[openssl-dev] [openssl.org #3967] Assert hit in the latest 1.0.2d code
Matt Caswell via RT
rt at openssl.org
Wed Jul 29 22:35:19 UTC 2015
On Wed Jul 29 20:30:22 2015, praveen at viptela.com wrote:
> We seem to hit this assert with the latest code. Our sockets are all in
> non-blocking fashion. I dont see this assert in the previous releases.
What was the last release you tried where this worked? Was this previously
working on a 1.0.2 release?
>
> Can somebody throw more light on to this ? It is urgent. As we are not able
> to migrate to this version because of this regression.
Please can you try the attached patch and let me know if that makes any
difference. There seems to be an issue with DTLS1.2. If the underlying BIO
write buffers are full DTLS is supposed to drop the packet and clear out the
internal OpenSSL buffer. This code was only testing for DTLS1 not DTLS1 and
DTLS1.2. If you are using DTLS1.2 then the internal buffer does not get cleared
out, and the next time you try to write some data it falls over because the
buffer should be empty but it isn't.
Matt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix-dtls-assert.patch
Type: text/x-patch
Size: 1218 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150729/0b59cc40/attachment.bin>
More information about the openssl-dev
mailing list