On Tue, 2019-03-12 at 13:13 +0000, Andrea Dal Bo wrote: > Hi, > recently we moved from gnults 2.13.23 to gnutls 3.6.5. > By doing this I encountered an issue with applications using the > library. In fact it happens that the our TR-069 agent is sending pkts > over https by means of gnutls_record_send. It might happens that > gnutls_record_send is called with data_size=0. This was accepted in > the older gnutls 2.13.23. > With gnutls 3.6.5 it is not. In fact gnutls_record_send calls > gnutls_record_send2 with pad=0, and subsequently > _gnutls_send_tlen_int that verifies that if both data_size and pad > are 0 returns GNUTLS_E_INVALID_REQUEST (record.c line 492).
Hi, What is your goal with this behavior? The library tries to protect against incorrect use of it, and sending zero-byte packets was probably one of them (they are used for specific purposes in the protocol and can confuse the peer). > I tried to modify the application to add a padding>=1 in case of > data_size=0 by calling gnutls_record_can_use_length_hiding. In fact > even if this function was returning 1, the subsequent call of > gnutls_record_send2 was still returning GNUTLS_E_INVALID_REQUEST. In > fact the discrimination was that tls1.3 handshake semantics was set > to false. That is a bit misleading, IMHO. I am not sure I understand this, what do you mean here? btw. if you think that's a bug it is easier to bring on the issue tracker (I do not follow the help list much, and I think that's the same with other developers). regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
