On 05/29/2012 05:31 PM, Phil Pennock wrote: > On 2012-05-29 at 21:46 +0700, Janne Snabb wrote: >> I am experiencing a TLS handshake problem when GnuTLS 3.0.11 server has >> a big pile of CA certificates to verify against. I can not reproduce the >> problem with GnuTLS 2.12.14. [...] > hsk->length is read from the Handshake->length (uint24); data_size is > the size of the CertificateRequest (received buffer size less 4 for the > handshake header (type 1 octet, length 3 octets). > hsk->start_offset is always 0. > hsk->end_offset is always (hsk->length - 1) [because this isn't DTLS]. > So the check added in 67f4dba6 is going to always reject a fragmented > handshake packet.
Correct. I've committed a fix at: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=6299e8a8c7371da1e674419c36cbcbe1630aef0a regards, Nikos _______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
