[gnutls-devel] GnuTLS | With TLS 1.3 enabled, gnutls_handshake() succeeds in client when client fails to send required certificate (#615)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Sun Nov 11 16:09:08 CET 2018
> Are you sure than in that test suite you refer, the handshake is fully completed on both sides (i.e., `gnutls_handshake` returns zero)?
It's completed successfully on the client side if TLS 1.3 is used. (With TLS 1.2, if fails with `GNUTLS_E_NO_CERTIFICATE_FOUND`.)
On the server side, it fails with `GNUTLS_E_NO_CERTIFICATE_FOUND`.
> That was a common issue in test suites and tls1.3. Also are there any special flags used with `gnutls_init`?
Just `GNUTLS_CLIENT` or `GNUTLS_SERVER`.
> I'd really appreciate a reproducer which uses gnutls directly.
I think your test is checking the result of `gnutls_handshake` in the server, not the client. Maybe I wasn't clear enough that the unexpected behavior occurs only on the client side. Let me try modifying it to see what happens.
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/615#note_116306371
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnutls-devel