:5e:a2:73:51:3d:3a:b6:d5:f5:81
8d:33:a3:06:dc:71:77:51:ea:82:94:d6:f6:25:36:46
8a:94:e1:7d:ed:a4:15:34:4d:8d:e6:04:86:a1:d4:a7
e7
Exponent (bits 24):
01:00:01
Extensions:
Subject Key Identifier (not critical):
871884be98ac62ed4eff823add5e71d4d7ff0c2c
Authority Key Identifier (not critical):
871884be98ac62ed4eff823add5e71d4d7ff0c2c
Basic Constraints (not critical):
Certificate Authority (CA): TRUE
Signature Algorithm: RSA-SHA256
Signature:
af:5f:59:44:2b:27:c3:51:2e:fb:54:67:d7:f5:ca:2d
1d:d6:51:85:ac:6b:35:a3:bf:c0:2a:15:80:65:ed:29
2b:7a:e7:70:38:ec:25:9e:4a:b0:6a:8e:b1:49:12:6f
90:a8:3c:7f:ee:25:8b:37:7a:03:c6:60:24:df:62:71
40:dd:25:7e:a5:13:83:f6:d9:b5:8b:15:34:6b:b6:4c
74:b0:c9:dc:a5:63:32:75:6d:3b:7f:d7:72:1a:bb:94
bd:37:9f:3a:94:b7:0c:11:21:a7:07:cb:67:60:86:ea
01:84:e6:46:49:a9:f4:f9:88:87:30:40:90:a5:83:12
b1:2a:e4:02:f8:77:54:0e:3b:de:ac:a6:c2:0b:c1:52
1e:ab:1b:50:2b:fd:11:1f:0f:a2:b6:80:11:4b:d6:3b
ce:bd:71:7f:9a:89:2a:a8:ac:d3:34:46:9e:36:75:3a
16:a0:77:77:c5:d6:19:bc:7e:f5:a9:b6:85:8a:e9:8f
16:a2:3f:00:9b:d3:df:32:2c:78:1c:db:a7:07:29:d7
8d:0d:9c:26:8e:59:37:b3:07:7c:67:32:62:cc:6c:95
d4:31:34:2e:67:94:a5:c6:3c:3d:1c:91:1c:63:0a:e6
23:a5:c3:91:46:28:77:22:60:e8:47:76:10:50:f4:2f
Other Information:
Fingerprint:
sha1:a2d9f67ac34fcae6cc001a09885bafb1c50d164e
sha256:42404563639e8d9a177ffa097eb544f567ceb4b072b173ed687e88f953b8c752
Public Key ID:
sha1:9fab74a798cb65aa5f89122bdaa7d79e88cd6da9
sha256:1023bf4bff192b23fee0c3802cfba4f053bb13ee3bfe377b8a10945bb36bb104
Public Key PIN:
pin-sha256:ECO/S/8ZKyP+4MOALPuk8FO7E+47/jd7ihCUW7NrsQQ=
-----BEGIN CERTIFICATE-----
MIIC/zCCAeegAwIBAgIJAOlB5IyjbD77MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
BAMMC1NvbWUgQ2xpZW50MB4XDTE3MDMwOTEyMzIyNVoXDTE3MDQwODEyMzIyNVow
FjEUMBIGA1UEAwwLU29tZSBDbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDuQTqnGhcITYewKjfoFYil0MklNRawabB+Jt9GCyxv0HGp0SVISgxV
kjkdnvZ6hYKZwdk5YIIjtuhp9KMhdl6GgXnwd60qLWIe/OmCg2oFzMCFkRQRlZHR
MJLBKQvrtiVdwwPccsok+PdcuTE+r8BDcInVvWP62XX4kO4VRGL1rwqJixl3RIqd
KwDy7pZ1BWpKJxBjymkxaXXa2dkZFP1thnkEwCG2Dgmo0qBsRcFCYl948TFPnQ0x
0y3qljyPTV58YS3bCJloDS2n4mjCv31AByTDDqJeonNRPTq21fWBjTOjBtxxd1Hq
gpTW9iU2RoqU4X3tpBU0TY3mBIah1KfnAgMBAAGjUDBOMB0GA1UdDgQWBBSHGIS+
mKxi7U7/gjrdXnHU1/8MLDAfBgNVHSMEGDAWgBSHGIS+mKxi7U7/gjrdXnHU1/8M
LDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCvX1lEKyfDUS77VGfX
9cotHdZRhaxrNaO/wCoVgGXtKSt653A47CWeSrBqjrFJEm+QqDx/7iWLN3oDxmAk
32JxQN0lfqUTg/bZtYsVNGu2THSwydylYzJ1bTt/13Iau5S9N586lLcMESGnB8tn
YIbqAYTmRkmp9PmIhzBAkKWDErEq5AL4d1QOO96spsILwVIeqxtQK/0RHw+itoAR
S9Y7zr1xf5qJKqis0zRGnjZ1Ohagd3fF1hm8fvWptoWK6Y8Woj8Am9PfMix4HNun
BynXjQ2cJo5ZN7MHfGcyYsxsldQxNC5nlKXGPD0ckRxjCuYjpcORRih3ImDoR3YQ
UPQv
-----END CERTIFICATE-----
- Ephemeral EC Diffie-Hellman parameters
- Using curve: SECP256R1
- Curve size: 256 bits
- Version: TLS1.2
- Key Exchange: ECDHE-RSA
- Server Signature: RSA-PSS-SHA256
- Client Signature: RSA-PSS-SHA256
- Cipher: AES-128-CBC
- MAC: SHA1
|<3>| ASSERT: ocsp-api.c[gnutls_ocsp_status_request_get2]:93
|<3>| ASSERT: ocsp-api.c[gnutls_ocsp_status_request_is_checked]:627
- Options: safe renegotiation,
|<3>| ASSERT: srtp.c[gnutls_srtp_get_selected_profile]:320
|<3>| ASSERT: alpn.c[gnutls_alpn_get_selected_protocol]:255
- Channel binding 'tls-unique': e767fbb9bb357fd49455c1b7
|<3>| ASSERT: buffers.c[_gnutls_stream_read]:369
|<3>| ASSERT: buffers.c[_gnutls_io_read_buffered]:589
|<3>| ASSERT: record.c[recv_headers]:1169
|<3>| ASSERT: record.c[_gnutls_recv_in_buffers]:1300
|<3>| ASSERT: record.c[_gnutls_recv_int]:1709
Error while receiving data
|<5>| REC: Sending Alert[2|80] - Internal error
|<5>| REC[0x158b7f0]: Preparing Packet Alert(21) with length: 2 and min pad: 0
|<2>| WRITE: -1 returned from 0x5, errno: 32
|<3>| ASSERT: buffers.c[errno_to_gerr]:230
|<3>| ASSERT: buffers.c[_gnutls_io_write_flush]:722
|<3>| ASSERT: record.c[_gnutls_send_tlen_int]:572
Error: Error in the pull function.
