supplemental data handshake message

Carolin Latze carolin.latze at
Fri Apr 30 16:06:40 CEST 2010

Hi everybody,

since there seems to be no documentation about how to implement a new
supplemental data handshake message (except for some comments in
lib/gnutls_supplemental.c), I have to come up with a new question:

According to lib/gnutls_supplemental.c, an extension that wants to send
supplemental data has to set the do_send_supplemental flag. Furthermore
the party expecting supplemental data has to set do_recv_supplemental.
For my little helloworld extension, I did that in lib/ext_helloworld.c
in the extension's send and recv method. That seems to work, since the
debug out tells me, gnutls expects supplemental data. Furthermore, I add
those two methods to ext_helloworld.c:

int _gnutls_helloworld_supp_recv_params(gnutls_session_t session,const
opaque *data,size_t _data_size)
        uint8_t len;
        ssize_t data_size = _data_size;
        unsigned char *msg;

        if (data_size > 0)
          len = data[0];
          DECR_LEN (data_size, len);
          msg=(unsigned char*)malloc(len*sizeof(unsigned char));
          printf("supp data: %s\n",msg);

        return 0;


int _gnutls_helloworld_supp_send_params(gnutls_session_t
session,gnutls_buffer *buf)

        unsigned char *msg = "supp hello";
        int len = strlen(msg);

        _gnutls_buffer_append(buf,msg,(uint8_t) len);

        return len;


I am sure, I missed something since my GnuTLS client crashes:

EXT[0x8c30378]: Found extension 'SAFE_RENEGOTIATION/65281'
EXT[0x8c30378]: Found extension 'HELLOWORLD/40'
received msg: Hello little one
Safe renegotiation succeeded.
EXT[0x8c30378]: Expecting supplemental data
REC[0x8c30378]: Expected Packet[1] Handshake(22) with length: 1
REC[0x8c30378]: Received Packet[1] Handshake(22) with length: 7
REC[0x8c30378]: Decrypted Packet[1] Handshake(22) with length: 7
HSK[0x8c30378]: SUPPLEMENTAL was received [7 bytes]
ASSERT: gnutls_supplemental.c:183
ASSERT: gnutls_handshake.c:2650
ASSERT: gnutls_handshake.c:2783
ERROR: Handshake failed

Why does he expect a message with length 1? I suspect, that is the
problem here, right? Any ideas or hints?


More information about the Gnutls-help mailing list