[gnutls-devel] GnuTLS | bad_certificate instead of decode_error alert in compressed certificate (#1584)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Fri Sep 27 09:50:17 CEST 2024
George Pantelakis created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1584
## Description of problem:
When we send a compressed certificate message and we have additional bytes at the begging or end of the message that is not reflected in the compressed_certificate_message size then we get a bad_certificate alert instead of a decode_error alert.
## Version of gnutls used:
gnutls-3.8.7
## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
RHEL and Fedora
## How reproducible:
Always
Steps to Reproduce:
* Run https://github.com/tlsfuzzer/tlsfuzzer/blob/master/scripts/test-tls13-client-certificate-compression.py against an GnuTLS server.
## Actual results:
Tests "Additional bytes, *" from test-tls13-client-certificate-compression.py fail
## Expected results:
Tests "Additional bytes, *" from test-tls13-client-certificate-compression.py will pass
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1584
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240927/22b75907/attachment.html>
More information about the Gnutls-devel
mailing list