On Nov 1, 2012, at 2:14 PM, Bojan Pisler wrote: > Hello, > > I’m doing interop testing with our DTLS server and OpenSSL. I’m using OpenSSL > version “OpenSSL 1.0.1c 10 May 2012” with the following command line. > > openssl s_client -msg -debug -connect 127.0.0.1:9683 -dtls1 -cert client.pem > -certform PEM -key client.key -keyform PEM -CAfile root.crt –state > > Our server and OpenSSL handshake successfully when I run our server without > client authentication turned on. In this test there are no fragmented > handshake messages. The Finished signatures are calculated in the same way in > both ends since the handshake is successful. > > But when I turn on client authentication the handshake fails. Both the > CertificateVerify and Finished signatures are different which makes the > handshake fail. I suspect that the reason for this is that OpenSSL sends its > certificate to the server split into 3 fragments. The server reassembles the > Certificate handshake message successfully. But it seems like the signatures > are calculated differently. > > I have read this mailing list and tried several suggestions for handling > fragmentation but with no success. Also both RFC 4347 and 6347 are unclear on > how the signatures should be computed with regard to handshake fragmentation. > So I would like to ask for a description of how this is done in OpenSSL so I > can adapt our implementation and make it interoperable with OpenSSL? If you think RFC 6347 is unclear how the computation should be done, please send a message to t...@ietf.org to discuss this. I think just doing something because OpenSSL does it, is not the right way. If the issue can be resolved on t...@ietf.org, the implementations can be fixed if needed.
Best regards Michael > > Best regards, > > /Bojan ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org