https://bugzilla.novell.com/show_bug.cgi?id=321325
User [email protected] added comment https://bugzilla.novell.com/show_bug.cgi?id=321325#c1 Laurenz Albe <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] Status|NEEDINFO |ASSIGNED Info Provider|[email protected] | --- Comment #1 from Laurenz Albe <[email protected]> 2008-12-22 05:43:37 MST --- I can reproduce the bug with Npgsql 2.0.2 with Mono 2.0.1 against PostgreSQL 8.3.5 with OpenSSL 0.9.7a, and I can provide more information. Unfortunately my understanding of Mono, C# and SSL/TLS is not sufficient that I can fix the bug. Maybe somebody can give me a hand? Here is what I find: PostgreSQL uses OpenSSL for handling encrypted connections. After a certain number of bytes transferred (0.5 GB by default), PostgreSQL will initialize a renegotiation. OpenSSL sends an encrypted "Hello Request" message to the client. The decrypted TLS 1.0 Handshake Message looks as follows: Byte 0 0x00 Hello Request Bytes 1-3 0x000000 Length of following data The following ensues in Mono.Security.dll in namespace Mono.Security.Protocol.Tls: In class RecordProtocol, method "InternalReceiveRecordCallback" is entered. The message is duly decrypted and the message type is identified as ContentType.Handshake. Method "ProcessHandshakeMessage" in class ClientRecordProtocol is entered. Variable "length" is read from the input data and becomes 0. Variable "data" remains null. Method "createServerHandshakeMessage" in class ClientRecordProtocol is entered. In the ClientContext, HandshakeState is set to None. Control returns to method "ProcessHandshakeMessage", and in the ClientContext, LastHandshakeMsg is set to HelloRequest. Then control returns to "InternalReceiveRecordCallback", and internalResult.SetComplete is called with the buffer containing the four zero bytes. Now somehow, in a way I do not understand, these four bytes are not, as they should be, discarded, but are returned to the client reading from the Mono.Security.Protocol.Tls.SslClientStream. These four zero bytes, which are part of the SSL protocol, but *not* of the database client-server protocol, cause the problem. If the client ignores these bytes, SSL renegotiation continues normally, and work can continue. It seems that the solution would be to keep the Hello Request in the SSL layer where it belongs. Where and how should this be fixed? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug. _______________________________________________ mono-bugs maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-bugs
