[openssl-users] How to handle DTLS Certificate Reassembly Error

Matt Caswell matt at openssl.org
Sun Sep 18 08:37:25 UTC 2016

On 18/09/16 01:01, Chad Phillips wrote:
> On Sat, Sep 17, 2016 at 3:43 PM, Matt Caswell <matt at openssl.org
> <mailto:matt at openssl.org>> wrote:
>     There is an OpenSSL API which is intended to resolve this issue:
>     DTLSv1_handle_timeout()
>     The application is expected to call this periodically during the
>     handshake if no other data has been sent or received. The causes
>     OpenSSL to check its timer and do any retransmits if necessary. If
>     licode doesn’t call this, then its plausible that this is the cause
>     of the issue.
> “grep -r DTLSv1_handle_timeout .” in the Licode source directory returns
> nothing, so we may have our culprit!
> Curious what versions of openssl support the DTLSv1_handle_timeout()
> approach? I know the Licode guys run 1.0.1g, it would be great if a
> single solution could be committed that was backwards compatible.

Yes, DTLSv1_handle_timeout() is available in 1.0.1 as well. BTW there
have been many DTLS bug and security fixes since 1.0.1g which is now
quite old. The 1.0.1 series is now only receiving security fixes, and
will go out of support completely at the end of the year. It is strongly
recommended that they upgrade to a more recent version.

> Is there anything special I should know about how to use
> DTLSv1_handle_timeout()? Just have it run on a timer until the handshake
> completes? I guess I’m asking for some pre-documentation ;)

Well the best way to use it is going to depend a lot on how the
application is written. The API is fairly simple - just call
DTLSv1_handle_timeout() periodically passing in the pointer to the SSL
object. In our own s_server/s_client we just call it every time we go
around the "select" loop on the socket. We ensure that the "select" call
doesn't block indefinitely, but instead times out after the DTLS timer
period has expired. We then call DTLSv1_handle_timeout() regardless of
whether "select" has returned because the socket is readable, or because
it has timed out. A (slightly modified and simplified) version of what
we do in s_server is below:

            FD_SET(s, &readfds);

            if (DTLSv1_get_timeout(con, &timeout))
                timeoutp = &timeout;
                timeoutp = NULL;

            i = select(width, (void *)&readfds, NULL, NULL, timeoutp);

            if (DTLSv1_handle_timeout(con) > 0) {
                BIO_printf(bio_err, "TIMEOUT occurred\n");

            if (i <= 0)

            if (FD_ISSET(s, &readfds))
                read_from_sslcon = 1;


More information about the openssl-users mailing list