Skip to content

GitLab

Closed
Created by Hubert Kario (@mention me if you need reply)@tomato42Developer

Impossible to test post handshake authentication with tlsfuzzer

I was testing a new tlsfuzzer script for PHA and it doesn't look to me like it is possible to test PHA with a single script against one instance of GnuTLS.

https://github.com/tomato42/tlsfuzzer/pull/551

I executed the script with

--query '**REAUTH**                                
' --pha-as-reply

options set, and started gnutls-serv with --echo.

While executing the 'post-handshake authentication' script works as expected, even multiple times, any other conversation, including 'post-handshake authentication with no client cert' results in an abort from server:

|<3>| ASSERT: buffers.c[_gnutls_io_read_buffered]:589
|<3>| ASSERT: tls13/certificate.c[_gnutls13_recv_certificate]:59
|<3>| ASSERT: buffers.c[get_last_packet]:1168
|<3>| ASSERT: buffers.c[_gnutls_io_read_buffered]:589
|<3>| ASSERT: tls13/certificate.c[_gnutls13_recv_certificate]:59
|<3>| ASSERT: buffers.c[get_last_packet]:1168
|<5>| REC[0xcad710]: SSL 3.3 Application Data packet received. Epoch 2, length: 37
|<5>| REC[0xcad710]: Expected Packet Handshake(22)
|<5>| REC[0xcad710]: Received Packet Application Data(23) with length: 37
|<5>| REC[0xcad710]: Decrypted Packet[1] Handshake(22) with length: 20
|<4>| HSK[0xcad710]: CERTIFICATE (11) was received. Length 16[16], frag offset 0, frag length: 16, sequence: 0
|<4>| HSK[0xcad710]: parsing certificate message
|<3>| ASSERT: tls13/certificate.c[parse_cert_list]:407
|<3>| ASSERT: tls13/certificate.c[_gnutls13_recv_certificate]:110
|<3>| ASSERT: tls13/post_handshake.c[_gnutls13_reauth_server]:175
reauth: Certificate is required.
$

and no Alert sent to client:

Error encountered while processing node ExpectNewSessionTicket(note='second set') (child: ExpectNewSessionTicket(note='second set')) with last message being: None
Error while processing
Traceback (most recent call last):
  File "scripts/test-tls13-post-handshake-auth.py", line 446, in main
    runner.run()
  File "/home/hkario/dev/tlsfuzzer/tlsfuzzer/runner.py", line 221, in run
    "Unexpected closure from peer")
AssertionError: Unexpected closure from peer