[gnutls-help] failing DTLS handshake

Balázs Kéri 1.int32 at gmail.com
Fri Sep 1 09:49:48 CEST 2017 

Hi,

I do not know if this is right place to ask about source code but I found
something that may cause this problem:

This message is printed to the log:
531 [2017-Aug-24 10:13:38.768832] [7f9cf8ff9700] [ML_LoadB23] [trace]
GnuTLS -- [level:3]: ASSERT: buffers.c[parse_handshake_header]:961
532 [2017-Aug-24 10:13:38.768852] [7f9cf8ff9700] [ML_LoadB23] [trace]
GnuTLS -- [level:3]: ASSERT:
buffers.c[_gnutls_parse_record_buffered_msgs]:1292
533 [2017-Aug-24 10:13:38.768873] [7f9cf8ff9700] [ML_LoadB23] [trace]
GnuTLS -- [level:1]: Invalid handshake packet headers. Discarding.

The check at buffers.c:956 fails (condition becomes true) if the
hsk->start_offset == hsk->end_offset which is the case here (fragment
length is 1). By the way, a part of the condition that is checked at lines
956 to 959 is checked just before (lines 951-952).

Balazs Keri


2017-08-29 11:40 GMT+02:00 Balázs Kéri <1.int32 at gmail.com>:

> Hi,
>
> Here is more data included:
> sequence numbers in format [epoch.sequence]
> The client sends more ClientHello (these are discarded) before the server
> is connected and ready to receive messages.
> The client and server are started cleanly (no message exchange happens
> before).
> The message with epoch 1 is detected as duplicate but I do not see
> messages with epoch 1 before it.
> Fragment offsets and fragment lengths looks OK.
>
> client->server:
> ClientHello[0.0] (total 164 bytes)
> client->server:
> ClientHello[0.1] (total 164 bytes)
> client->server:
> ClientHello[0.2] (total 164 bytes)
>
> client->server:
> ClientHello[0.3] (total 164 bytes)
>
> server->client:
> ServerHello[0.0],Certificate[0.1],CertificateRequest[0.2],
> ServerHelloDone[0.3] (total 1159 bytes)
>
> client->server:
> Certificate(Fragment)(243)[0.4],Certificate(Fragment)(243)[0.5],
> Certificate(Fragment)(243)[0.6],Certificate(Fragment)(243)[0.7],Certificat
> e(Fragment)(13)[0.8],ClientKeyExchange(142)[0.9],CertificateVerify(62)
> [0.10],CertificateVerify(92)[0.11] (total 1427 bytes)
>
> client->server:
> ChangeCipherSpec(1)[0.12],EncryptedHandshakeMessage(64)[1.0] (total 133
> bytes)
>
> Balázs Kéri
>
> 2017-08-29 11:06 GMT+02:00 Nikos Mavrogiannopoulos <
> n.mavrogiannopoulos at gmail.com>:
>
>> On Mon, 2017-08-28 at 10:08 +0200, Balázs Kéri wrote:
>> > Hi!
>>
>> > 533 [2017-Aug-24 10:13:38.768873]  GnuTLS -- [level:1]: Invalid
>> > handshake packet headers. Discarding.
>> > 569 [2017-Aug-24 10:13:38.770813]  GnuTLS -- [level:5]:
>> > REC[0x7f9ce0013ea0]: Discarded duplicate message[1.0]: Handshake
>>
>> Check what the sent client record numbers are. That message was
>> detected as duplicate.
>>
>> regards,
>> Nikos
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20170901/271b1df0/attachment.html>

More information about the Gnutls-help mailing list