Dear all,
ssl/kssl.c contains at the beginning
#define _XOPEN_SOURCE 500 /* glibc2 needs this to declare strptime() */
#include time.h
#if 0 /* experimental */
#undef _XOPEN_SOURCE /* To avoid clashes with anything else... */
#endif
This results in compilation problems on recent FreeBSD
Dear OpenSSL Project Team,
are the DTLS related patches sent by Robin incorporated?
The patches have been reviewed by the original author of
the DTLS implementation and his comments have been incorporated.
We also have successfully done an intop test with Certicom.
Best regards
Michael
On Apr
Hi Steve,
Robin will port all the patches from
http://sctp.fh-muenster.de/dtls-patches.html
to the beta version when he is back from vacation
early next week.
Regarding gettimeofday(): It is pretty common on Unix
systems, not sure about Windows. But we can use any
other function which allows us
Hi Steve,
thanks for the pointer.
Best regards
Michael
On Apr 2, 2009, at 9:34 PM, Dr. Stephen Henson wrote:
On Thu, Apr 02, 2009, Michael Txen wrote:
Regarding gettimeofday(): It is pretty common on Unix
systems, not sure about Windows. But we can use any
other function which allows us
Dear all,
we will revise this patch on Monday. Please do not commit.
I need to play with the IP_MTU option on a Linux system
and have a discussion with Robin.
Best regards
Michael
On May 15, 2009, at 8:22 PM, Robin Seggelmann via RT wrote:
On May 12, 2009, at 8:24 PM, Daniel Mentz wrote:
On May 16, 2009, at 2:16 PM, Dr. Stephen Henson wrote:
On Sat, May 16, 2009, Michael Txen wrote:
Dear all,
we will revise this patch on Monday. Please do not commit.
I need to play with the IP_MTU option on a Linux system
and have a discussion with Robin.
It has already been committed but
On May 16, 2009, at 2:16 PM, Dr. Stephen Henson wrote:
On Sat, May 16, 2009, Michael Txen wrote:
Dear all,
we will revise this patch on Monday. Please do not commit.
I need to play with the IP_MTU option on a Linux system
and have a discussion with Robin.
It has already been committed
On May 17, 2009, at 1:05 PM, Stephen Henson via RT wrote:
[tue...@fh-muenster.de - Sun May 17 11:14:33 2009]:
Dear all,
please find attached in in-lined an updated version of the patch
for the path MTU detection.
Please don't send patches inline. Some mail agents line wrap and this
On May 31, 2009, at 7:27 PM, Stephen Henson via RT wrote:
[tue...@fh-muenster.de - Sun May 31 16:11:06 2009]:
Dear all,
please find attached a patch which adds support for ECDHE and PSK
support for DTLS as requested by Stephen.
The diff is against openssl-1.0.0-beta2.
In future please
Dear Daniel,
comments in-line.
Best regards
Michael
On Jul 10, 2009, at 1:19 PM, Daniel Mentz via RT wrote:
Dear Michael,
I've got some concerns regarding your patch:
Michael Tuexen via RT wrote:
I have looked at the patch provided by Daniel. All suggested
changes are
OK, but there are
Shouldn't DSO_ext be 6 if OPENSSL_SYS_MACOSX is defined?
Best regards
Michael
On Jul 16, 2009, at 7:42 AM, Sander Temme wrote:
On Jul 15, 2009, at 11:07 AM, Dr. Stephen Henson wrote:
Try the next snapshot or this patch:
http://cvs.openssl.org/chngview?cn=18416
Thanks for the report,
Hi Daniel,
the UDP behaviour is a follows: If a user sends a UDP message which is
larger than the PMTU, but does fit into the send buffer, it is accepted
by the kernel, fragmented by the IP layer and transmitted. If the
size is larger than the send buffer, the send call fails since the
send
On Aug 10, 2009, at 11:21 AM, David Schwartz wrote:
Daniel Mentz wrote:
In my understanding DTLS should provide UDP semantics when run over
the
later.
That is correct.
That is if a user message is too large in terms of the PMTU it
should either be silently discarded or the sender
in
and the datagram gets lost or dropped on its way because some
firewall dislikes IP fragments then that's fine as well because
that's the same as plain UDP.
Agreed. I'll send a patch which you can test.
