Crash in OpenSSL v1.0.1 from dtls1_do_write OPENSSL_assert(len == (unsigned int)ret);

Ian Sinclair ian.sinclair at
Tue Sep 24 13:11:58 UTC 2019

I'm working with Asterisk PBX code which uses openSSL v1.0.2 (from Centos6). On one site we're getting a crash from dtls1_do_write and as far as I can tell it's from the assertion coded:

  /* bad if this assert fails, only part of the handshake
   * message got sent.  but why would this happen? */
  OPENSSL_assert(len == (unsigned int)ret);

My question is the same as some previous author - why would this happen?

Is there any meaningful way I can debug this? Some flag I can set that will show the DTLS packets to try to find a cause? Some way to get rid of the assertion so that the failure doesn't take down the whole system, because currently the assertion causes a reboot? It's happening on an end customer site so building a debug load isn't particularly viable, but if that's the only option tell me how.

Is this a known problem that is only fixed as a non-security fix in a later release? We are current for the release, I believe, with v1.0.1e 58.el6_10. If the solution is only in later releases how compatible are those with Centos 6? I really don't want to have to go to another stream.

I'm completely new to Asterisk, openSSL, core files, and pretty much everything else, so please be clear and complete in suggestions.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list