Client proceeds in handshake after receiving consecutive CertificateRequest messages

[pfg666]

Non-conformance bug

The Contiki-NG TinyDTLS client proceeds in a handshake after receiving two distinct CertificateRequest messages. A similar issue was posted for eclipse's TinyDTLS. Below is the capture of the non-conforming behavior taken on my machine. Note that the CertificateRequest messages are distinct (their message_seq differs). Hence the client should have rejected the second CertificateRequest and not proceeded with the handshake.

Steps to Reproduce I attached files necessary for reproduction using DTLS-Fuzzer, a Java-based tool for testing DTLS libraries. Also included in the archive is a capture of the interaction show above. DTLS-Fuzzer requires the JDK for Java 8. On Ubuntu, this can be installed by running: sudo apt-get install openjdk-8-jdk

Unpack the archive, cd to resulting folder and run bash reproduce.sh, while running an instance of Wireshark on the side. The reproduction script will:

• setup Contiki-NG TinyDTLS and DTLS-Fuzzer
• launch the TinyDTLS client using the 'tests/dtls-client utility;
• launch DTLS-Fuzzer to execute the input sequence 'test_sequence' which exposes the bug.

Thanks!

reproduction.tar.gz

[mrybczyn]

This has been fixed by https://github.com/eclipse/tinydtls/commit/dd62e913b5b834ebd17b6de6476ac53ad42c0d46 in Eclipse TinyDTLS