[sr #107495] gnutls_bye() blocks on network issues

anonymous INVALID.NOREPLY at gnu.org
Fri Oct 15 10:26:04 CEST 2010

Follow-up Comment #4, sr #107495 (project gnutls):

On why this is required see the TLS protocol:
But how would you distinguish a network error from
a truncation attack? Both should be detected by TLS.

Since openldap uses select you could use gnutls_bye with GNUTLS_SHUT_WR, and
once the socket is readable try to read
with gnutls_record_recv() which should return 0 (EOF). If it is not readable
within some time limit terminate the connection with error.


Reply to this item at:


  Message sent via/by Savannah

More information about the Gnutls-devel mailing list