[openssl-dev] State machine rewrite
Hubert Kario
hkario at redhat.com
Thu Sep 24 15:19:49 UTC 2015
On Friday 11 September 2015 15:34:15 Matt Caswell wrote:
> I've just opened a github pull request to show recent work I have been
> doing on rewriting the OpenSSL state machine (for version 1.1.0).
> See: https://github.com/openssl/openssl/pull/394
>
> My objectives for the rewrite were:
> - Separate message flow state from handshake state (in order to better
> understand each)
Unfortunately, it doesn't look like the rewrite fixed
https://rt.openssl.org/Ticket/Display.html?id=3712&user=guest&pass=guest
I can still reproduce the issue:
openssl req -x509 -newkey rsa -keyout localhost.key -out localhost.crt\
-nodes -batch
~/dev/openssl/apps/openssl s_server -key localhost.key -cert\
localhost.crt
pip install --pre tlslite-ng
git clone https://github.com/tomato42/tlsfuzzer.git
cd tlsfuzzer
PYTHONPATH=. python scripts/test-openssl-3712.py
The client reports Broken pipe
While the server reports:
140584857466520:error:140940F5:SSL routines:ssl3_read_bytes:unexpected
record:record/rec_layer_s3.c:1458:
--
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150924/682c5211/attachment.sig>
More information about the openssl-dev
mailing list