[openssl-dev] [openssl.org #3657] OpenSSL 1.0.1k DTLS handshake no longer works

Eugen-Andrei Gavriloaie shiretu at gmail.com
Wed Jan 14 22:01:35 UTC 2015 

> On Jan 14, 2015, at 23:39, Viktor Dukhovni <openssl-users at dukhovni.org> wrote:
> 
> On Wed, Jan 14, 2015 at 11:31:02PM +0200, Eugen-Andrei Gavriloaie wrote:
> 
>> Dynamic:
>> $ ls -Al /tmp/ssl/lib/
>> total 11336
>> drwxr-xr-x  14 shiretu  wheel      476 Jan 14 23:27 engines
>> -r-xr-xr-x   1 shiretu  wheel  1602352 Jan 14 23:27 libcrypto.1.0.0.dylib
>> -rw-r--r--   1 shiretu  wheel  3196880 Jan 14 23:27 libcrypto.a
>> lrwxr-xr-x   1 shiretu  wheel       21 Jan 14 23:27 libcrypto.dylib -> libcrypto.1.0.0.dylib
>> -r-xr-xr-x   1 shiretu  wheel   382440 Jan 14 23:27 libssl.1.0.0.dylib
>> -rw-r--r--   1 shiretu  wheel   605504 Jan 14 23:27 libssl.a
>> lrwxr-xr-x   1 shiretu  wheel       18 Jan 14 23:27 libssl.dylib -> libssl.1.0.0.dylib
>> drwxr-xr-x   5 shiretu  wheel      170 Jan 14 23:27 pkgconfig
> 
> And you have the 1.0.1k include files (/tmp/ssl/include/openssl/*.h)?
> And "/tmp/ssl/bin/openssl version -a" output is what?
> 
>> $ gcc ~/Dropbox/Public/dtls_bug.c -I/tmp/ssl/include -L/tmp/ssl/lib -lssl -lcrypto -o /tmp/dtls_bug
>> 
>> $ otool -L /tmp/dtls_bug 
>> /tmp/dtls_bug:
>> 	/tmp/ssl/lib/libssl.1.0.0.dylib (compatibility version 1.0.0, current version 1.0.0)
>> 	/tmp/ssl/lib/libcrypto.1.0.0.dylib (compatibility version 1.0.0, current version 1.0.0)
>> 	/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1213.0.0)
> 
>> $ /tmp/dtls_bug 
>> Assertion failed: (pSSLBuffer->length != 0), function main, file /Users/shiretu/Dropbox/Public/dtls_bug.c, line 110.
>> Abort trap: 6
> 
> You should also update your code to report error return values from
> SSL_accept() and print the contents of error stack.
$ /tmp/dtls_bug 
ret: -1
sslErrorCode: 2
Assertion failed: (pSSLBuffer->length != 0), function main, file /Users/shiretu/Dropbox/Public/dtls_bug.c, line 114.
Abort trap: 6

errorCode 2 means SSL_ERROR_WANT_READ, which is consistent with the rejection of the input packet.

And the updated source:
https://dl.dropboxusercontent.com/u/2918563/dtls_bug.c

> 
> -- 
> 	Viktor.
> _______________________________________________
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

More information about the openssl-dev mailing list