[sr #107495] gnutls_bye() blocks on network issues
anonymous
INVALID.NOREPLY at gnu.org
Fri Oct 15 10:26:04 CEST 2010
Follow-up Comment #4, sr #107495 (project gnutls):
On why this is required see the TLS protocol:
http://tools.ietf.org/html/rfc5246#section-7.2.1
But how would you distinguish a network error from
a truncation attack? Both should be detected by TLS.
Since openldap uses select you could use gnutls_bye with GNUTLS_SHUT_WR, and
once the socket is readable try to read
with gnutls_record_recv() which should return 0 (EOF). If it is not readable
within some time limit terminate the connection with error.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/support/?107495>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
More information about the Gnutls-devel
mailing list