[gnutls-devel] handshake packet re-ordering issue during encrypted handshake
Guillaume Roguez
guillaume.roguez at savoirfairelinux.com
Tue Jun 14 17:14:01 CEST 2016
----- Le 14 Juin 16, à 10:05, Guillaume Roguez guillaume.roguez at savoirfairelinux.com a écrit :
> ----- Le 14 Juin 16, à 9:58, Nikos Mavrogiannopoulos
> n.mavrogiannopoulos at gmail.com a écrit :
>
>> On Fri, 2016-06-10 at 14:09 +0200, Nikos Mavrogiannopoulos wrote:
>>> On Mon, 2016-06-06 at 00:20 -0400, Guillaume Roguez wrote:
>>>
>>> >
>>> > For sure, I'm joining a patch to modify this test (also utils to
>>> > permit
>>> > extra arguments). It must be applied inside tests/ directory.
>>> > Notice you need to give CA, certificate and key as arguments for
>>> > x509
>>> > authentification.
>>> >
>>> > The patch gives a working version, uncomment the line:
>>> I could not reproduce it. Could you please use the attached file as
>>> starting point for your test? It is based on a newly introduced test
>>> for DTLS and uses the embedded certificates and keys. If to reproduce
>>> you need different certificates please include them in the test.
>>
>> Ping? I'm suspecting it may be related to the certificate size. If you
>> cannot include the certificates you are using please generate a test
>> pair with size close to the problematic one.
>>
>> regards,
>> Nikos
>
> I'm going to test and report to you my results.
> Thanks
>
> Guillaume
Ok, your example doesn't trig the packet re-odering code, that's why it pass ;-)
Just change the line 87 like this:
before: if (!pkt_found && len == MTU) {
after: if (!pkt_found && len > 1200) {
In my case the biggest client packet is 1485 bytes, that's trigging the re-ordering simulator.
Using this change on your code causes the issue.
Regards,
Guillaume
More information about the Gnutls-devel
mailing list