I'm just becoming familiar with TLS and I'm trying to understand it by
reading the 8.1 freeradius code. I don't quite have the ability to run
it yet. One thing i don't understand: in tls.c, the routine
tls_handshake_recv are the following lines:
if (ssn-info.content_type != application_data) {
err = BIO_read(ssn-from_ssl, ssn-dirty_out.data, MAX_RECORD_SIZE);
MAX_RECORD_SIZE is defined as 16k. But TLS messages can span records -
a certificate can be 16 Meg. I don't see any path to get back in here
and do another BIO_read to get the rest of the message (once dirty_out
has been emptied by transmitting it as EAP packets), without being
triggered to do so by receiving another handshake message. So if we
were sending, say, a 16 Meg cert, how would the subsequent records be
read from the BIO and transmitted? We will receive EAP fragment acks,
but those don't appear to come back in to tls_handshake_recv. Apologies
if I've missed something obvious here.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
