[gnutls-devel] GnuTLS | With TLS 1.3 enabled, gnutls_handshake() succeeds in client when client fails to send required certificate (#615)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Sun Nov 11 16:09:08 CET 2018


> Are you sure than in that test suite you refer, the handshake is fully completed on both sides (i.e., `gnutls_handshake` returns zero)? 

It's completed successfully on the client side if TLS 1.3 is used. (With TLS 1.2, if fails with `GNUTLS_E_NO_CERTIFICATE_FOUND`.)

On the server side, it fails with `GNUTLS_E_NO_CERTIFICATE_FOUND`.

> That was a common issue in test suites and tls1.3. Also are there any special flags used with `gnutls_init`? 

Just `GNUTLS_CLIENT` or `GNUTLS_SERVER`.

> I'd really appreciate a reproducer which uses gnutls directly.

I think your test is checking the result of `gnutls_handshake` in the server, not the client. Maybe I wasn't clear enough that the unexpected behavior occurs only on the client side. Let me try modifying it to see what happens.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/615#note_116306371
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181111/498b81c9/attachment-0001.html>


More information about the Gnutls-devel mailing list