[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Big CA certificate bundle causes problems with GnuTLS 3.0.11
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
Re: Big CA certificate bundle causes problems with GnuTLS 3.0.11 |
|
Date: |
Tue, 29 May 2012 22:34:33 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:10.0.4) Gecko/20120510 Icedove/10.0.4 |
On 05/29/2012 05:31 PM, Phil Pennock wrote:
> On 2012-05-29 at 21:46 +0700, Janne Snabb wrote:
>> I am experiencing a TLS handshake problem when GnuTLS 3.0.11 server has
>> a big pile of CA certificates to verify against. I can not reproduce the
>> problem with GnuTLS 2.12.14.
[...]
> hsk->length is read from the Handshake->length (uint24); data_size is
> the size of the CertificateRequest (received buffer size less 4 for the
> handshake header (type 1 octet, length 3 octets).
> hsk->start_offset is always 0.
> hsk->end_offset is always (hsk->length - 1) [because this isn't DTLS].
> So the check added in 67f4dba6 is going to always reject a fragmented
> handshake packet.
Correct. I've committed a fix at:
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=6299e8a8c7371da1e674419c36cbcbe1630aef0a
regards,
Nikos
Re: Big CA certificate bundle causes problems with GnuTLS 3.0.11, Nikos Mavrogiannopoulos, 2012/05/29