[gnutls-devel] GnuTLS | Listening DTLS server responds with HELLO_VERIFY_REQUEST to most messages (#632)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Mon Dec 3 20:44:14 CET 2018
Hi. Attached is an example where the gnutls server is run, some junk message is sent to it and the server response if printed out. Unfortunately, despite my best attempts, I was not able to compile using the src/udp-serv.h headers and src/udp-serv.c which provides the `udp_server` method, method also used by gnutls-serv. Hence, I added a flag which switches between code for launching server via `udp_server` and via the `system` library function.
The fix is rather simple, in [udp_server](https://gitlab.com/gnutls/gnutls/blob/master/src/udp-serv.c#L94), upon receiving a first message, check that the message is actually a CLIENT_HELLO before sending a HELLO_VERIFY_REQUEST.
What I see as a problem architecturally is that the first step of DTLS lies outside of the handshake and has to be handled by applications that make use of gnutls libraries. It would be nice if there was a DTLS-specific library method which performed DTLS handshakes completely, including this first step.
[hello-verify-test.c](/uploads/96b21f35a018933eb42e0946061750ff/hello-verify-test.c)
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/632#note_121960413
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181203/d7477fb6/attachment.html>
More information about the Gnutls-devel
mailing list