[openssl-users] Query regarding DTLS handshake
Martin Brejcha
martin.brejcha at mavenir.com
Thu Apr 20 13:47:38 UTC 2017
Matt Caswell wrote on 04/20/2017 03:23 PM:
>
>
> On 20/04/17 14:19, Martin Brejcha wrote:
>>
>>
>> Matt Caswell wrote on 04/20/2017 01:29 PM:
>>>
>>>
>>> On 20/04/17 12:26, mahesh gs wrote:
>>>> Hi Matt,
>>>>
>>>> Yes I raised github case for the same issue. I also tried running this
>>>> call flow with the latest SNAPSHOT code (openssl-SNAP-20170419) and
>>>> handshake is successful with the latest SNAPSHOT code which is not an
>>>> official release.
>>>>
>>>> I checked the github repo history and observer that during commits on
>>>> (11 th Jan) as a part of "Move state machine knowledge out of the record
>>>> layer". "renegotiate" bit that is set to "2" in function
>>>> "tls_post_process_client_hello" has been removed. May be that is causing
>>>> the call flow to be successful in the latest SNAPSHOT release.
>>>>
>>>> I am assuming commits that are done on 11th Jan or later are not part of
>>>> release openssl 01.01.00e
>>>
>>> Ah. No. That commit is in the dev branch only (scheduled for version
>>> 1.1.1) and won't be backported to the 1.1.0 branch. I can see why that
>>> commit might help things, but probably a different solution is more
>>> appropriate for 1.1.0.
>>>
>>> I'm looking at this issue at the moment.
>>>
>>> Matt
>>>
>>
>> hi,
>>
>> btw: I've tested similar scenario and handshake works fine.
>> test env: client and server on different VMs (rhel7.2, openssl 1.1.0e, non-blocking sockets and segmented certificate)
>> So, it should work also with 1.1.0e version.
>
> Thanks. Did your handshake include client auth? I think this issue only
> arises in that case.
>
> Matt
>
>
yes, client auth with segmented certificate has been included.
Martin
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xB42AB632.asc
Type: application/pgp-keys
Size: 3086 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170420/aefbd2f1/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170420/aefbd2f1/attachment.sig>
More information about the openssl-users
mailing list