[gnutls-devel] GnuTLS | Unexpected TLS packet during handshake with Twitter.com (#841)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Fri Oct 4 09:09:41 CEST 2019
Nikos Mavrogiannopoulos commented:
Ok, I slept a little into it and I have an idea :)
The server hello parsing is checking extensions gradually as it progresses. When session resumption is selected in TLS1.2 only the "mandatory" extensions are parsed. See [this code](https://gitlab.com/gnutls/gnutls/blob/master/lib/handshake.c#L1939). So an idea is, that possibly some condition is not met for the new session ticket to be received later (something in [this code](https://gitlab.com/gnutls/gnutls/blob/master/lib/ext/session_ticket.c#L630). I have not checked the details nor verified it, but a fix may be:
```
diff --git a/lib/ext/session_ticket.c b/lib/ext/session_ticket.c
index 98db39ff88..3ad8dec0ce 100644
--- a/lib/ext/session_ticket.c
+++ b/lib/ext/session_ticket.c
@@ -54,7 +54,7 @@ const hello_ext_entry_st ext_mod_session_ticket = {
.gid = GNUTLS_EXTENSION_SESSION_TICKET,
.validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_DTLS | GNUTLS_EXT_FLAG_CLIENT_HELLO |
GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
- .parse_type = GNUTLS_EXT_TLS,
+ .parse_type = GNUTLS_EXT_MANDATORY,
.recv_func = session_ticket_recv_params,
.send_func = session_ticket_send_params,
.pack_func = session_ticket_pack,
```
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/841#note_225937699
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20191004/04823e02/attachment-0001.html>
More information about the Gnutls-devel
mailing list