[gnutls-devel] GnuTLS | With TLS 1.3 enabled, gnutls_handshake() succeeds in client when client fails to send required certificate (#615)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Sun Nov 11 16:45:43 CET 2018


> I think your test is checking the result of `gnutls_handshake` in the server, not the client. Maybe I wasn't clear enough that the unexpected behavior occurs only on the client side. Let me try modifying it to see what happens.

I modified your `cert-status` test to print the handshake result of the client.

With TLS 1.0 and TLS 1.2, the client's `gnutls_handshake` fails with `GNUTLS_E_PULL_ERROR`. (I don't know why that differs from the `GNUTLS_E_NO_CERTIFICATE_FOUND` that glib-networking receives and expects, but perhaps it's because glib-networking uses its own custom push and pull functions.)

With TLS 1.3, the client's `gnutls_handshake` succeeds (unexpectedly?). https://gitlab.com/TheRealMichaelCatanzaro/gnutls/commit/7ea1fa1c405643ff41c51e10346c0c307465770a demonstrates this behavior.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/615#note_116308847
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181111/78980f44/attachment.html>


More information about the Gnutls-devel mailing list