Skip to content

Commit

Permalink
ssl/tls1.c: Hack: dump record size on hitting SSL_ERROR_RECORD_OVERFLOW.
Browse files Browse the repository at this point in the history 
This is MicroPython-specific hack to allow to easier understand why TLS
conenction doesn't work with some sites on low-heap systems (where TLS
record buffer size is set to far less than default 16K).
  • Loading branch information
@pfalcon
pfalcon committed Jun 13, 2017
1 parent cf3c042 commit 9b3092e
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions ssl/tls1.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1354,6 +1354,7 @@ int basic_read(SSL *ssl, uint8_t **in_data)
/* do we violate the spec with the message size? */
if (ssl->need_bytes > RT_MAX_PLAIN_LENGTH+RT_EXTRA-BM_RECORD_OFFSET)
{
printf("TLS buffer overflow, record size: %u (+5)\n", ssl->need_bytes);
ret = SSL_ERROR_RECORD_OVERFLOW;
goto error;
}
Expand Down

2 comments on commit 9b3092e

@pfalcon
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dpgeorge: FYI

@dpgeorge
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TLS servers are always free to use packet sizes up to 16k, so it's no surprise that being a client with less than 16k buffer doesn't work.

Please sign in to comment.