|<5>| REC[0x158b7f0]: Start of epoch cleanup
|<5>| REC[0x158b7f0]: End of epoch cleanup
|<5>| REC[0x158b7f0]: Epoch #1 freed
|<5>| REC[0x15918e0]: Allocating epoch #0
|<2>| added 2 protocols, 43 ciphersuites, 18 sig algos and 9 groups into priority list
* Accepted connection from IPv4 127.0.0.1 port 55028 on Mon Dec 10 16:27:53 2018
|<5>| REC[0x15918e0]: Allocating epoch #1
|<3>| ASSERT: buffers.c[get_last_packet]:1171
|<5>| REC[0x15918e0]: SSL 3.0 Handshake packet received. Epoch 0, length: 99
|<5>| REC[0x15918e0]: Expected Packet Handshake(22)
|<5>| REC[0x15918e0]: Received Packet Handshake(22) with length: 99
|<5>| REC[0x15918e0]: Decrypted Packet[0] Handshake(22) with length: 99
|<4>| HSK[0x15918e0]: CLIENT HELLO (1) was received. Length 95[95], frag offset 0, frag length: 95, sequence: 0
|<4>| HSK[0x15918e0]: Client's version: 3.3
|<3>| ASSERT: db.c[_gnutls_server_restore_session]:298
|<4>| EXT[0x15918e0]: Parsing extension 'Signature Algorithms/13' (14 bytes)
|<4>| EXT[0x15918e0]: rcvd signature algo (8.4) RSA-PSS-RSAE-SHA256
|<4>| EXT[0x15918e0]: rcvd signature algo (8.5) RSA-PSS-RSAE-SHA384
|<4>| EXT[0x15918e0]: rcvd signature algo (8.6) RSA-PSS-RSAE-SHA512
|<4>| EXT[0x15918e0]: rcvd signature algo (8.9) RSA-PSS-SHA256
|<4>| EXT[0x15918e0]: rcvd signature algo (8.10) RSA-PSS-SHA384
|<4>| EXT[0x15918e0]: rcvd signature algo (8.11) RSA-PSS-SHA512
|<4>| HSK[0x15918e0]: Received safe renegotiation CS
|<2>| checking c0.13 (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1) for compatibility
|<3>| ASSERT: server_name.c[gnutls_server_name_get]:235
|<4>| HSK[0x15918e0]: Requested server name: ''
|<4>| HSK[0x15918e0]: checking compat of GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1 with certificate[3] (RSA-PSS/X.509)
|<4>| checking cert compat with RSA-PSS-RSAE-SHA256
|<4>| checking cert compat with RSA-PSS-RSAE-SHA384
|<4>| checking cert compat with RSA-PSS-RSAE-SHA512
|<4>| checking cert compat with RSA-PSS-SHA256
|<4>| Selected signature algorithm: RSA-PSS-SHA256
|<2>| Selected (RSA-PSS) cert based on ciphersuite c0.13: GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1
|<4>| HSK[0x15918e0]: Selected group SECP256R1 (2)
|<4>| HSK[0x15918e0]: Selected cipher suite: GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1
|<4>| HSK[0x15918e0]: Selected version TLS1.2
|<4>| HSK[0x15918e0]: Safe renegotiation succeeded
|<4>| HSK[0x15918e0]: SessionID: 26036a285eb03470ebf63e2c3f6821568c435a56926e206e2bdea4a718c3f8ff
|<4>| EXT[0x15918e0]: Preparing extension (Maximum Record Size/1) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Preparing extension (OCSP Status Request/5) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Preparing extension (Client Certificate Type/19) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Preparing extension (Server Certificate Type/20) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Preparing extension (Supported Groups/10) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Preparing extension (Supported EC Point Formats/11) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Not sending extension (SRP/12) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Not sending extension (Signature Algorithms/13) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Preparing extension (SRTP/14) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Preparing extension (Heartbeat/15) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Preparing extension (ALPN/16) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Preparing extension (Encrypt-then-MAC/22) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Preparing extension (Extended Master Secret/23) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Preparing extension (Session Ticket/35) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Not sending extension (Key Share/51) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Preparing extension (Supported Versions/43) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Not sending extension (Post Handshake Auth/49) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Preparing extension (Safe Renegotiation/65281) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Sending extension Safe Renegotiation/65281 (1 bytes)
|<4>| EXT[0x15918e0]: Preparing extension (Server Name Indication/0) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Not sending extension (Cookie/44) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Not sending extension (Early Data/42) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Not sending extension (PSK Key Exchange Modes/45) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Preparing extension (Record Size Limit/28) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Not sending extension (ClientHello Padding/21) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Not sending extension (Pre Shared Key/41) for 'TLS 1.2 server hello'
