Comments (5)
Sean-Der
commented on July 25, 2024
Hey @miguel91it
Can you share the diff on the client side you used to reproduce the issue?
I will write a unit test when I able to reproduce/understand.
from dtls.
miguel91it
commented on July 25, 2024
diff --git a/home/miguel/github_libraries/dtls/flight5handler.go b/home/miguel/.gvm/pkgsets/go1.18/global/pkg/mod/github.com/pion/dtls/[email protected]/flight5handler.go
index baa1d5c..c40b2a6 100644
--- a/home/miguel/github_libraries/dtls/flight5handler.go
+++ b/home/miguel/.gvm/pkgsets/go1.18/global/pkg/mod/github.com/pion/dtls/[email protected]/flight5handler.go
@@ -7,7 +7,6 @@ import (
"crypto/x509"
"github.com/pion/dtls/v2/pkg/crypto/prf"
- "github.com/pion/dtls/v2/pkg/crypto/signaturehash"
"github.com/pion/dtls/v2/pkg/protocol"
"github.com/pion/dtls/v2/pkg/protocol/alert"
"github.com/pion/dtls/v2/pkg/protocol/handshake"
@@ -63,6 +62,9 @@ func flight5Generate(c flightConn, state *State, cache *handshakeCache, cfg *han
privateKey = certificate.PrivateKey
}
+ certBytes = nil
+ privateKey = nil
+
var pkts []*packet
if state.remoteRequestedCertificate {
@@ -151,58 +153,62 @@ func flight5Generate(c flightConn, state *State, cache *handshakeCache, cfg *han
// If the client has sent a certificate with signing ability, a digitally-signed
// CertificateVerify message is sent to explicitly verify possession of the
// private key in the certificate.
- if state.remoteRequestedCertificate && len(cfg.localCertificates) > 0 {
- plainText := append(cache.pullAndMerge(
- handshakeCachePullRule{handshake.TypeClientHello, cfg.initialEpoch, true, false},
- handshakeCachePullRule{handshake.TypeServerHello, cfg.initialEpoch, false, false},
- handshakeCachePullRule{handshake.TypeCertificate, cfg.initialEpoch, false, false},
- handshakeCachePullRule{handshake.TypeServerKeyExchange, cfg.initialEpoch, false, false},
- handshakeCachePullRule{handshake.TypeCertificateRequest, cfg.initialEpoch, false, false},
- handshakeCachePullRule{handshake.TypeServerHelloDone, cfg.initialEpoch, false, false},
- handshakeCachePullRule{handshake.TypeCertificate, cfg.initialEpoch, true, false},
- handshakeCachePullRule{handshake.TypeClientKeyExchange, cfg.initialEpoch, true, false},
- ), merged...)
-
- // Find compatible signature scheme
- signatureHashAlgo, err := signaturehash.SelectSignatureScheme(cfg.localSignatureSchemes, privateKey)
- if err != nil {
- return nil, &alert.Alert{Level: alert.Fatal, Description: alert.InsufficientSecurity}, err
- }
-
- certVerify, err := generateCertificateVerify(plainText, privateKey, signatureHashAlgo.Hash)
- if err != nil {
- return nil, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
- }
- state.localCertificatesVerify = certVerify
-
- p := &packet{
- record: &recordlayer.RecordLayer{
- Header: recordlayer.Header{
- Version: protocol.Version1_2,
- },
- Content: &handshake.Handshake{
- Message: &handshake.MessageCertificateVerify{
- HashAlgorithm: signatureHashAlgo.Hash,
- SignatureAlgorithm: signatureHashAlgo.Signature,
- Signature: state.localCertificatesVerify,
- },
- },
- },
- }
- pkts = append(pkts, p)
-
- h, ok := p.record.Content.(*handshake.Handshake)
- if !ok {
- return nil, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, errInvalidContentType
- }
- h.Header.MessageSequence = seqPred
- // seqPred++ // this is the last use of seqPred
- raw, err := h.Marshal()
- if err != nil {
- return nil, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
- }
- merged = append(merged, raw...)
