Hello Nagendra,
This patch fixes the problem. Thank you so much for giving the fix so fast :).
Also, note that to compile the directory "bio" [file bss_dgram.c], I had to add following line in "e_os.h":
#define socklen_t int
This is added under the "VXWORKS" compile options (I have attached herewith the file). If you can make this a part of your DTLS openssl delivery, that will be great.
I will let you know if I find anything else.
Thanks,
Prashant.nagendra modadugu <[EMAIL PROTECTED]> wrote:
I was able to replicate the bug and have attached an incremental patch--mutual auth should work now. Let me knowhow it goes. Thanks,nagendra* Prashant Kumar <[EMAIL PROTECTED]>[2005-05-09 14:03:21 -0700]:> Hello Nagendra,> > I tried your DTLS patch with Openssl9.7g on a vxworks platform. Everything works except mutual certificate authentication. When I enable mutual certificate authentication, DTLS fails with the following assertion:> > d1_both.c(1054): OpenSSL internal error, assertion failed: s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH == s->init_num> > I tried the same thing on a Linux platform and got the same error.> > Here is the debug info for the lengths:> s->init_num = 19> w_msg_hdr.msg_len = 393> > Thank you so much for your
help.> > Regards,> Prashant.> > > Prashant Kumar <[EMAIL PROTECTED]>wrote:Hello Nagendra,> > I had one question on the timer management and retransmission. I see that there is a new BIO type in the file bss_dgram.c. My question is if the application does not use the dgram BIO type and use the memory BIO instead, does the application has to take the responsibility of timer management and retransmission ?> > Thanks you,> Prashant Kumar.> > nagendra modadugu <[EMAIL PROTECTED]>wrote:> > Datagram TLS (DTLS) source is now part of the OpenSSL> repository (CVS main branch). Also, I have seperately released> patches against openssl-0.9.7g.> > This is the link to the main DTLS page (including links> to further information about the protocol, and patches):> > http://crypto.stanford.edu/~nagendra/projects/dtls/> >
; I am
in the process of putting together an FAQ, so any> questions/comments you may have will be much appreciated.> Thanks,> > nagendra> > __> OpenSSL Project http://www.openssl.org> Development Mailing List openssl-dev@openssl.org> Automated List Manager [EMAIL PROTECTED]> > __> Do You Yahoo!?> Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.c om > > > > -> Yahoo! Mail> Stay connected, organized, and protected. Take the tour--- openssl-0.9.7g/ssl/d1_srvr.c 2005-05-10 00:32:27.0 -0700+++ openssl-0.9.7g-bugfixing/ssl/d1_srvr.c 2005-05-10 00:27:21.0 -0700@@ -1018,6 +1018,7 @@STACK_OF(X509_NAME) *sk=NULL;X509_NAME *name;BUF
_MEM
*buf;+ unsigned int msg_len;if (s->state == SSL3_ST_SW_CERT_REQ_A){@@ -1094,7 +1095,10 @@s->init_num += 4;#endif- /* XDTLS: set message header ? */+ msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;+ dtls1_set_message_header(s, s->init_buf->data, + SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len);+/* buffer the message to handle re-xmits */dtls1_buffer_message(s, 0);
Yahoo! Mail
Stay connected, organized, and protected. Take the tour/* e_os.h */
/* Copyright (C) 1995-1998 Eric Young ([EMAIL PROTECTED])
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young ([EMAIL PROTECTED]).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson ([EMAIL PROTECTED]).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
*notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
*notice, this list of conditions and the following disclaimer in the
*documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
