supplemental data handshake message

Simon Josefsson simon at josefsson.org
Fri May 7 11:32:36 CEST 2010 

Carolin Latze <carolin.latze at unifr.ch> writes:

> Hi Simon,
>
> I finally got it running!! :-)
>
> The _gnutls_buffer_init was the problem that fixed the length
> issue. The next problem was that I did not expect to get the data only
> in _gnutls_helloworld_supp_recv. Instead I tried to parse it again
> (reading the length etc) which caused segfaults. After I figured out
> that I do not have to parse anything anymore, I got it running :-)

Great!

I think a "hello world" Supplemental Data extension example would be
quite useful for people interested in writing such things, much like the
writeup on writing a TLS extension.

> I will prepare some (short) documentation that I will post to the list
> in the next few days. Feel free to copy it into your documentation in
> order to make it easier for other people when they try to implement a
> new supplemental data handshake message.

In order to use any contribution in the official documentation, you need
to sign over the copyright to the FSF.  I'll send you papers privately.

/Simon

> Regards and thanks a lot for your help!
> Carolin
>
> On 05/05/2010 02:51 PM, Simon Josefsson wrote:
>> Carolin Latze<carolin.latze at unifr.ch>  writes:
>>
>>    
>>> Hi Simon,
>>>
>>>
>>>      
>>>> It is difficult to tell from just description of the problem...  Try
>>>> printing the entire buffer that is sent by _gnutls_gen_supplement and
>>>> the buffer received by _gnutls_parse_supplemental and hand-check that
>>>> they are correct and match.
>>>>        
>>> If I did not do something completely wrong (which is ofc always
>>> possible), they do not match, which is weird. Like you will see in the
>>> source code below, I printed buf at the end of
>>> _gnutls_gen_supplemental as well as data at the beginning of
>>> _gnutls_parse_supplemental.
>>>      
>> There is a bug in your printing code, it has to be:
>>
>> _gnutls_debug_log ("EXT[%p]: supp send buffer: ",session);
>> for(i=0;i<buf->length;i++) _gnutls_debug_log ("%02x",buf->data[i]&  0xFF);
>>
>> Check the warnings when you build the code, it would catch issues like
>> that.
>>
>> With that, the buffers sent and received are identical:
>>
>> |<2>| EXT[0x9073780]: supp send buffer: |<2>| 00|<2>| 00|<2>| 07|<2>| 00|<2>| 01|<2>| 00|<2>| 03|<2>| 6c|<2>| 6c|<2>| 6f|<2>|
>>
>> |<2>| EXT[0x8de9c58]: recv supp buf: |<2>| 00|<2>| 00|<2>| 07|<2>| 00|<2>| 01|<2>| 00|<2>| 03|<2>| 6c|<2>| 6c|<2>| 6f|<2>|
>>
>> Another bug was that your ext_helloworld.c cleared out the buffer, you
>> need to remove this call:
>>
>> 	_gnutls_buffer_init(buf);
>>
>>    
>>>> Maybe you could push a git branch with your
>>>> work somewhere, so we can more easily reproduce the problem?
>>>>
>>>>
>>>>        
>>> Due to the lack of a git server, I put my GnuTLS version on a webserver:
>>> http://diuf.unifr.ch/people/latzec/gnutls-2.9.11-CL.tar.gz
>>>
>>> If you prefer a git branch, I need to get a server first :-) (which is
>>> probably not impossible, but needs more time :))
>>>      
>> A tarball is fine.  You can push to free git servers out there, such as
>> repo.or.cz.
>>
>> /Simon
>>

More information about the Gnutls-help mailing list