-Daniel
Michael Tüxen wrote:
Hi Daniel,
the UDP behaviour is a follows: If a user sends
On Aug 11, 2009, at 7:40 PM, Stephen Henson via RT wrote:
[seggelm...@fh-muenster.de - Mon Jul 27 17:03:25 2009]:
This patch fixes the timeout handling. The method dtls1_get_timeout()
was intended to determine the next handshake message timeout when
using select() calls, to set their timeout.
On Aug 11, 2009, at 9:15 PM, Dr. Stephen Henson wrote:
On Tue, Aug 11, 2009, Michael Txen wrote:
On Aug 11, 2009, at 7:40 PM, Stephen Henson via RT wrote:
[seggelm...@fh-muenster.de - Mon Jul 27 17:03:25 2009]:
This patch fixes the timeout handling. The method
dtls1_get_timeout()
was
On Sep 4, 2009, at 1:21 PM, Stephen Henson via RT wrote:
[seggelm...@fh-muenster.de - Fri Sep 04 09:39:52 2009]:
Still wrong castsI hope that's it now
A fair number of the casts seem to be unnecessary for example in
RAND_bytes(), OPENSSL_malloc() and HMAC(). Do you get warnings on
On Sep 4, 2009, at 5:16 PM, Stephen Henson via RT wrote:
[seggelm...@fh-muenster.de - Fri Sep 04 13:28:50 2009]:
On Sep 4, 2009, at 1:21 PM, Stephen Henson via RT wrote:
[seggelm...@fh-muenster.de - Fri Sep 04 09:39:52 2009]:
Still wrong castsI hope that's it now
A fair number
On Sep 9, 2009, at 2:57 PM, Robin Seggelmann via RT wrote:
On Sep 9, 2009, at 2:23 PM, Stephen Henson via RT wrote:
[seggelm...@fh-muenster.de - Wed Sep 09 08:49:17 2009]:
On Sep 8, 2009, at 8:26 PM, Robin Seggelmann via RT wrote:
Here's an updated version of the patch:
[snipped]
This
On Feb 11, 2011, at 5:46 AM, Robert Story wrote:
Hello,
I'm running an client/server application over DTLS, which works great
locally, but when we started testing over the net, things got a little
wacky. It appears that there is an issue somewhere with
fragmentation/reassembly. I'm getting
On Feb 11, 2011, at 8:18 PM, Robert Story wrote:
On Fri, 11 Feb 2011 18:05:51 +0100 Michael wrote:
MT I'm running an client/server application over DTLS, which works great
MT locally, but when we started testing over the net, things got a little
MT wacky. It appears that there is an issue
On Feb 15, 2011, at 2:16 AM, Nilesh Vaghela wrote:
Hi,
1. On the web I have see some king of patch for heartbeat for DTLS and also
there is some draft also.
But in Openssl 0.9.8 and 1.0.0 there is no such support. I grepped in the
sources. Any plans to add the support in future ?
Hi
On Feb 24, 2011, at 5:54 PM, Robert Story wrote:
On Thu, 10 Feb 2011 23:46:49 -0500 Robert wrote:
RS I'm running an client/server application over DTLS, which works great
RS locally, but when we started testing over the net, things got a little
RS wacky. It appears that there is an issue
On Feb 24, 2011, at 9:34 PM, Robert Story wrote:
On Thu, 24 Feb 2011 19:49:46 +0100 Michael wrote:
MT I was having trouble trying to get the recent DTLS patches to work with
MT the CentOS/RHEL rpms, so I punted and built a vanilla 1.0.0d version
MT from the tarball. I'm pleased to report
On Feb 25, 2011, at 4:44 PM, Robert Story wrote:
On Fri, 25 Feb 2011 11:54:53 +0100 Robin wrote:
RS Please try using a patched 1.0.0d tarball on both sides.
Ok, I'll try to get that this weekend or Monday.
RS What do you mean by a packet is missing? Is there packet loss on the
RS network
On Apr 22, 2011, at 2:56 PM, N. J. wrote:
Thanks for the reply Andy,
Please find hereafter the full description. I hope it is more clear.
1. What are you doing exactly:
N
I am testing the session resumption feature available with OpenSSL using
s_client. My setup has a machine running
the problem.
Best regards
Michael
Meanwhile, enjoy your Easter holiday.
Cheers,
Nadhem
From: Michael Tüxen michael.tue...@lurchi.franken.de
To: openssl-dev@openssl.org
Cc: Andrey Kulikov amde...@gmail.com
Sent: Sat, April 23, 2011 12:08:12 AM
Subject: Re: s_client -reconnect with DTLS
On May 5, 2011, at 2:22 PM, Keyoor Khristi wrote:
I just now realized that there is already a ticket
http://rt.openssl.org/Ticket/Display.html?id=1714 for this issue.
