supplemental data handshake message
simon at josefsson.org
Fri May 7 11:32:36 CEST 2010
Carolin Latze <carolin.latze at unifr.ch> writes:
> Hi Simon,
> I finally got it running!! :-)
> The _gnutls_buffer_init was the problem that fixed the length
> issue. The next problem was that I did not expect to get the data only
> in _gnutls_helloworld_supp_recv. Instead I tried to parse it again
> (reading the length etc) which caused segfaults. After I figured out
> that I do not have to parse anything anymore, I got it running :-)
I think a "hello world" Supplemental Data extension example would be
quite useful for people interested in writing such things, much like the
writeup on writing a TLS extension.
> I will prepare some (short) documentation that I will post to the list
> in the next few days. Feel free to copy it into your documentation in
> order to make it easier for other people when they try to implement a
> new supplemental data handshake message.
In order to use any contribution in the official documentation, you need
to sign over the copyright to the FSF. I'll send you papers privately.
> Regards and thanks a lot for your help!
> On 05/05/2010 02:51 PM, Simon Josefsson wrote:
>> Carolin Latze<carolin.latze at unifr.ch> writes:
>>> Hi Simon,
>>>> It is difficult to tell from just description of the problem... Try
>>>> printing the entire buffer that is sent by _gnutls_gen_supplement and
>>>> the buffer received by _gnutls_parse_supplemental and hand-check that
>>>> they are correct and match.
>>> If I did not do something completely wrong (which is ofc always
>>> possible), they do not match, which is weird. Like you will see in the
>>> source code below, I printed buf at the end of
>>> _gnutls_gen_supplemental as well as data at the beginning of
>> There is a bug in your printing code, it has to be:
>> _gnutls_debug_log ("EXT[%p]: supp send buffer: ",session);
>> for(i=0;i<buf->length;i++) _gnutls_debug_log ("%02x",buf->data[i]& 0xFF);
>> Check the warnings when you build the code, it would catch issues like
>> With that, the buffers sent and received are identical:
>> |<2>| EXT[0x9073780]: supp send buffer: |<2>| 00|<2>| 00|<2>| 07|<2>| 00|<2>| 01|<2>| 00|<2>| 03|<2>| 6c|<2>| 6c|<2>| 6f|<2>|
>> |<2>| EXT[0x8de9c58]: recv supp buf: |<2>| 00|<2>| 00|<2>| 07|<2>| 00|<2>| 01|<2>| 00|<2>| 03|<2>| 6c|<2>| 6c|<2>| 6f|<2>|
>> Another bug was that your ext_helloworld.c cleared out the buffer, you
>> need to remove this call:
>>>> Maybe you could push a git branch with your
>>>> work somewhere, so we can more easily reproduce the problem?
>>> Due to the lack of a git server, I put my GnuTLS version on a webserver:
>>> If you prefer a git branch, I need to get a server first :-) (which is
>>> probably not impossible, but needs more time :))
>> A tarball is fine. You can push to free git servers out there, such as
More information about the Gnutls-help