|<4>| HSK[0x15918e0]: SERVER HELLO was queued [81 bytes]
|<4>| HSK[0x15918e0]: CERTIFICATE was queued [871 bytes]
|<4>| HSK[0x15918e0]: signing TLS 1.2 handshake data: using RSA-PSS-SHA256
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<4>| HSK[0x15918e0]: SERVER KEY EXCHANGE was queued [333 bytes]
|<4>| EXT[0x15918e0]: sent signature algo (4.1) RSA-SHA256
|<4>| EXT[0x15918e0]: sent signature algo (8.9) RSA-PSS-SHA256
|<4>| EXT[0x15918e0]: sent signature algo (8.4) RSA-PSS-RSAE-SHA256
|<4>| EXT[0x15918e0]: sent signature algo (4.3) ECDSA-SHA256
|<4>| EXT[0x15918e0]: sent signature algo (8.7) EdDSA-Ed25519
|<4>| EXT[0x15918e0]: sent signature algo (5.1) RSA-SHA384
|<4>| EXT[0x15918e0]: sent signature algo (8.10) RSA-PSS-SHA384
|<4>| EXT[0x15918e0]: sent signature algo (8.5) RSA-PSS-RSAE-SHA384
|<4>| EXT[0x15918e0]: sent signature algo (5.3) ECDSA-SHA384
|<4>| EXT[0x15918e0]: sent signature algo (6.1) RSA-SHA512
|<4>| EXT[0x15918e0]: sent signature algo (8.11) RSA-PSS-SHA512
|<4>| EXT[0x15918e0]: sent signature algo (8.6) RSA-PSS-RSAE-SHA512
|<4>| EXT[0x15918e0]: sent signature algo (6.3) ECDSA-SHA512
|<4>| EXT[0x15918e0]: sent signature algo (2.1) RSA-SHA1
|<4>| EXT[0x15918e0]: sent signature algo (2.3) ECDSA-SHA1
|<4>| HSK[0x15918e0]: CERTIFICATE REQUEST was queued [71 bytes]
|<4>| HSK[0x15918e0]: SERVER HELLO DONE was queued [4 bytes]
|<5>| REC[0x15918e0]: Preparing Packet Handshake(22) with length: 81 and min pad: 0
|<5>| REC[0x15918e0]: Sent Packet[1] Handshake(22) in epoch 0 and length: 86
|<5>| REC[0x15918e0]: Preparing Packet Handshake(22) with length: 871 and min pad: 0
|<5>| REC[0x15918e0]: Sent Packet[2] Handshake(22) in epoch 0 and length: 876
|<5>| REC[0x15918e0]: Preparing Packet Handshake(22) with length: 333 and min pad: 0
|<5>| REC[0x15918e0]: Sent Packet[3] Handshake(22) in epoch 0 and length: 338
|<5>| REC[0x15918e0]: Preparing Packet Handshake(22) with length: 71 and min pad: 0
|<5>| REC[0x15918e0]: Sent Packet[4] Handshake(22) in epoch 0 and length: 76
|<5>| REC[0x15918e0]: Preparing Packet Handshake(22) with length: 4 and min pad: 0
|<5>| REC[0x15918e0]: Sent Packet[5] Handshake(22) in epoch 0 and length: 9
|<3>| ASSERT: buffers.c[get_last_packet]:1171
|<5>| REC[0x15918e0]: SSL 3.3 Handshake packet received. Epoch 0, length: 781
|<5>| REC[0x15918e0]: Expected Packet Handshake(22)
|<5>| REC[0x15918e0]: Received Packet Handshake(22) with length: 781
|<5>| REC[0x15918e0]: Decrypted Packet[1] Handshake(22) with length: 781
|<4>| HSK[0x15918e0]: CERTIFICATE (11) was received. Length 777[777], frag offset 0, frag length: 777, sequence: 0
- Peer's certificate was NOT verified.
|<3>| ASSERT: buffers.c[get_last_packet]:1171
|<5>| REC[0x15918e0]: SSL 3.3 Handshake packet received. Epoch 0, length: 70
|<5>| REC[0x15918e0]: Expected Packet Handshake(22)
|<5>| REC[0x15918e0]: Received Packet Handshake(22) with length: 70
|<5>| REC[0x15918e0]: Decrypted Packet[2] Handshake(22) with length: 70
|<4>| HSK[0x15918e0]: CLIENT KEY EXCHANGE (16) was received. Length 66[66], frag offset 0, frag length: 66, sequence: 0
|<3>| ASSERT: buffers.c[get_last_packet]:1171
|<5>| REC[0x15918e0]: SSL 3.3 Handshake packet received. Epoch 0, length: 264
|<5>| REC[0x15918e0]: Expected Packet Handshake(22)
|<5>| REC[0x15918e0]: Received Packet Handshake(22) with length: 264
|<5>| REC[0x15918e0]: Decrypted Packet[3] Handshake(22) with length: 264
|<4>| HSK[0x15918e0]: CERTIFICATE VERIFY (15) was received. Length 260[260], frag offset 0, frag length: 260, sequence: 0
|<4>| HSK[0x15918e0]: verify cert vrfy: using RSA-PSS-SHA384
|<5>| REC[0x15918e0]: SSL 3.3 ChangeCipherSpec packet received. Epoch 0, length: 1
|<5>| REC[0x15918e0]: Expected Packet ChangeCipherSpec(20)
|<5>| REC[0x15918e0]: Received Packet ChangeCipherSpec(20) with length: 1
|<5>| REC[0x15918e0]: Decrypted Packet[4] ChangeCipherSpec(20) with length: 1
|<5>| REC[0x15918e0]: Initializing epoch #1
|<5>| REC[0x15918e0]: Epoch #1 ready
|<4>| HSK[0x15918e0]: Cipher Suite: GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1
|<3>| ASSERT: buffers.c[get_last_packet]:1171
|<5>| REC[0x15918e0]: SSL 3.3 Handshake packet received. Epoch 1, length: 64
|<5>| REC[0x15918e0]: Expected Packet Handshake(22)
|<5>| REC[0x15918e0]: Received Packet Handshake(22) with length: 64
|<5>| REC[0x15918e0]: Decrypted Packet[0] Handshake(22) with length: 16
