gnutls-cli-debug - Linux
Overview
gnutls-cli-debug
is a command-line utility for testing connections to remote servers using the GNU Transport Layer Security (GnuTLS) library. It provides detailed information about the connection establishment process, including protocol negotiation, certificate validation, and more.
Syntax
gnutls-cli-debug [options] [server] [port]
Options/Flags
-d
or--debuglevel
: Set debug level (0-9)-n
or--name
: Set common name for server verification-v
or--verbose
: Print additional information-h
or--help
: Print usage information-x
or--hexdump
: Hexdump input and output-c
or--conn
: Connect and fail immediately-f
or--force
: Ignore hostname mismatches-t
or--timeout
: Set timeout in seconds-k
or--keyfile
: Set file containing PEM private key-C
or--certfile
: Set file containing PEM certificate-S
or--sessionfile
: Set file containing GnuTLS session cache-N
or--nocache
: Disable session caching
Examples
To connect to a remote server and display detailed information:
gnutls-cli-debug -v example.com 443
To ignore hostname mismatches:
gnutls-cli-debug -f example.com 443
To use a specific private key and certificate files:
gnutls-cli-debug -k mykey.pem -C mycert.pem example.com 443
Common Issues
- Ensure that the server supports the TLS protocol and the certificate is valid.
- Check if the private key and certificate files are in the correct format and have the correct permissions.
- Verify that the hostname matches the certificate’s Common Name (CN) unless the
--force
flag is used.
Integration
gnutls-cli-debug
can be used to test TLS connections with scripts or chained with other commands, such as:
openssl s_client -connect example.com:443 | gnutls-cli-debug -x
This command connects to the server using OpenSSL and then dumps the traffic to gnutls-cli-debug
for detailed analysis.
Related Commands
openssl
gnutls-serv-debug
tcpdump
For more information, refer to the official GnuTLS documentation: https://gnutls.org/