Alright. Sounds good. Thanks. I checked the new version of the patch and I do endorse it.
Just in case anybody is wondering why the patch removes the following code segment: /* next chunk of data should get another prepended empty fragment * in ciphersuites with known-IV weakness: */ s->s3->empty_fragment_done = 0; return tot+i; Take a look at do_dtls1_write. There's a self-explanatory comment that says: /* DTLS implements explicit IV, so no need for empty fragments */ -Daniel Michael Tuexen wrote: > Hi Daniel, > > the check in dtls1_write_app_data_bytes() protects against users > sending messages which are too long. An appropriate error is > signaled. > > dtls1_write_bytes() is also call from DTLS internal routines > and I want to catch also error from that code path. But it might > be better not to signal errors from that code path to the user. > So I changed that check to an assertion. An updated patch is > attached. > > Thanks for testing the patch. > > Best regards > Michael > > > > > On Aug 13, 2009, at 12:34 PM, Daniel Mentz wrote: > >> Michael Tuexen via RT wrote: >>> the attached patch fixes a bug where a single user message >>> was distributed over multiple DTLS records. >> >> Dear Michael, >> >> thanks for the patch. My app runs smoothly now. >> >> I'm wondering if we can get rid of the redundant if statement that checks >> >> if (len > SSL3_RT_MAX_PLAIN_LENGTH) >> >> . >> dtls1_write_app_data_bytes and dtls1_write_bytes both perform this >> check whereas dtls1_write_app_data_bytes calls dtls1_write_bytes. >> Let's remove this sanity check from dtls1_write_app_data_bytes because >> it'll get checked anyway further down the call stack. What do you think? >> >> -Daniel ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org