Indeed. However I plan to fix the case for client certificate as well, in the next few days.
regards, Nikos 2009/10/29 tangtong <[email protected]>: > Hi,Nikos > I have rebuilt the lib with the latest daily snap shot and the GIT snapshot > commited by you, the memory leak and core issue have been resolved. > > One more question: in your commit comments: > "3. In TLS 1.2 when a certificate request is sent, support is not complete. > In that case abort the handshake. By checking > TLS 1.2 it seems that the algorithms to be used for the signature in the > certificate verify message are negotiated not at > the client/server hello messages but rather selected by the server at the > certificate request. This might not look as bad, but since in this message > we have to sign all previous handshake messages, it forces us to keep all > the handshake messages into a buffer until this point... I don't know who > proposed this change to the TLS WG, but it seems it wasn't really thought > of." > > If client certificate is not needed, the current implemenation can support > TLS1.2, right? > > Regards > Tony > > > ________________________________ > ! From: [email protected] > To: [email protected] > Date: Mon, 26 Oct 2009 01:35:35 +0000 > CC: [email protected]; [email protected] > Subject: RE: Memory leaks are observed for libgnutls in multi-thread mode > > Hi,Nikos > I have reproduced the core dump with the server/client in the attach. If not > using the memory-leak patch, the core will not happen. > > Regards > Tony > > ________________________________ > From: [email protected] > To: [email protected] > Date: Fri, 23 Oct 2009 14:28:50 +0000 > CC: [email protected]; [email protected] > Subject: RE: Memory leaks are observed for libgnutls in multi-thread mode > > Hi,Nikos > > The server is implemented by myself with gnutls2.9.4 and your patch. To make > investigation easy, I will build a simplified server based on gnutls demo > server codes and let you know the results later. > > > Regards > Tony > > >> Date: Fri, 23 Oct 2009 10:38:20 +0300 >> Subject: Re: Memory leaks are observed for libgnutls in multi-thread mode >> From: [email protected] >> To: [email protected] >> CC: [email protected]; [email protected] >> >> Thanks. However in order to reproduce it I need to know to which >> server you connect to and which options does this server use? >> >> 2009/10/23 tangtong <[email protected]>: >> > Hi,Nikos >> > >> > The gnutls-cli built by me will core when I enable TLS1.2. I think the >> > code >> > base I use is a little diffent from what you are using. The following is >> > my >> > steps to setup the build enviorment: >> > 1)Download a gnutls releaes package 2.8.3 and decompress it; >> > 2)Download 2.9.4 snap shot and uncompress it to the directory created in >> > the >> > step 1); >> > 3)Run patch you provide. >> > > ! > > Seems only snapshot of 2.9.4 is not the whole build env, that's why i >> > decompress it to a build enviorment of 2.8.3. >> > >> > Regards >> > Tony >> > >> > >> > >> > >> > >> > >> > >> > >> >> Date: Thu, 22 Oct 2009 19:31:02 +0300 >> >> From: [email protected] >> >> To: [email protected] >> >> CC: [email protected]; [email protected] >> >> Subject: Re: Memory leaks are observed for libgnutls in multi-thread >> >> mode >> >> >> >> tangtong wrote: >> >> > Hi,Nikos >> >> >> >> > 2)The patch doesn't support >> >> > "NONE:+VERS-TLS1.2:+AES-256-CBC:+RSA:+SHA256:+COMP-NULL", I t! hink >> >> > your >> >> > patch disable the tls1.2 support, it will core with the following >> >> > dump >> >> > info: >> >> > fe9a2bb8 _gcry_m! d_copy (ffbff33c, 0, 0, febc6ed0, 14f8, fed3805c) + >> >> > 4 >> >> > feca8dfc _gnutls_hash_copy (ffbff338, 365c4, 0, 0, 0, 0) + 80 >> >> > fec9e0fc _gnutls_finished (36180, 2, ffbff440, 1, 6, 0) + 84 >> >> > fec9edc0 _gnutls_send_handshake_final (0, 0, 0, e, e, 4) + 128 >> >> > feca2548 _gnutls_handshake_common (36180, 0, 10, 4, ffffffe0, >> >> > ffbff551) >> >> > + 30 >> >> > feca382c gnutls_handshake (0, 4, 32fc8, 8e8, 17ac, ffbff5c4) + 60 >> >> > 000119bc main (1, ffbffa54, ffbffa5c, 22508, 0, 0) + 118 >> >> > 000112c8 _start (0, 0, 0, 0, 0, 0) + 5c >> >> >> >> Can you send me information on how I can reproduce this issue? I can >> >> use >> >> ./gnutls-cli tls.secg.org --priority >> >> "NONE:+VERS-TLS1.2:+AES-128-CBC:+RSA:+DHE-DSS:+SHA256:+COMP-NULL" to >> >> connect using TLS1.2 without any issues.> >> >> regards, >> >> Nikos >> > >> > ___________________! _____________ >> > 全新 Windows 7:寻找最适合您的 PC。 了解详情。 > > ________________________________ > Messenger保护盾2.0,更安全可靠的Messenger聊天! 现在就下载! > ________________________________ > Messenger保护盾2.0,更安全可靠的Messenger聊天! 现在就下载! > ________________________________ > 全新 Windows 7:寻找最适合您的 PC。 了解详情。 _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
