On Wed, Oct 1, 2014 at 2:03 PM, Manuel Pégourié-Gonnard
<[email protected]> wrote:
> On 01/10/2014 13:30, Nikos Mavrogiannopoulos wrote:
>> Interesting. There is the dtls-stress tool to reproduce that scenario
>> and I tried:
>> ./dtls-stress -full -shello 01234 -sfinished 01 -cfinished 01234
>> CCertificate CKeyExchange CCertificateVerify CChangeCipherSpec
>> CFinished -d 6
>> which filters the same packets as in your scenario, but everything goes well.
>>
> Weird. I'm not sure if that's relevant, but from what I understand, the proxy
> I
> used does a bit more than that, eg when the server resends its ServerHello
> flight, messages are reordered, and some of them are even "lost".
It seems the dtls-stress tests don't include support for session
tickets, while your test does. Does this patch fix the issue you see?
regards,
Nikos
diff --git a/lib/ext/session_ticket.c b/lib/ext/session_ticket.c
index 33ad8d9..aeae5a8 100644
--- a/lib/ext/session_ticket.c
+++ b/lib/ext/session_ticket.c
@@ -33,6 +33,7 @@
#include <gnutls_mbuffers.h>
#include <gnutls_extensions.h>
#include <gnutls_constate.h>
+#include <gnutls_dtls.h>
#ifdef ENABLE_SESSION_TICKETS
@@ -643,6 +644,17 @@ int _gnutls_recv_new_session_ticket(gnutls_session_t
session)
if (!priv->session_ticket_renew)
return 0;
+ /* This is the last flight and peer cannot be sure
+ * we have received it unless we notify him. So we
+ * wait for a message and retransmit if needed. */
+ if (IS_DTLS(session) && !_dtls_is_async(session) &&
+ (gnutls_record_check_pending(session) +
+ record_check_unprocessed(session)) == 0) {
+ ret = _dtls_wait_and_retransmit(session);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+
ret = _gnutls_recv_handshake(session,
GNUTLS_HANDSHAKE_NEW_SESSION_TICKET,
0, &buf);
_______________________________________________
Gnutls-help mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnutls-help
