[gnutls-devel] GnuTLS | tls1.3: server returns early on handshake when no cert is provided by client (!711)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Fri Aug 3 09:00:49 CEST 2018
Nikos Mavrogiannopoulos commented on a discussion on lib/handshake-tls13.c:
> IMED_RET("send finished", ret, 0);
> /* fall through */
> case STATE107:
> + /* At this point our sending keys should be the app keys
> + * see 4.4.4 at draft-ietf-tls-tls13-28 */
> + ret =
> + generate_ap_traffic_keys(session);
> + IMED_RET("generate app keys", ret, 0);
> +
> + /* If the session is unauthenticated, try to optimize the handshake by
> + * sending the session ticket early. */
> + if (!(session->internals.hsk_flags & (HSK_CRT_REQ_SENT|HSK_PSK_SELECTED))) {
> + STATE = STATE107;
Thanks for pointing that out. I was troubled by it too. I've introduced another macro for the functions which are not expected to return (EAGAIN or INTERRUPTED) errors. I do not think that the previous approach would have been a problem (unless there was a bug), but the new approach should make the state machine reading more clear.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/711#note_92267237
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180803/084334f4/attachment.html>
More information about the Gnutls-devel
mailing list