Hello,
I'm doing interop testing with our DTLS server and OpenSSL. I'm using OpenSSL version "OpenSSL 1.0.1c 10 May 2012" with the following command line. openssl s_client -msg -debug -connect 127.0.0.1:9683 -dtls1 -cert client.pem -certform PEM -key client.key -keyform PEM -CAfile root.crt -state Our server and OpenSSL handshake successfully when I run our server without client authentication turned on. In this test there are no fragmented handshake messages. The Finished signatures are calculated in the same way in both ends since the handshake is successful. But when I turn on client authentication the handshake fails. Both the CertificateVerify and Finished signatures are different which makes the handshake fail. I suspect that the reason for this is that OpenSSL sends its certificate to the server split into 3 fragments. The server reassembles the Certificate handshake message successfully. But it seems like the signatures are calculated differently. I have read this mailing list and tried several suggestions for handling fragmentation but with no success. Also both RFC 4347 and 6347 are unclear on how the signatures should be computed with regard to handshake fragmentation. So I would like to ask for a description of how this is done in OpenSSL so I can adapt our implementation and make it interoperable with OpenSSL? Best regards, /Bojan
