[gnutls-devel] gnutls 3.2.3 segfault in _gnutls_epoch_set_keys

Stefan Bühler stbuehler at lighttpd.net
Fri Aug 2 16:28:40 CEST 2013

And again, sry :)

On Fri, 2 Aug 2013 16:20:21 +0200
Stefan Bühler <stbuehler at lighttpd.net> wrote:

> Hi,
> I think I found the problem:
> _gnutls_epoch_set_cipher_suite fails, because my normal priority
> string has RC4 disabled; the hello_cb is supposed to enable RC4 for
> TLS1.0
> Although the callback gets called (and sees the correct version and
> sets the RC4 priority), _gnutls_epoch_set_cipher_suite still doesn't
> accept the RC4 cipher from the ticket state.

The hello callback comes after the _gnutls_epoch_set_cipher_suite
obviously, so no surprises here (the log shows this too).

> The return value of _gnutls_epoch_set_cipher_suite isn't checked by
> any of the calling functions... this should probably be fixed (same
> for _gnutls_epoch_set_compression and so on).
> Also it'd be nice if the hello callback could change the priority :)

More information about the Gnutls-devel mailing list