subject:"TLS Alert protocol"

TLS Alert protocol

2009-01-20 Thread Emanuele Cesena

Hi all,

some time ago we wrote about a general framework to implement TLS
Extensions and Supplemental Data messages.

We are now dealing with errors/failures, and the related message to be
send as part of the TLS Alert protocol.

Let's begin with the simpler case: TLS Extensions.
Since there are already examples, it seems clear that an extension can
fail whenever it wants (still within the TLS Handshake) and it usually
fails with:
- SSLerr for local output
- ssl3_send_alert() to notify to the peer. 
The error is usually an SSL_AD_HANDSHAKE_FAILURE (or maybe an internal
error).

That's why we plan to:
- let an extension call SSLerr
- let an extension to return an error code, which our framework will
send through ssl3_send_alert().
Any comment on that?


Next step, Supplemental Data.
By RFC, SD should not "compromise" the Handshake protocol:
  
  Information provided in a supplemental data object MUST be intended
  to be used exclusively by applications and protocols above the TLS
  protocol layer.  Any such data MUST NOT need to be processed by the
  TLS protocol. 

So we process SD after the handshake, e.g. in s3_srvc.c in the very last
line of ssl3_accept() before returning (resp. on client side in
ssl3_connect()).

The point is: are we allowed to use the Alert protocol in order to
notify to the peer that the verification of SD failed?
In case, what error message should be appropriate?
We planned to implement SD as extensions, this means:
- SD can locally output errors with SSLerr
- SD can return an error code, which will be forwarded to the peer by
our framework. Shall we restrict the allowed return error codes?

Just to give an example of usage, we are designing an extension which:
- on client side negotiates a single SD entry, with a digital signature
on some data.
- on server side verifies the client's digital signature, and abort the
close the channel in case of failure.

Best regards
-- 
Emanuele Cesena 
http://ecesena.dyndns.org

Il corpo non ha ideali

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: TLS Alert protocol

2009-01-23 Thread Emanuele Cesena

Ok, let me simplify.

Can I use ssl3_send_alert() at the application layer?

Regards
-- 
Emanuele Cesena 
http://ecesena.dyndns.org

Il corpo non ha ideali

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

TLS Alert protocol

Re: TLS Alert protocol

2 matches

Site Navigation

Mail list logo

Footer information