[gnutls-devel] handshake packet re-ordering issue during encrypted handshake

Guillaume Roguez guillaume.roguez at savoirfairelinux.com
Tue Jun 14 17:14:01 CEST 2016


----- Le 14 Juin 16, à 10:05, Guillaume Roguez guillaume.roguez at savoirfairelinux.com a écrit :

> ----- Le 14 Juin 16, à 9:58, Nikos Mavrogiannopoulos
> n.mavrogiannopoulos at gmail.com a écrit :
> 
>> On Fri, 2016-06-10 at 14:09 +0200, Nikos Mavrogiannopoulos wrote:
>>> On Mon, 2016-06-06 at 00:20 -0400, Guillaume Roguez wrote:
>>> 
>>> > 
>>> > For sure, I'm joining a patch to modify this test (also utils to
>>> > permit
>>> > extra arguments). It must be applied inside tests/ directory.
>>> > Notice you need to give CA, certificate and key as arguments for
>>> > x509
>>> > authentification.
>>> > 
>>> > The patch gives a working version, uncomment the line:
>>> I could not reproduce it. Could you please use the attached file as
>>> starting point for your test? It is based on a newly introduced test
>>> for DTLS and uses the embedded certificates and keys. If to reproduce
>>> you need different certificates please include them in the test.
>> 
>> Ping? I'm suspecting it may be related to the certificate size. If you
>> cannot include the certificates you are using please generate a test
>> pair with size close to the problematic one.
>> 
>> regards,
>> Nikos
> 
> I'm going to test and report to you my results.
> Thanks
> 
> Guillaume

Ok, your example doesn't trig the packet re-odering code, that's why it pass ;-)

Just change the line 87 like this:

before: if (!pkt_found && len == MTU) {
after: if (!pkt_found && len > 1200) {

In my case the biggest client packet is 1485 bytes, that's trigging the re-ordering simulator.

Using this change on your code causes the issue.

Regards,
Guillaume



More information about the Gnutls-devel mailing list