[gnutls-help] 0-length handshake fragments with DTLS

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu Sep 4 14:35:31 CEST 2014


On Tue, Sep 2, 2014 at 6:18 PM, Manuel Pégourié-Gonnard
<mpg at polarssl.org> wrote:
> On 02/09/2014 17:34, Nikos Mavrogiannopoulos wrote:
>> It doesn't look like a feature either. Is there some way to easily
>> reproduce that?
> Using the certificate and key below, with gnutls 3.3.7, run:
> gnutls-serv --x509certfile below.crt --x509keyfile below.key -u --mtu 104
> and connect with gnutls-cli -u --insecure localhost
> If everything goes as expected, the server's Certificate message will be 553
> bytes long and split in 7 fragments of length 79, plus one fragment with offset
> 553 and length 0. This can be observed using wireshark for example. (Wireshark
> flags this as an error "new fragment overlaps old data", which should rather be
> a warning IMO.)

Thanks. I've committed a fix.

regards,
Nikos



More information about the Gnutls-help mailing list