|<4>| HSK[0x15918e0]: FINISHED (20) was received. Length 12[12], frag offset 0, frag length: 12, sequence: 0
|<4>| HSK[0x15918e0]: recording tls-unique CB (recv)
|<4>| REC[0x15918e0]: Sent ChangeCipherSpec
|<4>| HSK[0x15918e0]: Cipher Suite: GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1
|<4>| HSK[0x15918e0]: Initializing internal [write] cipher sessions
|<4>| HSK[0x15918e0]: FINISHED was queued [16 bytes]
|<5>| REC[0x15918e0]: Preparing Packet ChangeCipherSpec(20) with length: 1 and min pad: 0
|<5>| REC[0x15918e0]: Sent Packet[6] ChangeCipherSpec(20) in epoch 0 and length: 6
|<5>| REC[0x15918e0]: Preparing Packet Handshake(22) with length: 16 and min pad: 0
|<5>| REC[0x15918e0]: Sent Packet[1] Handshake(22) in epoch 1 and length: 69
|<5>| REC[0x15918e0]: Start of epoch cleanup
|<5>| REC[0x15918e0]: Epoch #0 freed
|<5>| REC[0x15918e0]: End of epoch cleanup
- Description: (TLS1.2)-(ECDHE-SECP256R1)-(RSA-PSS-SHA256)-(AES-128-CBC)-(SHA1
- Session ID: 26:03:6A:28:5E:B0:34:70:EB:F6:3E:2C:3F:68:21:56:8C:43:5A:56:92:6E:20:6E:2B:DE:A4:A7:18:C3:F8:FF
|<3>| ASSERT: server_name.c[gnutls_server_name_get]:235
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: x509.c[gnutls_x509_crt_get_issuer_unique_id]:3946
|<3>| ASSERT: x509.c[gnutls_x509_crt_get_subject_unique_id]:3896
|<3>| ASSERT: common.c[_gnutls_copy_data]:1608
|<3>| ASSERT: x509.c[gnutls_x509_crt_get_signature]:1104
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
- X.509 Certificate Information:
Version: 3
Serial Number (hex): 00e941e48ca36c3efb
Issuer: CN=Some Client
Validity:
Not Before: Thu Mar 09 12:32:25 UTC 2017
Not After: Sat Apr 08 12:32:25 UTC 2017
Subject: CN=Some Client
Subject Public Key Algorithm: RSA
Algorithm Security Level: Medium (2048 bits)
Modulus (bits 2048):
00:ee:41:3a:a7:1a:17:08:4d:87:b0:2a:37:e8:15:88
a5:d0:c9:25:35:16:b0:69:b0:7e:26:df:46:0b:2c:6f
d0:71:a9:d1:25:48:4a:0c:55:92:39:1d:9e:f6:7a:85
82:99:c1:d9:39:60:82:23:b6:e8:69:f4:a3:21:76:5e
86:81:79:f0:77:ad:2a:2d:62:1e:fc:e9:82:83:6a:05
cc:c0:85:91:14:11:95:91:d1:30:92:c1:29:0b:eb:b6
25:5d:c3:03:dc:72:ca:24:f8:f7:5c:b9:31:3e:af:c0
43:70:89:d5:bd:63:fa:d9:75:f8:90:ee:15:44:62:f5
af:0a:89:8b:19:77:44:8a:9d:2b:00:f2:ee:96:75:05
6a:4a:27:10:63:ca:69:31:69:75:da:d9:d9:19:14:fd
6d:86:79:04:c0:21:b6:0e:09:a8:d2:a0:6c:45:c1:42
62:5f:78:f1:31:4f:9d:0d:31:d3:2d:ea:96:3c:8f:4d
5e:7c:61:2d:db:08:99:68:0d:2d:a7:e2:68:c2:bf:7d
40:07:24:c3:0e:a2:5e:a2:73:51:3d:3a:b6:d5:f5:81
8d:33:a3:06:dc:71:77:51:ea:82:94:d6:f6:25:36:46
8a:94:e1:7d:ed:a4:15:34:4d:8d:e6:04:86:a1:d4:a7
e7
Exponent (bits 24):
01:00:01
Extensions:
Subject Key Identifier (not critical):
871884be98ac62ed4eff823add5e71d4d7ff0c2c
Authority Key Identifier (not critical):
871884be98ac62ed4eff823add5e71d4d7ff0c2c
Basic Constraints (not critical):
Certificate Authority (CA): TRUE
Signature Algorithm: RSA-SHA256
Signature:
af:5f:59:44:2b:27:c3:51:2e:fb:54:67:d7:f5:ca:2d
1d:d6:51:85:ac:6b:35:a3:bf:c0:2a:15:80:65:ed:29
2b:7a:e7:70:38:ec:25:9e:4a:b0:6a:8e:b1:49:12:6f
90:a8:3c:7f:ee:25:8b:37:7a:03:c6:60:24:df:62:71
40:dd:25:7e:a5:13:83:f6:d9:b5:8b:15:34:6b:b6:4c
74:b0:c9:dc:a5:63:32:75:6d:3b:7f:d7:72:1a:bb:94
bd:37:9f:3a:94:b7:0c:11:21:a7:07:cb:67:60:86:ea
01:84:e6:46:49:a9:f4:f9:88:87:30:40:90:a5:83:12
b1:2a:e4:02:f8:77:54:0e:3b:de:ac:a6:c2:0b:c1:52
1e:ab:1b:50:2b:fd:11:1f:0f:a2:b6:80:11:4b:d6:3b
ce:bd:71:7f:9a:89:2a:a8:ac:d3:34:46:9e:36:75:3a
16:a0:77:77:c5:d6:19:bc:7e:f5:a9:b6:85:8a:e9:8f
16:a2:3f:00:9b:d3:df:32:2c:78:1c:db:a7:07:29:d7
8d:0d:9c:26:8e:59:37:b3:07:7c:67:32:62:cc:6c:95
d4:31:34:2e:67:94:a5:c6:3c:3d:1c:91:1c:63:0a:e6
23:a5:c3:91:46:28:77:22:60:e8:47:76:10:50:f4:2f
Other Information:
Fingerprint:
sha1:a2d9f67ac34fcae6cc001a09885bafb1c50d164e
sha256:42404563639e8d9a177ffa097eb544f567ceb4b072b173ed687e88f953b8c752
Public Key ID:
sha1:9fab74a798cb65aa5f89122bdaa7d79e88cd6da9
sha256:1023bf4bff192b23fee0c3802cfba4f053bb13ee3bfe377b8a10945bb36bb104
Public Key PIN:
pin-sha256:ECO/S/8ZKyP+4MOALPuk8FO7E+47/jd7ihCUW7NrsQQ=
-----BEGIN CERTIFICATE-----
MIIC/zCCAeegAwIBAgIJAOlB5IyjbD77MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
BAMMC1NvbWUgQ2xpZW50MB4XDTE3MDMwOTEyMzIyNVoXDTE3MDQwODEyMzIyNVow
FjEUMBIGA1UEAwwLU29tZSBDbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDuQTqnGhcITYewKjfoFYil0MklNRawabB+Jt9GCyxv0HGp0SVISgxV
kjkdnvZ6hYKZwdk5YIIjtuhp9KMhdl6GgXnwd60qLWIe/OmCg2oFzMCFkRQRlZHR
MJLBKQvrtiVdwwPccsok+PdcuTE+r8BDcInVvWP62XX4kO4VRGL1rwqJixl3RIqd
KwDy7pZ1BWpKJxBjymkxaXXa2dkZFP1thnkEwCG2Dgmo0qBsRcFCYl948TFPnQ0x
0y3qljyPTV58YS3bCJloDS2n4mjCv31AByTDDqJeonNRPTq21fWBjTOjBtxxd1Hq
gpTW9iU2RoqU4X3tpBU0TY3mBIah1KfnAgMBAAGjUDBOMB0GA1UdDgQWBBSHGIS+
