I was able to replicate the bug and have attached an incremental patch--mutual auth should work now. Let me know how it goes. Thanks,
nagendra * Prashant Kumar <[EMAIL PROTECTED]> [2005-05-09 14:03:21 -0700]: > Hello Nagendra, > > I tried your DTLS patch with Openssl9.7g on a vxworks platform. Everything > works except mutual certificate authentication. When I enable mutual > certificate authentication, DTLS fails with the following assertion: > > d1_both.c(1054): OpenSSL internal error, assertion failed: > s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH == s->init_num > > I tried the same thing on a Linux platform and got the same error. > > Here is the debug info for the lengths: > s->init_num = 19 > w_msg_hdr.msg_len = 393 > > Thank you so much for your help. > > Regards, > Prashant. > > > Prashant Kumar <[EMAIL PROTECTED]> wrote:Hello Nagendra, > > I had one question on the timer management and retransmission. I see that > there is a new BIO type in the file bss_dgram.c. My question is if the > application does not use the dgram BIO type and use the memory BIO instead, > does the application has to take the responsibility of timer management and > retransmission ? > > Thanks you, > Prashant Kumar. > > nagendra modadugu <[EMAIL PROTECTED]> wrote: > > Datagram TLS (DTLS) source is now part of the OpenSSL > repository (CVS main branch). Also, I have seperately released > patches against openssl-0.9.7g. > > This is the link to the main DTLS page (including links > to further information about the protocol, and patches): > > http://crypto.stanford.edu/~nagendra/projects/dtls/ > > I am in the process of putting together an FAQ, so any > questions/comments you may have will be much appreciated. > Thanks, > > nagendra > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager [EMAIL PROTECTED] > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.c om > > > > --------------------------------- > Yahoo! Mail > Stay connected, organized, and protected. Take the tour
--- openssl-0.9.7g/ssl/d1_srvr.c 2005-05-10 00:32:27.000000000 -0700 +++ openssl-0.9.7g-bugfixing/ssl/d1_srvr.c 2005-05-10 00:27:21.000000000 -0700 @@ -1018,6 +1018,7 @@ STACK_OF(X509_NAME) *sk=NULL; X509_NAME *name; BUF_MEM *buf; + unsigned int msg_len; if (s->state == SSL3_ST_SW_CERT_REQ_A) { @@ -1094,7 +1095,10 @@ s->init_num += 4; #endif - /* XDTLS: set message header ? */ + msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH; + dtls1_set_message_header(s, s->init_buf->data, + SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len); + /* buffer the message to handle re-xmits */ dtls1_buffer_message(s, 0);