I was able to replicate the bug and have attached an
incremental patch--mutual auth should work now. Let me know
how it goes. Thanks,
nagendra
* Prashant Kumar <[EMAIL PROTECTED]> [2005-05-09 14:03:21 -0700]:
> Hello Nagendra,
>
> I tried your DTLS patch with Openssl9.7g on a vxworks platform. Everything
> works except mutual certificate authentication. When I enable mutual
> certificate authentication, DTLS fails with the following assertion:
>
> d1_both.c(1054): OpenSSL internal error, assertion failed:
> s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH == s->init_num
>
> I tried the same thing on a Linux platform and got the same error.
>
> Here is the debug info for the lengths:
> s->init_num = 19
> w_msg_hdr.msg_len = 393
>
> Thank you so much for your help.
>
> Regards,
> Prashant.
>
>
> Prashant Kumar <[EMAIL PROTECTED]> wrote:Hello Nagendra,
>
> I had one question on the timer management and retransmission. I see that
> there is a new BIO type in the file bss_dgram.c. My question is if the
> application does not use the dgram BIO type and use the memory BIO instead,
> does the application has to take the responsibility of timer management and
> retransmission ?
>
> Thanks you,
> Prashant Kumar.
>
> nagendra modadugu <[EMAIL PROTECTED]> wrote:
>
> Datagram TLS (DTLS) source is now part of the OpenSSL
> repository (CVS main branch). Also, I have seperately released
> patches against openssl-0.9.7g.
>
> This is the link to the main DTLS page (including links
> to further information about the protocol, and patches):
>
> http://crypto.stanford.edu/~nagendra/projects/dtls/
>
> I am in the process of putting together an FAQ, so any
> questions/comments you may have will be much appreciated.
> Thanks,
>
> nagendra
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [email protected]
> Automated List Manager [EMAIL PROTECTED]
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.c om
>
>
>
> ---------------------------------
> Yahoo! Mail
> Stay connected, organized, and protected. Take the tour
--- openssl-0.9.7g/ssl/d1_srvr.c 2005-05-10 00:32:27.000000000 -0700
+++ openssl-0.9.7g-bugfixing/ssl/d1_srvr.c 2005-05-10 00:27:21.000000000
-0700
@@ -1018,6 +1018,7 @@
STACK_OF(X509_NAME) *sk=NULL;
X509_NAME *name;
BUF_MEM *buf;
+ unsigned int msg_len;
if (s->state == SSL3_ST_SW_CERT_REQ_A)
{
@@ -1094,7 +1095,10 @@
s->init_num += 4;
#endif
- /* XDTLS: set message header ? */
+ msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
+ dtls1_set_message_header(s, s->init_buf->data,
+ SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len);
+
/* buffer the message to handle re-xmits */
dtls1_buffer_message(s, 0);