mKxi7U7/gjrdXnHU1/8MLDAfBgNVHSMEGDAWgBSHGIS+mKxi7U7/gjrdXnHU1/8M
LDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCvX1lEKyfDUS77VGfX
9cotHdZRhaxrNaO/wCoVgGXtKSt653A47CWeSrBqjrFJEm+QqDx/7iWLN3oDxmAk
32JxQN0lfqUTg/bZtYsVNGu2THSwydylYzJ1bTt/13Iau5S9N586lLcMESGnB8tn
YIbqAYTmRkmp9PmIhzBAkKWDErEq5AL4d1QOO96spsILwVIeqxtQK/0RHw+itoAR
S9Y7zr1xf5qJKqis0zRGnjZ1Ohagd3fF1hm8fvWptoWK6Y8Woj8Am9PfMix4HNun
BynXjQ2cJo5ZN7MHfGcyYsxsldQxNC5nlKXGPD0ckRxjCuYjpcORRih3ImDoR3YQ
UPQv
-----END CERTIFICATE-----
- Ephemeral EC Diffie-Hellman parameters
- Using curve: SECP256R1
- Curve size: 256 bits
- Version: TLS1.2
- Key Exchange: ECDHE-RSA
- Server Signature: RSA-PSS-SHA256
- Client Signature: RSA-PSS-SHA384
- Cipher: AES-128-CBC
- MAC: SHA1
|<3>| ASSERT: ocsp-api.c[gnutls_ocsp_status_request_get2]:93
|<3>| ASSERT: ocsp-api.c[gnutls_ocsp_status_request_is_checked]:627
- Options: safe renegotiation,
|<3>| ASSERT: srtp.c[gnutls_srtp_get_selected_profile]:320
|<3>| ASSERT: alpn.c[gnutls_alpn_get_selected_protocol]:255
- Channel binding 'tls-unique': 97e91ab7cbd7b98488cfa776
|<3>| ASSERT: buffers.c[_gnutls_stream_read]:369
|<3>| ASSERT: buffers.c[_gnutls_io_read_buffered]:589
|<3>| ASSERT: record.c[recv_headers]:1169
|<3>| ASSERT: record.c[_gnutls_recv_in_buffers]:1300
|<3>| ASSERT: record.c[_gnutls_recv_int]:1709
Error while receiving data
|<5>| REC: Sending Alert[2|80] - Internal error
|<5>| REC[0x15918e0]: Preparing Packet Alert(21) with length: 2 and min pad: 0
|<2>| WRITE: -1 returned from 0x5, errno: 32
|<3>| ASSERT: buffers.c[errno_to_gerr]:230
|<3>| ASSERT: buffers.c[_gnutls_io_write_flush]:722
|<3>| ASSERT: record.c[_gnutls_send_tlen_int]:572
Error: Error in the pull function.
|<5>| REC[0x15918e0]: Start of epoch cleanup
|<5>| REC[0x15918e0]: End of epoch cleanup
|<5>| REC[0x15918e0]: Epoch #1 freed
|<5>| REC[0x15918e0]: Allocating epoch #0
|<2>| added 2 protocols, 43 ciphersuites, 18 sig algos and 9 groups into priority list
* Accepted connection from IPv4 127.0.0.1 port 55030 on Mon Dec 10 16:27:53 2018
|<5>| REC[0x15918e0]: Allocating epoch #1
|<3>| ASSERT: buffers.c[get_last_packet]:1171
|<5>| REC[0x15918e0]: SSL 3.0 Handshake packet received. Epoch 0, length: 99
|<5>| REC[0x15918e0]: Expected Packet Handshake(22)
|<5>| REC[0x15918e0]: Received Packet Handshake(22) with length: 99
|<5>| REC[0x15918e0]: Decrypted Packet[0] Handshake(22) with length: 99
|<4>| HSK[0x15918e0]: CLIENT HELLO (1) was received. Length 95[95], frag offset 0, frag length: 95, sequence: 0
|<4>| HSK[0x15918e0]: Client's version: 3.3
|<3>| ASSERT: db.c[_gnutls_server_restore_session]:298
|<4>| EXT[0x15918e0]: Parsing extension 'Signature Algorithms/13' (14 bytes)
|<4>| EXT[0x15918e0]: rcvd signature algo (8.4) RSA-PSS-RSAE-SHA256
|<4>| EXT[0x15918e0]: rcvd signature algo (8.5) RSA-PSS-RSAE-SHA384
|<4>| EXT[0x15918e0]: rcvd signature algo (8.6) RSA-PSS-RSAE-SHA512
|<4>| EXT[0x15918e0]: rcvd signature algo (8.9) RSA-PSS-SHA256
|<4>| EXT[0x15918e0]: rcvd signature algo (8.10) RSA-PSS-SHA384
|<4>| EXT[0x15918e0]: rcvd signature algo (8.11) RSA-PSS-SHA512
|<4>| HSK[0x15918e0]: Received safe renegotiation CS
|<2>| checking c0.13 (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1) for compatibility
|<3>| ASSERT: server_name.c[gnutls_server_name_get]:235
|<4>| HSK[0x15918e0]: Requested server name: ''
|<4>| HSK[0x15918e0]: checking compat of GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1 with certificate[3] (RSA-PSS/X.509)
|<4>| checking cert compat with RSA-PSS-RSAE-SHA256
|<4>| checking cert compat with RSA-PSS-RSAE-SHA384
|<4>| checking cert compat with RSA-PSS-RSAE-SHA512
|<4>| checking cert compat with RSA-PSS-SHA256
|<4>| Selected signature algorithm: RSA-PSS-SHA256
|<2>| Selected (RSA-PSS) cert based on ciphersuite c0.13: GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1
|<4>| HSK[0x15918e0]: Selected group SECP256R1 (2)
|<4>| HSK[0x15918e0]: Selected cipher suite: GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1
|<4>| HSK[0x15918e0]: Selected version TLS1.2
|<4>| HSK[0x15918e0]: Safe renegotiation succeeded
|<4>| HSK[0x15918e0]: SessionID: 35625e6f67a1767c41df0284e669ea878a837b845cf0f29c59a7d836086f50b5
