On Feb 24, 2011, at 9:34 PM, Robert Story wrote: > On Thu, 24 Feb 2011 19:49:46 +0100 Michael wrote: > MT> > I was having trouble trying to get the recent DTLS patches to work with > MT> > the CentOS/RHEL rpms, so I punted and built a vanilla 1.0.0d version > MT> > from the tarball. I'm pleased to report that this problem no longer > MT> > happens. I do still get a missed packet (or something), but the server > MT> > no longer asserts, and it is only every 100 requests or so, instead of > MT> > 10. I can live with that. > MT> > MT> I assume with 'recent DTLS patches' you refer to the ones Robin has > MT> posted today. > > It was last night for me, but yes. > > MT> Could you elaborate a bit more on the problem you are still experiencing. > MT> If possible, I would prefer that Robin tries to nail it down and fix it, > MT> even if you can life with it. > > Sure. I've now got 1.0.0d from the openssl tarball on the server side, > and openssl-1.0.0b-1.fc13.i686 on the client side. I fired up wireshark > on my local machine (the client) to see what was going on. > > I've seen three scenarios so far: > > > Client Hello Seq# 0 > > Client Hello Seq# 1 > > Client Hello Seq# 2 > > > Client Hello Seq# 0 > > Client Hello Seq# 1 > < Server Hello Seq# 6 > > Client Hello Seq# 2 > < Server Hello Seq# 12 > > > Client Hello Seq# 0 > > Client Hello Seq# 1 > < Server Hello Seq# 0 > > Client Hello Seq# 2 > < Server Hello Seq# 6 Hi Robert,
how do you get the client to send these sequence numbers? The same for the server? I don't understand how you get things into these states... We need more information... Maybe you can send us (privately) a Wireshark trace and describe how we can reproduce the problem. Best regards Michael > > > This happens with or without today's patches applied on the server > side. I haven't tried using the 1.0.0d tarball on the client side. > > > Robert > > -- > Senior Software Engineer > SPARTA (dba Cobham Analytic Soloutions) ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
