gnutls-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[sr #107495] gnutls_bye() blocks on network issues

From: anonymous
Subject: [sr #107495] gnutls_bye() blocks on network issues
Date: Fri, 15 Oct 2010 08:26:04 +0000
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.9) Gecko/20100908 CentOS/3.6-2.el5.centos Firefox/3.6.9 
Follow-up Comment #4, sr #107495 (project gnutls):

On why this is required see the TLS protocol:
http://tools.ietf.org/html/rfc5246#section-7.2.1
But how would you distinguish a network error from
a truncation attack? Both should be detected by TLS.

Since openldap uses select you could use gnutls_bye with GNUTLS_SHUT_WR, and
once the socket is readable try to read
with gnutls_record_recv() which should return 0 (EOF). If it is not readable
within some time limit terminate the connection with error.




    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/support/?107495>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]