[gnutls-devel] GnuTLS | Two alerts when there is an error with the compressed_certificate extension (#1570)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Wed Aug 14 10:39:49 CEST 2024
George Pantelakis created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1570
## Description of problem:
When there is an error in the compress_certificate negotiation or the CompressedCertificate message, GnuTLS sends 2 alerts instead of one. This is unexpected. It sends first a Bad Certificate alert followed by a different alert (Most likely the appropriate one).
## Version of gnutls used:
gnutls-3.8.5
## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
RHEL
## How reproducible:
Always
Steps to Reproduce:
* Override CertificateCompressionAlgorithms of the CompressedCertificate message to use 10 (unknown compression algorithm) instead of the correct one
* We are getting back a Bad Certificate alert and an Illegal Parameter alert (The second one is the correct)
## Actual results:
Sends two alerts. Attaching a [capture.pcap](/uploads/5f2d841cf172c802f4206b8f1e660ca9/capture.pcap) file to showcase the problem
## Expected results:
To send only one alert, the correct one for the occasion.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1570
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240814/d99adb96/attachment.html>
More information about the Gnutls-devel
mailing list