[vlc-devel] [PATCH] gnutls: disable False Start

Rémi Denis-Courmont remi at remlab.net
Thu Feb 21 19:38:42 CET 2019


Le torstaina 21. helmikuuta 2019, 20.10.25 EET Thomas Guillem a écrit :
> Here is how I understand the GnuTLS documentation about thread safety,
> handshake and GNUTLS_ENABLE_FALSE_START:
> 
> cf. https://gnutls.org/manual/html_node/Thread-safety.html
> "...care must be taken during key updates and re-handshakes to be handled
> only by a single thread"

As I already mentioned, VLC does not do re-handshakes on client side. " In 
case of a client, [re-handshake] message may be simply ignored". And re-
handshakes happen in already established sessions, while False Start occurs at 
start. They are not related.

> GNUTLS_ENABLE_FALSE_START causes the handshake to be delayed when receiving
> data.

No. False Start causes the handshake to terminate early (before the session is 
securely established):
https://www.gnutls.org/manual/html_node/False-Start.html

Sending is still done from within gnutls_record_send() and receiving from 
within gnutls_record_recv(), not affecting the polling and threading semantics. 
Otherwise, it would wreck event handling even in single thread mode. It has 
indeed been working fine with GnuTLS 3.5.

Contribs needs to be reverted back to a non-broken GnuTLS version, or patched.

-- 
雷米‧德尼-库尔蒙
http://www.remlab.net/





More information about the vlc-devel mailing list