It would be helpful to know anything more about this ticket or issue.
Hi Keyoor,
does the *updated* patch provided by Robin
RECORD from the while loop and it worked.
It would be nice to know the the fix which works for us also works for you...
Best regards
Michael
On Mon, May 9, 2011 at 7:56 PM, Michael Tüxen
michael.tue...@lurchi.franken.de wrote:
On May 5, 2011, at 2:22 PM, Keyoor Khristi wrote:
I just now
On Jun 27, 2011, at 11:02 PM, Robin Seggelmann wrote:
Hi Yogesh,
Yes, I noticed that after I wrote the mail. The server starts a timer after
sending the HelloVerifyRequest, although it's not supposed to. A patch is
submitted already, but has not yet appeared on the OpenSSL request
Hi Yogi,
could you try the patch in
http://rt.openssl.org/Ticket/Display.html?id=2550
and report if it fixes your issue?
Best regards
Michael
On Jun 27, 2011, at 10:58 PM, Yogesh Chopra wrote:
Hi,
Please look at the debug messages attached to the original message,
These were printf's added
Michael
Thanks,
-Yogi
On Thu, Jun 30, 2011 at 2:37 PM, Michael Tüxen
michael.tue...@lurchi.franken.de wrote:
Hi Yogi,
could you try the patch in
http://rt.openssl.org/Ticket/Display.html?id=2550
and report if it fixes your issue?
Best regards
Michael
On Jun 27, 2011, at 10
On Jul 12, 2011, at 11:20 PM, Yogesh Chopra wrote:
Hi,
There was recently a FIPS capable openssl-1.0.1-stable release
(link below released).
ftp://ftp.openssl.org/snapshot/openssl-1.0.1-stable-SNAP-2011MMDD.tar.gz
Can you advise if 1.0.1-stable would have the relevant patches or its
On Jul 16, 2011, at 1:53 AM, Yogesh Chopra wrote:
Hi,
I am using OpenSSL-1.0.0d (release) + all cumulative bug fixes +
DTLS Heartbeat feature patch on Windows.
A DTLS server (non-blocking) using DTLSv1_Listen having a UDP socket
with SO_REUSEADDR is unable to accept a second client
On Jul 18, 2011, at 5:18 PM, Yogesh Chopra wrote:
Hi,
I am using a separate (second socket) for client connect and
leaving the listening socket unconnected to receive everything else.
(The server program is same as provided for linux earlier). The server
program is same as provided
- Original Message -
From: Michael Tüxen michael.tue...@lurchi.franken.de
To: openssl-dev@openssl.org
Cc: Robin Seggelmann seggelm...@fh-muenster.de
Sent: Monday, July 18, 2011 9:42:03 AM GMT -08:00 US/Canada Pacific
Subject: Re: DTLSv1_listen unable to accept second client on windows (This
works
On Jul 19, 2011, at 12:55 AM, Yogesh Chopra wrote:
Hi,
Please find attached Samples.tgz file which contains sample code
and binaries that you can use to reproduce the problem reported. Here
is a brief summary of the included files:
Samples/
├── Linux
│
│ ├── dtls_udp_echo.c
│ └──
the initial
implementation
of DTLS.
Best regards
Michael
on all systems supported by OpenSSL?
--- On Tue, 7/19/11, Michael Tüxen michael.tue...@lurchi.franken.de wrote:
From: Michael Tüxen michael.tue...@lurchi.franken.de
Subject: Re: DTLSv1_listen unable to accept second client on windows
, Jul 18, 2011 at 11:42 PM, Michael Tüxen
michael.tue...@lurchi.franken.de wrote:
Hi Nilesh,
thank you very much for isolating the problem in the socket handling
and providing a small test program.
Let us have a look (it might take some time).
Best regards
Michael
On Jul 19, 2011, at 2:56
On Jul 27, 2011, at 8:36 PM, Yogesh Chopra wrote:
Hi,
We could not find a DTLS API to query the number of retries used for
DTLS, The interval between the retries (12 retry attempts) seems to be
1,2,4,8,16,32,60,60,60,60,60,60. Is there any plans to provide an API for
application to
On Aug 1, 2011, at 9:08 AM, sandeep kandula wrote:
Hi All,
I’m a new baby to open source world. Please forgive me, if I posted this
query to a wrong mailing list.
... you posted it already on the ts...@ietf.org. See my answer there...
