[prev in list] [next in list] [prev in thread] [next in thread]
List: gnutls-dev
Subject: Re: TLS handshake problems
From: Nikos Mavrogiannopoulos <nmav () gnutls ! org>
Date: 2008-11-29 8:22:17
Message-ID: 4930FBB9.5010602 () gnutls ! org
[Download RAW message or body]
Metzler, Richard wrote:
> Hello,
>
> currently I am testing a TLS connection using Gnu TLS 2.2.5.on server
> and client side. For the TCP communication Diameter is used.
>
> There are situations that on both sides the TLS handshake fails, e.g.
> due to a wrong client certificate (Gnu TLS error code
> NO_CERTIFICATE_FOUND). But in this special case the server finishes the
> handshake with error and the client is still waiting in the handshake.
> Now the server announces closing the connection to the client by sending
> the Diameter disconnect message (DPR). This message is received by the
> client Gnu TLS when expecting a TLS message, preventing a correct shut
> down of the connection.
> To avoid this problem I added a call to gnutls_alert_send_appropriate in
> case the server finishes the handshake with errors. This helps to finish
> the handshake on the client side in this case, but there are situations
> when the handshake is finished on both sides with an error. Then the
> additional alert message would be interpreted on the client side as
> Diameter message which also is not correct.
> My question is, is there a way for the server to decide whether the
> alert has to be sent or not, i.e. to detect the state of the client -
> maybe by evaluating the result code of the handshake?
No. If the connection fails for some reason you should not try to reuse it.
regards,
Nikos
_______________________________________________
Gnutls-devel mailing list
Gnutls-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/gnutls-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic