[gnutls-devel] GnuTLS | bad_certificate instead of decode_error alert when empty compress certificate message (#1593)

[Read-only notification of GnuTLS library development activities]

George Pantelakis created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1593



## Description of problem:
When a compressed certificate is used we send the following compressed certificate message:

struct { CertificateCompressionAlgorithm algorithm; uint24 uncompressed_length; opaque compressed_certificate_message\<1..2^24-1\>; } CompressedCertificate;

When we are sending an empty compressed_certificate_message with a length of 0 bytes then we should get a decode error since the minimum accepted message is of size 1 byte. Instead, we are getting a bad_certificate error. 

## Version of gnutls used:
gnutls-3.8.7

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
RHEL and Fedora

## How reproducible:
Always

Steps to Reproduce:

 * Run https://github.com/tlsfuzzer/tlsfuzzer/blob/master/scripts/test-tls13-client-certificate-compression.py against a GnuTLS server.

## Actual results:
Test "Empty compressed message" from test-tls13-client-certificate-compression.py fail

## Expected results:
Test "Empty compressed message" from test-tls13-client-certificate-compression.py should pass

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1593
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241016/349d9f6d/attachment.html>