Hi Daniel, the check in dtls1_write_app_data_bytes() protects against users sending messages which are too long. An appropriate error is signaled.
dtls1_write_bytes() is also call from DTLS internal routines and I want to catch also error from that code path. But it might be better not to signal errors from that code path to the user. So I changed that check to an assertion. An updated patch is attached. Thanks for testing the patch. Best regards Michael
fragmentation1.patch
Description: Binary data
On Aug 13, 2009, at 12:34 PM, Daniel Mentz wrote: > Michael Tuexen via RT wrote: >> the attached patch fixes a bug where a single user message >> was distributed over multiple DTLS records. > > Dear Michael, > > thanks for the patch. My app runs smoothly now. > > I'm wondering if we can get rid of the redundant if statement that > checks > > if (len > SSL3_RT_MAX_PLAIN_LENGTH) > > . > dtls1_write_app_data_bytes and dtls1_write_bytes both perform this > check whereas dtls1_write_app_data_bytes calls dtls1_write_bytes. > Let's remove this sanity check from dtls1_write_app_data_bytes > because it'll get checked anyway further down the call stack. What > do you think? > > -Daniel > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org >