TLS 1.2 server
Simon Josefsson
simon at josefsson.org
Thu Oct 1 13:51:09 CEST 2009
Daiki Ueno <ueno at unixuser.org> writes:
>>>>>> In <87eipo4jgc.fsf at mocca.josefsson.org>
>>>>>> Simon Josefsson <simon at josefsson.org> wrote:
>> >> The x509self self-test started failing, and it may be TLS 1.2 related.
>> >> Can you take a look?
>> >
>> > Sure, but I couldn't reproduce the failure. What architecture did you
>> > run the test on?
>
>> Debian x86.
>
> I'm now able to reproduce it on x86. I wonder why this is not the case
> on amd64.
>
>> >> ==12233== Invalid read of size 4
>> >> ==12233== at 0x40479CC: _gnutls_hash_deinit (gnutls_hash_int.c:172)
>> >> ==12233== by 0x4058683: _gnutls_tls_sign_hdata (gnutls_sig.c:157)
>
> It should be fixed with:
> http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=01c50c13f7e7a1d676451015ef66c95511d1d734
>
> That was actually my mistake - when I changed the underlying hash
> function from SHA-1 to SHA256, I forgot to increase the buffer size of
> internal hash values.
Thanks!
I'll do a release shortly, so we can more easily test how TLS 1.2 works
in some real applications now that it is the default.
/Simon
More information about the Gnutls-devel
mailing list