Bug report: dtls handshake loops after 'certificate verify' packet loss OpenSSL version 1.0.1c
OS: Linux (Open SUSE 10.3) Using DTLS back to back with client certificate verification enabled, the handshake sequence enters a loop if the first packet containing the 'certificate verify' message is lost. After a timeout the client resends the all the packets of that flight (flight 5 in figure 1 of RFC 4347). However the server appears to ignore the retransmission and resends the earlier flight (flight 4 in figure 1 of RFC 4347). This pattern then repeats with increasing timeouts. If the packets containing the client certificate, client key exchange or the ChangeCipherSpec are lost as well then the retransmissions are handled and the handshake completes. Kind regards, Kevin Dempsey = ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
