[gnutls-devel] GnuTLS | With TLS 1.3 enabled, gnutls_handshake() succeeds in client when client fails to send required certificate (#615)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Sat Nov 17 19:01:50 CET 2018

Aaaah that makes sense now.


Enable transparent re-authentication in client side when the server requests to. That is, reauthentication is handled within gnutls_record_recv(), and the %GNUTLS_E_REHANDSHAKE or %GNUTLS_E_REAUTH_REQUEST are not returned. This must be enabled with %GNUTLS_POST_HANDSHAKE_AUTH for TLS1.3, and it requires to restore interrupted calls to gnutls_record_recv() based on the output of gnutls_record_get_direction() since gnutls_record_recv() could be interrupted when sending when this flag is enabled. Note this flag may not be used if you are using the same session for sending and receiving in different threads.

For gnutls_record_get_direction():

This function provides information about the internals of the record protocol and is only useful if a prior gnutls function call, e.g. gnutls_handshake(), was interrupted for some reason. That is, if a function returned GNUTLS_E_INTERRUPTED or GNUTLS_E_AGAIN. In such a case, you might want to call select() or poll() before restoring the interrupted gnutls function. This function is useful to determine whether the function was interrupted while sending or receiving, so that select() or poll() may be called appropriately.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/615#note_118007104
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181117/c3eb754a/attachment.html>

More information about the Gnutls-devel mailing list