Closed derhex3r closed 1 year ago
Thank you for your very clear and detailed report.
The C function is actually called here before resetting the connection. Most likely, the I/O is missing. The C call buffers the notification but it isn't passed to the socket before the connection is reset.
If I'm right, then it shouldn't be very hard to fix. Let's see!
Thanks. When a new version with this fix will be available?
The next one. 😊 Most likely during the week.
I am submitting a …
Description
After the call of TLSWrappedSocket.shutdown(int) with different integers I do not see DTLS Alert message in Wireshark. I suppose that this method should be used for that because it calls mbedtls_ssl_close_notify()
Current behavior
With the use of TLSWrappedSocket.shutdown(0) we can see write a close notify message in mbedtls debug log, but wireshark does not show a Close Notify alert message (as it in the case with OpenSSL s_client).
Expected behavior
Call TLSWrappedSocket.shutdown(int) should send a Close Notify alert message.
Steps to reproduce
With use of
programs/server.py --dtls --debug 2 --psk-store CLI=SECRET
andprograms/client.py --dtls --debug 2 --psk CLI=SECRET test
we can observe DTLS handshake and no DTLS Alert close notify message after an application-level data transfer. But even if we will add a call of .shutdown() method to the client which calls mbedtls_ssl_close_notify() we can not see it.Minimal demo of the problem
To test you can add
cli._sock.shutdown(0)
string into theprograms/client.py --dtls --debug 2 --psk CLI=SECRET test
To see in Wireshark how encrypted alert after application-layer data should look like possible to use: