On Wed Jul 29 20:30:22 2015, [email protected] wrote: > We seem to hit this assert with the latest code. Our sockets are all in > non-blocking fashion. I dont see this assert in the previous releases.
What was the last release you tried where this worked? Was this previously working on a 1.0.2 release? > > Can somebody throw more light on to this ? It is urgent. As we are not able > to migrate to this version because of this regression. Please can you try the attached patch and let me know if that makes any difference. There seems to be an issue with DTLS1.2. If the underlying BIO write buffers are full DTLS is supposed to drop the packet and clear out the internal OpenSSL buffer. This code was only testing for DTLS1 not DTLS1 and DTLS1.2. If you are using DTLS1.2 then the internal buffer does not get cleared out, and the next time you try to write some data it falls over because the buffer should be empty but it isn't. Matt
>From 63fd8ca6f182ebdf4102aef2c465b4f1e825738f Mon Sep 17 00:00:00 2001 From: Matt Caswell <[email protected]> Date: Wed, 29 Jul 2015 23:20:56 +0100 Subject: [PATCH] Fix write failure handling in DTLS1.2 The DTLS code is supposed to drop packets if we try to write them out but the write buffers are full. ssl3_write_pending() contains an incorrect test for DTLS that controls this. The test only checks for DTLS1 so DTLS1.2 does not correctly clear the buffer which can later cause an assert to be hit. This commit changes the test to cover all DTLS versions. RT#3967 --- ssl/s3_pkt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 603c285..3798902 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -1115,7 +1115,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, s->rwstate = SSL_NOTHING; return (s->s3->wpend_ret); } else if (i <= 0) { - if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) { + if (SSL_IS_DTLS(s)) { /* * For DTLS, just drop it. That's kind of the whole point in * using a datagram service -- 2.1.4
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
