[gnutls-devel] handshake packet re-ordering issue during encrypted handshake

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu Jun 9 17:52:44 CEST 2016


On Mon, 2016-06-06 at 00:20 -0400, Guillaume Roguez wrote:
> > 
> > On Fri, 2016-06-03 at 15:43 -0400, Guillaume Roguez wrote:
> > > 
> > > Hi,
> > > 
> > > Using gnutls 3.4.12, I'm trying to implement an encrypted and
> > > authenticated UDP channel using DTLS.
> > > To not send the certificate in clear during the handshake, I'm
> > > doing
> > > a double hanshake, starting
> > > with an anonymous credential session, then forcing a re-handshake
> > > using a certified credential session.
> > > 
> > > My in-production code was worked well... until some users
> > > complain
> > > about the certified handshake not working.
> > > After investigation I've found that the packet containing
> > > (completely
> > > or partially) the client certificate is
> > > shift in time at server side.
> > > This packet is encryted as it's inside anonymous session, quite
> > > big
> > > (all allowed bytes used = MTU size)
> > > and re-ordered by the network.
> > Hi,
> >  Could you modify tests/mini-dtls-rehandshake.c to do the same re-
> > ordering so that I can reproduce and also include it in the test
> > suite?
> > 
> For sure, I'm joining a patch to modify this test (also utils to
> permit
> extra arguments). It must be applied inside tests/ directory.
> Notice you need to give CA, certificate and key as arguments for x509
> authentification.

I usually try to hard-code the certs from "cert-common.h" to allow for
easier testing. Anyway I'll check the issue the next few days.

regards,
Nikos




More information about the Gnutls-devel mailing list