I've been digging through the source trying to track down the problem I am experiencing. This has actually led me into the source for libgnutls26 rather than neon but I'm posting here for completeness. libneon-gnutls27 calls gnutls_handshake() in libgnutls26 which calls _gnutls_handshake_client() which appears to proceed through the following stages successfully:
Send hello. Receive server hello. Receive server certificate. Receive server key exchange message. Receive server certificate request message. Receive server hello done. Send client certificate. Send client key exchange. Send client certificate verify. It then calls _gnutls_handshake_common() which first successfully calls _gnutls_send_handshake_final() but falls over on _gnutls_recv_handshake_final() where it interprets the response from the server as a GNUTLS_ALERT packet instead of a GNUTLS_CHANGE_CIPHER_SPEC packet. I have to assume that it is the gnutls client misinterpreting the packet rather than the server sending something unexpected because client certificate authentication works when using the LD_PRELOAD workaround and also when using Firefox. I really want to get this working so I'll keep digging but if anyone has any ideas or wants to discuss please let me know. -- You received this bug notification because you are a member of Registry Administrators, which is the registrant for neon. https://bugs.launchpad.net/bugs/294648 Title: svn over https with client certificates broken (regression in intrepid) _______________________________________________ Mailing list: https://launchpad.net/~registry Post to : registry@lists.launchpad.net Unsubscribe : https://launchpad.net/~registry More help : https://help.launchpad.net/ListHelp