|<4>| EXT[0x15918e0]: Preparing extension (Maximum Record Size/1) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Preparing extension (OCSP Status Request/5) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Preparing extension (Client Certificate Type/19) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Preparing extension (Server Certificate Type/20) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Preparing extension (Supported Groups/10) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Preparing extension (Supported EC Point Formats/11) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Not sending extension (SRP/12) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Not sending extension (Signature Algorithms/13) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Preparing extension (SRTP/14) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Preparing extension (Heartbeat/15) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Preparing extension (ALPN/16) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Preparing extension (Encrypt-then-MAC/22) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Preparing extension (Extended Master Secret/23) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Preparing extension (Session Ticket/35) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Not sending extension (Key Share/51) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Preparing extension (Supported Versions/43) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Not sending extension (Post Handshake Auth/49) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Preparing extension (Safe Renegotiation/65281) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Sending extension Safe Renegotiation/65281 (1 bytes)
|<4>| EXT[0x15918e0]: Preparing extension (Server Name Indication/0) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Not sending extension (Cookie/44) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Not sending extension (Early Data/42) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Not sending extension (PSK Key Exchange Modes/45) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Preparing extension (Record Size Limit/28) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Not sending extension (ClientHello Padding/21) for 'TLS 1.2 server hello'
|<4>| EXT[0x15918e0]: Not sending extension (Pre Shared Key/41) for 'TLS 1.2 server hello'
|<4>| HSK[0x15918e0]: SERVER HELLO was queued [81 bytes]
|<4>| HSK[0x15918e0]: CERTIFICATE was queued [871 bytes]
|<4>| HSK[0x15918e0]: signing TLS 1.2 handshake data: using RSA-PSS-SHA256
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<4>| HSK[0x15918e0]: SERVER KEY EXCHANGE was queued [333 bytes]
|<4>| EXT[0x15918e0]: sent signature algo (4.1) RSA-SHA256
|<4>| EXT[0x15918e0]: sent signature algo (8.9) RSA-PSS-SHA256
|<4>| EXT[0x15918e0]: sent signature algo (8.4) RSA-PSS-RSAE-SHA256
|<4>| EXT[0x15918e0]: sent signature algo (4.3) ECDSA-SHA256
|<4>| EXT[0x15918e0]: sent signature algo (8.7) EdDSA-Ed25519
|<4>| EXT[0x15918e0]: sent signature algo (5.1) RSA-SHA384
|<4>| EXT[0x15918e0]: sent signature algo (8.10) RSA-PSS-SHA384
|<4>| EXT[0x15918e0]: sent signature algo (8.5) RSA-PSS-RSAE-SHA384
|<4>| EXT[0x15918e0]: sent signature algo (5.3) ECDSA-SHA384
|<4>| EXT[0x15918e0]: sent signature algo (6.1) RSA-SHA512
|<4>| EXT[0x15918e0]: sent signature algo (8.11) RSA-PSS-SHA512
|<4>| EXT[0x15918e0]: sent signature algo (8.6) RSA-PSS-RSAE-SHA512
|<4>| EXT[0x15918e0]: sent signature algo (6.3) ECDSA-SHA512
|<4>| EXT[0x15918e0]: sent signature algo (2.1) RSA-SHA1
|<4>| EXT[0x15918e0]: sent signature algo (2.3) ECDSA-SHA1
|<4>| HSK[0x15918e0]: CERTIFICATE REQUEST was queued [71 bytes]
|<4>| HSK[0x15918e0]: SERVER HELLO DONE was queued [4 bytes]
|<5>| REC[0x15918e0]: Preparing Packet Handshake(22) with length: 81 and min pad: 0
|<5>| REC[0x15918e0]: Sent Packet[1] Handshake(22) in epoch 0 and length: 86
|<5>| REC[0x15918e0]: Preparing Packet Handshake(22) with length: 871 and min pad: 0
|<5>| REC[0x15918e0]: Sent Packet[2] Handshake(22) in epoch 0 and length: 876
|<5>| REC[0x15918e0]: Preparing Packet Handshake(22) with length: 333 and min pad: 0
|<5>| REC[0x15918e0]: Sent Packet[3] Handshake(22) in epoch 0 and length: 338
|<5>| REC[0x15918e0]: Preparing Packet Handshake(22) with length: 71 and min pad: 0
|<5>| REC[0x15918e0]: Sent Packet[4] Handshake(22) in epoch 0 and length: 76
|<5>| REC[0x15918e0]: Preparing Packet Handshake(22) with length: 4 and min pad: 0
|<5>| REC[0x15918e0]: Sent Packet[5] Handshake(22) in epoch 0 and length: 9
|<3>| ASSERT: buffers.c[get_last_packet]:1171
|<5>| REC[0x15918e0]: SSL 3.3 Handshake packet received. Epoch 0, length: 781
|<5>| REC[0x15918e0]: Expected Packet Handshake(22)
|<5>| REC[0x15918e0]: Received Packet Handshake(22) with length: 781
|<5>| REC[0x15918e0]: Decrypted Packet[1] Handshake(22) with length: 781
|<4>| HSK[0x15918e0]: CERTIFICATE (11) was received. Length 777[777], frag offset 0, frag length: 777, sequence: 0
- Peer's certificate was NOT verified.