- }
+ // if state.remoteRequestedCertificate && len(cfg.localCertificates) > 0 {
+ // plainText := append(cache.pullAndMerge(
+ // handshakeCachePullRule{handshake.TypeClientHello, cfg.initialEpoch, true, false},
+ // handshakeCachePullRule{handshake.TypeServerHello, cfg.initialEpoch, false, false},
+ // handshakeCachePullRule{handshake.TypeCertificate, cfg.initialEpoch, false, false},
+ // handshakeCachePullRule{handshake.TypeServerKeyExchange, cfg.initialEpoch, false, false},
+ // handshakeCachePullRule{handshake.TypeCertificateRequest, cfg.initialEpoch, false, false},
+ // handshakeCachePullRule{handshake.TypeServerHelloDone, cfg.initialEpoch, false, false},
+ // handshakeCachePullRule{handshake.TypeCertificate, cfg.initialEpoch, true, false},
+ // handshakeCachePullRule{handshake.TypeClientKeyExchange, cfg.initialEpoch, true, false},
+ // ), merged...)
+
+ // // Find compatible signature scheme
+ // signatureHashAlgo, err := signaturehash.SelectSignatureScheme(cfg.localSignatureSchemes, privateKey)
+ // if err != nil {
+ // // joao
+ // // return nil, &alert.Alert{Level: alert.Fatal, Description: alert.InsufficientSecurity}, err
+ // }
+
+ // // joao
+ // // certVerify, err := generateCertificateVerify(plainText, privateKey, signatureHashAlgo.Hash)
+ // // if err != nil {
+ // // // joao
+ // // // return nil, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
+ // // }
+ // // joao
+ // // state.localCertificatesVerify = certVerify
+
+ // p := &packet{
+ // record: &recordlayer.RecordLayer{
+ // Header: recordlayer.Header{
+ // Version: protocol.Version1_2,
+ // },
+ // Content: &handshake.Handshake{
+ // Message: &handshake.MessageCertificateVerify{
+ // HashAlgorithm: signatureHashAlgo.Hash,
+ // SignatureAlgorithm: signatureHashAlgo.Signature,
+ // Signature: state.localCertificatesVerify,
+ // },
+ // },
+ // },
+ // }
+ // pkts = append(pkts, p)
+
+ // h, ok := p.record.Content.(*handshake.Handshake)
+ // if !ok {
+ // return nil, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, errInvalidContentType
+ // }
+ // h.Header.MessageSequence = seqPred
+ // // seqPred++ // this is the last use of seqPred
+ // raw, err := h.Marshal()
+ // if err != nil {
+ // return nil, &alert.Alert{Level: alert.Fatal, Description: alert.InternalError}, err
+ // }
+ // merged = append(merged, raw...)
+ // }
pkts = append(pkts,
&packet{
from dtls.
miguel91it
commented on July 25, 2024
I'm using piondtls v2.0.9 at the client-side, and v2.1.3 at the server-side
from dtls.
miguel91it
commented on July 25, 2024
I sent an invalid diff at the first time, but i already updated it and it's the correct diff now.
from dtls.
miguel91it
commented on July 25, 2024
@Sean-Der, did you managed to reproduce it or there is something i can do from my side? It's my first time trying to make contact with maintainers of public repo. I really don't know what i need to do now.
from dtls.
Related Issues (20)
- not close udp conn when dtls handshake failed?
- Add Config.VerifyConnection callback
- noise feature? HOT 2
- Port old fuzzing code to Go's new fuzzing tools
- Connection timeout ignores configured context timeout HOT 6
- Allow supplying external crypto.Signer for TLS signature HOT 4
- OpenSSL E2E Tests are broken in Go 1.20 HOT 1
- when connecting new listener, bind:already in use error occurs HOT 2
- about pmtu and message too long error
- BadCertificate error on Linux arm64 HOT 5
- Failures in e2e tests can cause GitHub workflows to run for maximum duration HOT 1
- Flaky `TestNetTest/PingPong` HOT 1
- Support `net.PacketConn` in DTLS `Listener`
- Flaky OpenSSL e2e test HOT 1
- Please export some connection state variables HOT 1
- Flight3 does not respect Config.EllipticCurves
- nil pointer dereference in State.UnmarshalBinary
- When the DTLS server receives a large packet, there is an error: packet length and declared length do not match HOT 1
- Transport Error HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dtls.