While testing interop of our DTLS implementation with openssl 0.9.8g I
found an issue with openssl client handling the close notify alert from
our server.
After our server responds to the "GET /" it sends a close notify alert to
close the connection.
openssl gets the alert and decrypts it correctly but doesn't process the
alert and enters a state where it is waiting for another record from the
server.
The problem appears to be in the following code in dtls1_read_bytes() in
d1_pkt.c
if (dest_maxlen > 0)
{
/* XDTLS: In a pathalogical case, the Client Hello
* may be fragmented--don't always expect dest_maxlen bytes
*/
if ( rr->length < dest_maxlen )
{
s->rstate=SSL_ST_READ_HEADER;
rr->length = 0;
goto start;
}
/* now move 'n' bytes: */
for ( k = 0; k < dest_maxlen; k++)
{
dest[k] = rr->data[rr->off++];
rr->length--;
}
*dest_len = dest_maxlen;
}
}
In my case before "if (dest_maxlen > 0)" I have dest_max_len = 7 and
rr_length = 2.
The "if ( rr->length < dest_maxlen )" causes a "goto start" where another
call to
dtls1_get_record() will take place, which is incorrect because the alert
has not been handled.
I am not sure what is the purpose of the "if ( rr->length < dest_maxlen )"
I can force the code to handle the alert if I if change the code to this:
"if ( rr->length < dest_maxlen && (rr->type != SSL3_RT_ALERT))"
This is just my own hack and may not be the correct action.
-----------------------------------------------
Robert Dugal
Member of Development Group
Certicom Corp.
EMAIL: [EMAIL PROTECTED]
PHONE: (905) 501-3848
FAX : (905) 507-4230
WEBSITE: www.certicom.com
