[gnutls-devel] GnuTLS | gnutls_record_send() fails with GNUTLS_E_INVALID_REQUEST (#823)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Wed Sep 25 06:17:38 CEST 2019
Nikos Mavrogiannopoulos commented:
Hi Michael. There is no such function to check for a closed session, as a session can close only explicitly (bye), or by a fatal error during send or recv. Going through the log again I think I see a more detailed pattern:
1. `gnutls_session_get_data2()` is called
2. error is printed: `GTLS: The pull function has been replaced but not the pull timeout`
3. send is called and it considers the session as closed
So it must be (2) that causes the error. A change in TLS1.3 was that a session ticket arrives asynchronously, and that's why session_get_data2(), now tries to read with a timeout. That the pull timeout was not required before except for DTLS and in the case you were using a receiving function that explicitly set a timeout. As many applications set `gnutls_transport_set_pull_timeout_function` anyway, an issue like that may not have been noticed. Could that be the case here? (does glib-networking set the pull timeout?)
If it is not calling it what we can do in gnutls is make sure that `gnutls_session_get_data2()` does not require a timeout if a callback is not set instead of invalidating the session. A better fix would be to set the callback of course.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/823#note_221631821
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190925/41d1b586/attachment.html>
More information about the Gnutls-devel
mailing list