Memory leaks are observed for libgnutls in multi-thread mode
tangtong
tang__tong at hotmail.com
Thu Oct 29 06:27:52 CET 2009
Hi,Nikos
I have rebuilt the lib with the latest daily snap shot and the GIT snapshot commited by you, the memory leak and core issue have been resolved.
One more question: in your commit comments:
"3. In TLS 1.2 when a certificate request is sent, support is not complete. In that case abort the handshake. By checking
TLS 1.2 it seems that the algorithms to be used for the signature in the certificate verify message are negotiated not at
the client/server hello messages but rather selected by the server at the certificate request. This might not look as bad, but since in this message we have to sign all previous handshake messages, it forces us to keep all the handshake messages into a buffer until this point... I don't know who proposed this change to the TLS WG, but it seems it wasn't really thought of."
If client certificate is not needed, the current implemenation can support TLS1.2, right?
Regards
Tony
From: tang__tong at hotmail.com
To: nmav at gnutls.org
Date: Mon, 26 Oct 2009 01:35:35 +0000
CC: simon at josefsson.org; help-gnutls at gnu.org
Subject: RE: Memory leaks are observed for libgnutls in multi-thread mode
Hi,Nikos
I have reproduced the core dump with the server/client in the attach. If not using the memory-leak patch, the core will not happen.
Regards
Tony
From: tang__tong at hotmail.com
To: nmav at gnutls.org
Date: Fri, 23 Oct 2009 14:28:50 +0000
CC: simon at josefsson.org; help-gnutls at gnu.org
Subject: RE: Memory leaks are observed for libgnutls in multi-thread mode
Hi,Nikos
The server is implemented by myself with gnutls2.9.4 and your patch. To make investigation easy, I will build a simplified server based on gnutls demo server codes and let you know the results later.
Regards
Tony
> Date: Fri, 23 Oct 2009 10:38:20 +0300
> Subject: Re: Memory leaks are observed for libgnutls in multi-thread mode
> From: nmav at gnutls.org
> To: tang__tong at hotmail.com
> CC: simon at josefsson.org; help-gnutls at gnu.org
>
> Thanks. However in order to reproduce it I need to know to which
> server you connect to and which options does this server use?
>
> 2009/10/23 tangtong <tang__tong at hotmail.com>:
> > Hi,Nikos
> >
> > The gnutls-cli built by me will core when I enable TLS1.2. I think the code
> > base I use is a little diffent from what you are using. The following is my
> > steps to setup the build enviorment:
> > 1)Download a gnutls releaes package 2.8.3 and decompress it;
> > 2)Download 2.9.4 snap shot and uncompress it to the directory created in the
> > step 1);
> > 3)Run patch you provide.
> >
> > Seems only snapshot of 2.9.4 is not the whole build env, that's why i
> > decompress it to a build enviorment of 2.8.3.
> >
> > Regards
> > Tony
> >
> >
> >
> >
> >
> >
> >
> >
> >> Date: Thu, 22 Oct 2009 19:31:02 +0300
> >> From: nmav at gnutls.org
> >> To: tang__tong at hotmail.com
> >> CC: simon at josefsson.org; help-gnutls at gnu.org
> >> Subject: Re: Memory leaks are observed for libgnutls in multi-thread mode
> >>
> >> tangtong wrote:
> >> > Hi,Nikos
> >>
> >> > 2)The patch doesn't support
> >> > "NONE:+VERS-TLS1.2:+AES-256-CBC:+RSA:+SHA256:+COMP-NULL", I t! hink your
> >> > patch disable the tls1.2 support, it will core with the following dump
> >> > info:
> >> > fe9a2bb8 _gcry_md_copy (ffbff33c, 0, 0, febc6ed0, 14f8, fed3805c) + 4
> >> > feca8dfc _gnutls_hash_copy (ffbff338, 365c4, 0, 0, 0, 0) + 80
> >> > fec9e0fc _gnutls_finished (36180, 2, ffbff440, 1, 6, 0) + 84
> >> > fec9edc0 _gnutls_send_handshake_final (0, 0, 0, e, e, 4) + 128
> >> > feca2548 _gnutls_handshake_common (36180, 0, 10, 4, ffffffe0, ffbff551)
> >> > + 30
> >> > feca382c gnutls_handshake (0, 4, 32fc8, 8e8, 17ac, ffbff5c4) + 60
> >> > 000119bc main (1, ffbffa54, ffbffa5c, 22508, 0, 0) + 118
> >> > 000112c8 _start (0, 0, 0, 0, 0, 0) + 5c
> >>
> >> Can you send me information on how I can reproduce this issue? I can use
> >> ./gnutls-cli tls.secg.org --priority
> >> "NONE:+VERS-TLS1.2:+AES-128-CBC:+RSA:+DHE-DSS:+SHA256:+COMP-NULL" to
> >> connect using TLS1.2 without any issues.>
> >> regards,
> >> Nikos
> >
> > ________________________________
> > 全新 Windows 7:寻找最适合您的 PC。 了解详情。
Messenger保护盾2.0,更安全可靠的Messenger聊天! 现在就下载!
Messenger保护盾2.0,更安全可靠的Messenger聊天! 现在就下载!
_________________________________________________________________
全新 Windows 7:寻找最适合您的 PC。了解详情。
http://www.microsoft.com/china/windows/buy/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20091029/22c7de42/attachment.htm>
More information about the Gnutls-help
mailing list