|<3>| ASSERT: buffers.c[get_last_packet]:1171
|<5>| REC[0x15918e0]: SSL 3.3 Handshake packet received. Epoch 0, length: 70
|<5>| REC[0x15918e0]: Expected Packet Handshake(22)
|<5>| REC[0x15918e0]: Received Packet Handshake(22) with length: 70
|<5>| REC[0x15918e0]: Decrypted Packet[2] Handshake(22) with length: 70
|<4>| HSK[0x15918e0]: CLIENT KEY EXCHANGE (16) was received. Length 66[66], frag offset 0, frag length: 66, sequence: 0
|<3>| ASSERT: buffers.c[get_last_packet]:1171
|<5>| REC[0x15918e0]: SSL 3.3 Handshake packet received. Epoch 0, length: 264
|<5>| REC[0x15918e0]: Expected Packet Handshake(22)
|<5>| REC[0x15918e0]: Received Packet Handshake(22) with length: 264
|<5>| REC[0x15918e0]: Decrypted Packet[3] Handshake(22) with length: 264
|<4>| HSK[0x15918e0]: CERTIFICATE VERIFY (15) was received. Length 260[260], frag offset 0, frag length: 260, sequence: 0
|<4>| HSK[0x15918e0]: verify cert vrfy: using RSA-PSS-SHA512
|<5>| REC[0x15918e0]: SSL 3.3 ChangeCipherSpec packet received. Epoch 0, length: 1
|<5>| REC[0x15918e0]: Expected Packet ChangeCipherSpec(20)
|<5>| REC[0x15918e0]: Received Packet ChangeCipherSpec(20) with length: 1
|<5>| REC[0x15918e0]: Decrypted Packet[4] ChangeCipherSpec(20) with length: 1
|<5>| REC[0x15918e0]: Initializing epoch #1
|<5>| REC[0x15918e0]: Epoch #1 ready
|<4>| HSK[0x15918e0]: Cipher Suite: GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1
|<3>| ASSERT: buffers.c[get_last_packet]:1171
|<5>| REC[0x15918e0]: SSL 3.3 Handshake packet received. Epoch 1, length: 64
|<5>| REC[0x15918e0]: Expected Packet Handshake(22)
|<5>| REC[0x15918e0]: Received Packet Handshake(22) with length: 64
|<5>| REC[0x15918e0]: Decrypted Packet[0] Handshake(22) with length: 16
|<4>| HSK[0x15918e0]: FINISHED (20) was received. Length 12[12], frag offset 0, frag length: 12, sequence: 0
|<4>| HSK[0x15918e0]: recording tls-unique CB (recv)
|<4>| REC[0x15918e0]: Sent ChangeCipherSpec
|<4>| HSK[0x15918e0]: Cipher Suite: GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1
|<4>| HSK[0x15918e0]: Initializing internal [write] cipher sessions
|<4>| HSK[0x15918e0]: FINISHED was queued [16 bytes]
|<5>| REC[0x15918e0]: Preparing Packet ChangeCipherSpec(20) with length: 1 and min pad: 0
|<5>| REC[0x15918e0]: Sent Packet[6] ChangeCipherSpec(20) in epoch 0 and length: 6
|<5>| REC[0x15918e0]: Preparing Packet Handshake(22) with length: 16 and min pad: 0
|<5>| REC[0x15918e0]: Sent Packet[1] Handshake(22) in epoch 1 and length: 69
|<5>| REC[0x15918e0]: Start of epoch cleanup
|<5>| REC[0x15918e0]: Epoch #0 freed
|<5>| REC[0x15918e0]: End of epoch cleanup
- Description: (TLS1.2)-(ECDHE-SECP256R1)-(RSA-PSS-SHA256)-(AES-128-CBC)-(SHA1
- Session ID: 35:62:5E:6F:67:A1:76:7C:41:DF:02:84:E6:69:EA:87:8A:83:7B:84:5C:F0:F2:9C:59:A7:D8:36:08:6F:50:B5
|<3>| ASSERT: server_name.c[gnutls_server_name_get]:235
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: x509.c[gnutls_x509_crt_get_issuer_unique_id]:3946
|<3>| ASSERT: x509.c[gnutls_x509_crt_get_subject_unique_id]:3896
|<3>| ASSERT: common.c[_gnutls_copy_data]:1608
|<3>| ASSERT: x509.c[gnutls_x509_crt_get_signature]:1104
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
- X.509 Certificate Information:
Version: 3
Serial Number (hex): 00e941e48ca36c3efb
Issuer: CN=Some Client
Validity:
Not Before: Thu Mar 09 12:32:25 UTC 2017
Not After: Sat Apr 08 12:32:25 UTC 2017
Subject: CN=Some Client
Subject Public Key Algorithm: RSA
Algorithm Security Level: Medium (2048 bits)
Modulus (bits 2048):
00:ee:41:3a:a7:1a:17:08:4d:87:b0:2a:37:e8:15:88
a5:d0:c9:25:35:16:b0:69:b0:7e:26:df:46:0b:2c:6f
d0:71:a9:d1:25:48:4a:0c:55:92:39:1d:9e:f6:7a:85
82:99:c1:d9:39:60:82:23:b6:e8:69:f4:a3:21:76:5e
86:81:79:f0:77:ad:2a:2d:62:1e:fc:e9:82:83:6a:05
cc:c0:85:91:14:11:95:91:d1:30:92:c1:29:0b:eb:b6
25:5d:c3:03:dc:72:ca:24:f8:f7:5c:b9:31:3e:af:c0
43:70:89:d5:bd:63:fa:d9:75:f8:90:ee:15:44:62:f5
af:0a:89:8b:19:77:44:8a:9d:2b:00:f2:ee:96:75:05
6a:4a:27:10:63:ca:69:31:69:75:da:d9:d9:19:14:fd
6d:86:79:04:c0:21:b6:0e:09:a8:d2:a0:6c:45:c1:42
62:5f:78:f1:31:4f:9d:0d:31:d3:2d:ea:96:3c:8f:4d
5e:7c:61:2d:db:08:99:68:0d:2d:a7:e2:68:c2:bf:7d
