From 041e7bd5edb38399cc416e7a9a165d0ad7865368 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mon, 18 Sep 2017 15:35:32 +0200 Subject: tlsfuzzer: document the reason of failure of few fragmentation tests It seems that gnutls does not accept records carrying handshake messages that contain less bytes than necessary to recover the handshake header. The TLS protocol allows that option, and other implementations seem to accept that fragmentation. Relates #272 Signed-off-by: Nikos Mavrogiannopoulos --- tests/suite/tls-fuzzer/gnutls-nocert.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suite/tls-fuzzer/gnutls-nocert.json b/tests/suite/tls-fuzzer/gnutls-nocert.json index f8a19523d3..69b1eb753b 100644 --- a/tests/suite/tls-fuzzer/gnutls-nocert.json +++ b/tests/suite/tls-fuzzer/gnutls-nocert.json @@ -20,7 +20,7 @@ "ext padding, 16130 bytes", "ext padding, 65367 bytes"]}, {"name" : "test-large-hello.py", - "comment" : "we don't support fragmentation in client hello", + "comment" : "These tests rely on fragmenting the first bytes of the handshake header. Gnutls is limited on that, and doesn't accept handshake header fragmentation.", "arguments" : ["sanity check - fragmented", "fragmented, padding ext 0 bytes", @@ -126,7 +126,7 @@ "comment" : "gnutls doesn't support interleaved data with handshake", "exp_pass" : false}, {"name" : "test-record-layer-fragmentation.py", - "comment" : "FIXME: these need investigation", + "comment" : "These tests rely on fragmenting the first bytes of the handshake header. Gnutls is limited on that, and doesn't accept handshake header fragmentation.", "arguments" : ["-e", "non fragmented, over fragmentation limit: 65535 fragment - 16332B extension", "-e", "small, maximum fragmentation: 1 fragment - 20B extension", "-e", "medium, maximum fragmentation: 1 fragment - 1024B extension"]}, -- cgit v1.2.1