mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-15 15:39:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #9655 from gilles-peskine-arm/dtls_server-allow_unexpected_message_on_second_handshake-3.6

Browse Source 
Backport 3.6: dtls_server: allow unexpected message on second handshake
This commit is contained in:
Manuel Pégourié-Gonnard 2024-10-02 10:36:12 +00:00 committed by GitHub
commit 711d583583
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 10 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
programs/ssl/dtls_server.c
View File

@ -291,7 +291,14 @@ reset:
ret = 0; ret = 0;
goto reset; goto reset;
} else if (ret != 0) { } else if (ret != 0) {
printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret); printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n", (unsigned int) -ret);
if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE) {
printf(" An unexpected message was received from our peer. If this happened at\n");
printf(" the beginning of the handshake, this is likely a duplicated packet or\n");
printf(" a close_notify alert from the previous connection, which is harmless.\n");
ret = 0;
}
printf("\n");
goto reset; goto reset;
} }

12
tests/opt-testcases/sample.sh
View File

@ -325,11 +325,6 @@ run_test "Sample: ssl_pthread_server, gnutls client, TLS 1.3" \
-S "error" \ -S "error" \
-C "ERROR" -C "ERROR"
# The server complains of extra data after it closes the connection
# because the client keeps sending data, so the server receives
# more application data when it expects a new handshake. We consider
# the test a success if both sides have sent and received application
# data, no matter what happens afterwards.
run_test "Sample: dtls_client with dtls_server" \ run_test "Sample: dtls_client with dtls_server" \
-P 4433 \ -P 4433 \
"$PROGRAMS_DIR/dtls_server" \ "$PROGRAMS_DIR/dtls_server" \
@ -339,13 +334,9 @@ run_test "Sample: dtls_client with dtls_server" \
-s "[1-9][0-9]* bytes written" \ -s "[1-9][0-9]* bytes written" \
-c "[1-9][0-9]* bytes read" \ -c "[1-9][0-9]* bytes read" \
-c "[1-9][0-9]* bytes written" \ -c "[1-9][0-9]* bytes written" \
-S "error" \
-C "error" -C "error"
# The server complains of extra data after it closes the connection
# because the client keeps sending data, so the server receives
# more application data when it expects a new handshake. We consider
# the test a success if both sides have sent and received application
# data, no matter what happens afterwards.
run_test "Sample: ssl_client2, dtls_server" \ run_test "Sample: ssl_client2, dtls_server" \
-P 4433 \ -P 4433 \
"$PROGRAMS_DIR/dtls_server" \ "$PROGRAMS_DIR/dtls_server" \
@ -355,6 +346,7 @@ run_test "Sample: ssl_client2, dtls_server" \
-s "[1-9][0-9]* bytes written" \ -s "[1-9][0-9]* bytes written" \
-c "[1-9][0-9]* bytes read" \ -c "[1-9][0-9]* bytes read" \
-c "[1-9][0-9]* bytes written" \ -c "[1-9][0-9]* bytes written" \
-S "error" \
-C "error" -C "error"
requires_protocol_version dtls12 requires_protocol_version dtls12