Re: [openssl-dev] [openssl.org #3657] OpenSSL 1.0.1k DTLS handshake no longer works

Wed, 14 Jan 2015 12:58:33 -0800 

Hi Matt,

Here are more explanations:

On my Mac OS X Yosemite, the OS provided OpenSSL version
$ openssl version
OpenSSL 1.0.1j 15 Oct 2014

Compiling the test
$ gcc ~/Dropbox/Public/dtls_bug.c -Wno-deprecated-declarations -lssl -lcrypto 
-o /tmp/dtls_bug

Running the test
$ /tmp/dtls_bug 
$ 

As we can see, everything looks good, nothing happens, the app exist with 0 
error code

On my Mac OS X Yosemite, manually compiled OpenSSL 1.0.1k and installed it into 
/tmp/ssl as a static lib (with shared lib behaves the same) Compiling:
$ gcc dtls_bug.c -Wno-deprecated-declarations /tmp/ssl/lib/libssl.a 
/tmp/ssl/lib/libcrypto.a -o /tmp/dtls_bug

Running:
$ /tmp/dtls_bug 
Assertion failed: (pSSLBuffer->length != 0), function main, file 
/Users/shiretu/Dropbox/Public/dtls_bug.c, line 110.
Abort trap: 6

As we can see, it fails that that line where I expect the output buffer to be 
populated with an answer and is not happening. The pSSLBuffer->length != 0 fails

Same behavior can be seen on Ubuntu 14.10 64 bit

Best regards,
Andrei


> On Jan 14, 2015, at 22:21, Eugen-Andrei Gavriloaie via RT <r...@openssl.org> 
> wrote:
> 
> Hi all,
> 
> I believe I have found a bug which is only present in the latest versions 
> (1.0.1k)
> 
> I have created a simple C test which does the following things in this order:
> 
> 1. initialize the SSL library
> 2. creates an X509 key and cert
> 3. creates an DTLS server SSL context
> 4. Setup 2 memory BIO instances on the SSL context
> 5. Feed the input BIO with a hardcoded "Client Hello" packet
> 6. Call SSL_accept
> 
> Wanted:
> The output BIO should contain a packet ("Server Hello") to be sent over the 
> wire
> 
> Observed:
> The output BIO is empty, the handshake never succeeds
> 
> Same file test app linked with OpenSSL 1.0.1j works as expected, the output 
> is generated.
> 
> I have attached the C file.
> 
> Best regards,
> Andrei
> 
> 
> <dtls_bug.c>
> 
> 
> _______________________________________________
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev


_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to