On Tue, 17 Nov 2009 11:32:46 +0100 Simon Josefsson <[email protected]> wrote:
> > In GnuTLS, rehandshaking needs to be done explicitly by servers when > > they get the GNUTLS_E_REHANDSHAKE error back from > > gnutls_record_recv. If servers don't call gnutls_handshake when > > that happens, there is no problem. So people can check their > > applications if they are vulnerable to this problem. > > For everyone's information, searching for "GNUTLS_E_REHANDSHAKE" in > code is not be sufficient: that only takes care of the situation > where the local client reacts on a renegotiation request from the > remote server. > > You also have to search for "gnutls_rehandshake" to take care of the > situation where the local server initiates the renegotiation request. I did a search for that in Red Hat Enterprise Linux sources and I've not found anything using it. Google codesearch finds it in mod_gnutls though. From a 30sec look, it may be using it in similar cases as mod_ssl / mod_nss. th. _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
