RE: [Help-gnutls] TLS message boundary

[Ang Way Chuang]

> SSL/TLS will fragment your data message if it is larger than the 
> record size (max 16k) - and it is up to the receiving application 
> to put the fragments back together. 

Thanks. But typically my application will only send data that are 
less than 100 bytes and will not send more than 500 bytes at any 
particular time. So is the data message boundary still respected in
such cases? 

I did a quick test on my simple gnutls client/server app:

client:

 buf[0] = 0;

 for (i = 0; i < 10; i++) {
  sprintf(temp, "%c", 'a' + i);
  strcat(buf, temp);
  len = strlen(buf) + 1;
  ret = gnutls_record_send(session, buf, len);
  
  if (ret != len) {
   fprintf(stderr, "buffer length(%d) doesn't equal to send len(%d)\n", len, ret);
  }
 }
 
        gnutls_bye(session, GNUTLS_SHUT_WR);

server:
  try = 10;

  while (try-- > 0) {
   FD_ZERO(&read_fds);
   FD_SET(sockfd,
 &read_fds);
   select(sockfd + 1, &read_fds, NULL, NULL, NULL);
   
  }

                do {
   ret = gnutls_record_recv(session, buf, sizeof(buf));
   printf("length %d\n", ret);
   printf("buffer: %s\n", buf);
  } while (ret != 0);


The output on server:
length 2
buffer: a
length 3
buffer: ab
length 4
buffer: abc
length 5
buffer: abcd
length 6
buffer: abcde
length 7
buffer: abcdef
length 8
buffer: abcdefg
length 9
buffer: abcdefgh
length 10
buffer: abcdefghi
length 11
buffer: abcdefghij


Seems like data message boundary is still respected because none 
of data are truncated/appended. The test is performed on loop back 
interface. So is it 100% safe to assume gnutls_record_recv respect
data message boundary for app that sends less than 16k? Please advise.

Thanks in advance


Regards,
Ang Way Chuang

 


May you be
 well and happy

---

Yahoo! Messenger 
 NEW - crystal clear PC to PC 
calling worldwide with voicemail