Open Thiesius opened 4 years ago
Makes sense and yes for DTLS we should just drop it instead of alerting.
Won't be fixed in time for 2.14.0 (release next Monday) but will address this in 2.15
I am still receiving this Exception in 2.15 :/
sorry found the error. ok it works
Hi, guys. This bug is fixed next pull request. Please check it. for reproducing it i have created simple application botan_bug.tar.gz
In the beginning of the handshake the client sends ClientHello message with DTLS Record Version 1.0. The version of the inner message is 1.2. Server sets pending state to DTLS version 1.2. Client meanwhile retransmits the record again, thinking the packet got lost. Retransmitted message arrives to the server but the record version is checked against the pending state and obviously 1.0 != 1.2. As the consequence connection gets alerted while the message probably should be just dropped.
I created some extra info from our test cert environment.
This is the area of code causing the issue. I have added some vars to watch.
This zipfile contains wireshark dump of the handshake and dumped m_record_buf (which proves that it matches with the ClientHello message in the wireshark) dumps.zip