40:07:24:c3:0e:a2:5e:a2:73:51:3d:3a:b6:d5:f5:81
8d:33:a3:06:dc:71:77:51:ea:82:94:d6:f6:25:36:46
8a:94:e1:7d:ed:a4:15:34:4d:8d:e6:04:86:a1:d4:a7
e7
Exponent (bits 24):
01:00:01
Extensions:
Subject Key Identifier (not critical):
871884be98ac62ed4eff823add5e71d4d7ff0c2c
Authority Key Identifier (not critical):
871884be98ac62ed4eff823add5e71d4d7ff0c2c
Basic Constraints (not critical):
Certificate Authority (CA): TRUE
Signature Algorithm: RSA-SHA256
Signature:
af:5f:59:44:2b:27:c3:51:2e:fb:54:67:d7:f5:ca:2d
1d:d6:51:85:ac:6b:35:a3:bf:c0:2a:15:80:65:ed:29
2b:7a:e7:70:38:ec:25:9e:4a:b0:6a:8e:b1:49:12:6f
90:a8:3c:7f:ee:25:8b:37:7a:03:c6:60:24:df:62:71
40:dd:25:7e:a5:13:83:f6:d9:b5:8b:15:34:6b:b6:4c
74:b0:c9:dc:a5:63:32:75:6d:3b:7f:d7:72:1a:bb:94
bd:37:9f:3a:94:b7:0c:11:21:a7:07:cb:67:60:86:ea
01:84:e6:46:49:a9:f4:f9:88:87:30:40:90:a5:83:12
b1:2a:e4:02:f8:77:54:0e:3b:de:ac:a6:c2:0b:c1:52
1e:ab:1b:50:2b:fd:11:1f:0f:a2:b6:80:11:4b:d6:3b
ce:bd:71:7f:9a:89:2a:a8:ac:d3:34:46:9e:36:75:3a
16:a0:77:77:c5:d6:19:bc:7e:f5:a9:b6:85:8a:e9:8f
16:a2:3f:00:9b:d3:df:32:2c:78:1c:db:a7:07:29:d7
8d:0d:9c:26:8e:59:37:b3:07:7c:67:32:62:cc:6c:95
d4:31:34:2e:67:94:a5:c6:3c:3d:1c:91:1c:63:0a:e6
23:a5:c3:91:46:28:77:22:60:e8:47:76:10:50:f4:2f
Other Information:
Fingerprint:
sha1:a2d9f67ac34fcae6cc001a09885bafb1c50d164e
sha256:42404563639e8d9a177ffa097eb544f567ceb4b072b173ed687e88f953b8c752
Public Key ID:
sha1:9fab74a798cb65aa5f89122bdaa7d79e88cd6da9
sha256:1023bf4bff192b23fee0c3802cfba4f053bb13ee3bfe377b8a10945bb36bb104
Public Key PIN:
pin-sha256:ECO/S/8ZKyP+4MOALPuk8FO7E+47/jd7ihCUW7NrsQQ=
-----BEGIN CERTIFICATE-----
MIIC/zCCAeegAwIBAgIJAOlB5IyjbD77MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
BAMMC1NvbWUgQ2xpZW50MB4XDTE3MDMwOTEyMzIyNVoXDTE3MDQwODEyMzIyNVow
FjEUMBIGA1UEAwwLU29tZSBDbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDuQTqnGhcITYewKjfoFYil0MklNRawabB+Jt9GCyxv0HGp0SVISgxV
kjkdnvZ6hYKZwdk5YIIjtuhp9KMhdl6GgXnwd60qLWIe/OmCg2oFzMCFkRQRlZHR
MJLBKQvrtiVdwwPccsok+PdcuTE+r8BDcInVvWP62XX4kO4VRGL1rwqJixl3RIqd
KwDy7pZ1BWpKJxBjymkxaXXa2dkZFP1thnkEwCG2Dgmo0qBsRcFCYl948TFPnQ0x
0y3qljyPTV58YS3bCJloDS2n4mjCv31AByTDDqJeonNRPTq21fWBjTOjBtxxd1Hq
gpTW9iU2RoqU4X3tpBU0TY3mBIah1KfnAgMBAAGjUDBOMB0GA1UdDgQWBBSHGIS+
mKxi7U7/gjrdXnHU1/8MLDAfBgNVHSMEGDAWgBSHGIS+mKxi7U7/gjrdXnHU1/8M
LDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCvX1lEKyfDUS77VGfX
9cotHdZRhaxrNaO/wCoVgGXtKSt653A47CWeSrBqjrFJEm+QqDx/7iWLN3oDxmAk
32JxQN0lfqUTg/bZtYsVNGu2THSwydylYzJ1bTt/13Iau5S9N586lLcMESGnB8tn
YIbqAYTmRkmp9PmIhzBAkKWDErEq5AL4d1QOO96spsILwVIeqxtQK/0RHw+itoAR
S9Y7zr1xf5qJKqis0zRGnjZ1Ohagd3fF1hm8fvWptoWK6Y8Woj8Am9PfMix4HNun
BynXjQ2cJo5ZN7MHfGcyYsxsldQxNC5nlKXGPD0ckRxjCuYjpcORRih3ImDoR3YQ
UPQv
-----END CERTIFICATE-----
- Ephemeral EC Diffie-Hellman parameters
- Using curve: SECP256R1
- Curve size: 256 bits
- Version: TLS1.2
- Key Exchange: ECDHE-RSA
- Server Signature: RSA-PSS-SHA256
- Client Signature: RSA-PSS-SHA512
- Cipher: AES-128-CBC
- MAC: SHA1
|<3>| ASSERT: ocsp-api.c[gnutls_ocsp_status_request_get2]:93
|<3>| ASSERT: ocsp-api.c[gnutls_ocsp_status_request_is_checked]:627
- Options: safe renegotiation,
|<3>| ASSERT: srtp.c[gnutls_srtp_get_selected_profile]:320
|<3>| ASSERT: alpn.c[gnutls_alpn_get_selected_protocol]:255
- Channel binding 'tls-unique': 7114a139cf25d1e5ab562393
|<3>| ASSERT: buffers.c[_gnutls_stream_read]:369
|<3>| ASSERT: buffers.c[_gnutls_io_read_buffered]:589
|<3>| ASSERT: record.c[recv_headers]:1169
|<3>| ASSERT: record.c[_gnutls_recv_in_buffers]:1300
|<3>| ASSERT: record.c[_gnutls_recv_int]:1709
Error while receiving data
|<5>| REC: Sending Alert[2|80] - Internal error
|<5>| REC[0x15918e0]: Preparing Packet Alert(21) with length: 2 and min pad: 0
|<2>| WRITE: -1 returned from 0x5, errno: 32
|<3>| ASSERT: buffers.c[errno_to_gerr]:230
|<3>| ASSERT: buffers.c[_gnutls_io_write_flush]:722
|<3>| ASSERT: record.c[_gnutls_send_tlen_int]:572
Error: Error in the pull function.
|<5>| REC[0x15918e0]: Start of epoch cleanup
|<5>| REC[0x15918e0]: End of epoch cleanup
|<5>| REC[0x15918e0]: Epoch #1 freed
Expected results:
Test cases pass.