[gnutls-help] false start
nmav at gnutls.org
Fri Feb 7 23:13:36 CET 2020
On Fri, Feb 7, 2020 at 4:53 PM Jeremy Harris <jgh at wizmail.org> wrote:
> On 07/02/2020 14:52, Nikos Mavrogiannopoulos wrote:
> > On Fri, Feb 7, 2020 at 2:45 PM Jeremy Harris <jgh at wizmail.org> wrote:
> >> gnutls_session_get_desc() seems to not be usefully
> >> callable immediately after gnutls_handshake() returns,
> >> with False Start in play, which is reasonable.
> >> However it also isn't returning useful info when called
> >> during a handshake-done callback set up with
> >> gnutls_handshake_set_hook_function(state->session,
> >> GNUTLS_HANDSHAKE_FINISHED, GNUTLS_HOOK_POST, ...
> >> I suspect the cause is the obvious flag
> >> "initial_negotiation_completed", set in handshake_client()
> >> only after the state-machine has terminated.
> >> Could the info be made accessible earlier? How early?
> > Out of curiosity what is the reason you would like to know whether
> > parameters in relation to false start are acceptable early?
> These are just the general-info items for the connection,
> for observability and reporting - the ciphersuite etc.
> I'm not needing to modify anything.
> Absent False Start, the obvious time to gather them is once
> the connection is made - ie. right after gnutls_handshake()
> returns - but obviously that no longer works.
Maybe I'm stating the obvious, but you know (via the flags) when false
start happened. In that case you also know that you can get these
parameters right after the first (successful) call to
gnutls_record_recv(). Is that sufficient for your use-case?
If that's too late, you could also try to get this earlier by
combining gnutls_record_recv() and gnutls_handshake_get_last_in().
That is, even if gnutls_record_recv() doesn't succeed (e..g, returns
E_AGAIN), you could verify whether the last message received is the
finished one which will indicate that you can call the functions
you're interested at. I do not think we have a test for this scenario
More information about the Gnutls-help