Best regards
Michael
Here is my query. Currently I
On Sep 9, 2011, at 4:56 PM, Paul Witty wrote:
Hi,
Since updating to OpenSSL 1.0.0e from 1.0.0d, I've been suffering a crash
when connecting with DTLS. I've tracked this down to trying to perform a
memcpy of (unsigned int)-13 in do_dtls1_write (where a length of -13 is
passed all the way
On Sep 21, 2011, at 9:40 PM, Huaqing Wang wrote:
Hi,
I don't know if any other person met this issue.
I use openssl1.0.0e, and working on dtls, in client side, if I set
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_QUERY_MTU);
SSL_set_mtu(ss_ssl, 1500);
I met a segmentation fault on the
Dear all,
what is the relationship between:
http://cvs.openssl.org/chngview?cn=19779
http://cvs.openssl.org/chngview?cn=21732
I think they both add support for
http://tools.ietf.org/html/rfc5705
Best regards
Michael
__
OpenSSL
Dear Daniel,
comments in-line.
Best regards
Michael
On Jul 10, 2009, at 1:19 PM, Daniel Mentz via RT wrote:
Dear Michael,
I've got some concerns regarding your patch:
Michael Tuexen via RT wrote:
I have looked at the patch provided by Daniel. All suggested
changes are
OK, but there
Hi Steve,
please find attached a similar patch for 0.9.8.
Best regards
Michael
dtls.patch
Description: Binary data
On Jul 13, 2009, at 1:46 PM, Stephen Henson via RT wrote:
Applied to 1.0 and HEAD. Patch doesn't work with 0.9.8, please
supply an
version for 0.9.8.
Steve.
--
Dr
On 05 Aug 2014, at 09:18, Jan Hykel via RT r...@openssl.org wrote:
Hello,
OpenSSL (1.0.1h and older) contains following problematic part of code in
/crypto/bio/bss_dgram.c, dgram_sctp_read():
---
static int dgram_sctp_read(BIO *b, char *out, int outl)
{
int ret = 0, n = 0, i,
On 22 Jul 2014, at 23:32, Brian Hassink via RT r...@openssl.org wrote:
OpenSSL: 1.0.1e
OS: Red Hat Enterprise Linux Server release 6.5
(Santiago)
Hello,
We recently did some negative testing against OpenSSL 1.0.1e, with a focus on
DTLS,
On 18 Aug 2014, at 16:31, Brian Hassink brian.hass...@oracle.com wrote:
Yes, this was observed for DTLS/SCTP.
OK. The problem is an incorrect usage of OPENSSL_assert()... Let me see if I can
come-up with a patch...
Best regards
Michael
-Brian
-Original Message-
From: Michael
OPENSSL_assert.patch
Description: Binary data
Best regards
Michael
-Brian
-Original Message-
From: Michael Tüxen via RT [mailto:r...@openssl.org]
Sent: Thursday, August 14, 2014 6:17 PM
To: Brian Hassink
Cc: openssl-dev@openssl.org
Subject: Re: [openssl.org #3470] [BUG] DTLS abort
On 08 Aug 2014, at 15:54, Martin Brejcha via RT r...@openssl.org wrote:
Hello,
When I run our application in valgrind it shows memory leak in
dgram_sctp_write:1262.
Our application using openssl-1.0.1 for DTLS over sctp.
The issue seems to be in sending of shutdown alarm. When shutdown
-Original Message-
From: Michael Tüxen via RT [mailto:r...@openssl.org]
Sent: Wednesday, August 27, 2014 3:33 PM
To: Brian Hassink
Cc: openssl-dev@openssl.org
Subject: Re: [openssl.org #3470] [BUG] DTLS abort
On 18 Aug 2014, at 21:47, Michael Tuexen michael.tue...@lurchi.franken.de
wrote
flag with no success.
Thanks,
Brian
-Original Message-
From: Michael Tüxen via RT [mailto:r...@openssl.org]
Sent: Thursday, August 28, 2014 12:20 PM
To: Brian Hassink
Cc: openssl-dev@openssl.org
Subject: Re: [openssl.org #3470] [BUG] DTLS abort
On 28 Aug 2014, at 17:25
On 28 Aug 2015, at 22:52, Ken Ballou via RT r...@openssl.org wrote:
I originally found this in version 1.0.1e, but this also appears to be
present in the latest master branch of the git repository.
If a DTLS server has been configured to require a cookie exchange, it
appears the server
54 matches
Mail list logo