Hi Paul, On Sep 9, 2011, at 4:56 PM, Paul Witty wrote:
> Since updating to OpenSSL 1.0.0e from 1.0.0d, I've been suffering a crash > when connecting with DTLS. I've tracked this down to trying to perform a > memcpy of (unsigned int)-13 in do_dtls1_write (where a length of -13 is > passed all the way down from dtls1_do_Write, which seems to be because the > MTU on the DTLS context is 0, despite having manually set it to a non-zero > value. Further investigation shows that the change to dtls1_clear is > clearing everything in the DTLS1_STATE, which includes my previously > configured MTU. Preserving the value of the MTU across the memset in > dtls1_clear fixes the issue. I just looked into this and I guess you're right. Currently, DTLS1_STATE is always cleared and thus the MTU set to 0 before starting the initial handshake. By default, the MTU will be retrieved from the socket of the BIO object, if possible, or the default value is used later on. If SSL_OP_NO_QUERY_MTU is set to prevent the retrieval from the BIO object to provide the MTU manually, it will use the MTU stored in DTLS1_STATE as it is, that is 0, which makes no sense whatsoever. So the MTU stored in DTLS1_STATE must not be cleared if SSL_OP_NO_QUERY_MTU is set, otherwise there is no proper way to set the MTU manually. I'll provide a patch shortly. Thanks for the report! Best regards Robin ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
