[openssl-users] How to handle DTLS Certificate Reassembly Error

Chad Phillips chad at apartmentlines.com
Fri Sep 16 18:47:35 UTC 2016

I’m using a support library leveraging openssl to complete a DTLS handshake.

Occasionally, I’ll see in my packet captures that a handshake has failed
with a “Certificate reassembly error”, and the support library doesn’t seem
to be catching this properly to forward the error on.

The library developers are considering handling this using a timeout
solution — triggering an error if the handshake doesn’t complete in a
specified amount of time, but this feels a bit clunky to me. What’s the
recommended way to get this information from openssl in this case?

For reference, I’m attaching a packet capture that illustrates two of the
handshake failures.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160916/3f54075b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dtls-failures.pcap
Type: application/octet-stream
Size: 7354 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160916/3f54075b/attachment.obj>

More information about the openssl-users mailing list