[openssl-users] Setting an OCSP stapling response on a DTLS server result in crash

Julien Vermillard jvermillard at gmail.com
Mon Aug 29 16:08:30 UTC 2016

I have a DTLS 1.2 server based on last master (commit
I try to add ocsp stapling support (based on code in s_server.c).

Basicaly in my callback I set the OCSP response by:

    if (SSL_set_tlsext_status_ocsp_resp(s,dataPtr,respLen) == 0) {
        return SSL_TLSEXT_ERR_NOACK;
    } else {
        return SSL_TLSEXT_ERR_OK;

but if my server manage to get an OCSP response it crash with this message:

ssl/statem/statem_dtls.c:127: OpenSSL internal error: assertion failed:
s->init_num == (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH

Any clue?
Julien Vermillard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160829/5896fc7f/attachment-0001.html>

More information about the openssl-users mailing list