On 18 Aug 2014, at 21:47, Michael Tuexen <michael.tue...@lurchi.franken.de> wrote:
> On 18 Aug 2014, at 16:31, Brian Hassink <brian.hass...@oracle.com> wrote: > >> Yes, this was observed for DTLS/SCTP. > OK. The problem is an incorrect usage of OPENSSL_assert()... Let me see if I > can > come-up with a patch... Hi Brian, please find attached a patch which fixes several usages of OPENSSL_assert() and let me know if this resolves your issue. Please note that you want also to apply the patch from http://rt.openssl.org/Ticket/Display.html?id=3483&user=guest&pass=guest Best regards Michael
OPENSSL_assert.patch
Description: Binary data
> > Best regards > Michael >> >> -Brian >> >> -----Original Message----- >> From: Michael Tüxen via RT [mailto:r...@openssl.org] >> Sent: Thursday, August 14, 2014 6:17 PM >> To: Brian Hassink >> Cc: openssl-dev@openssl.org >> Subject: Re: [openssl.org #3470] [BUG] DTLS abort >> >> >> On 22 Jul 2014, at 23:32, Brian Hassink via RT <r...@openssl.org> wrote: >> >>> OpenSSL: 1.0.1e >>> >>> OS: Red Hat Enterprise Linux Server release 6.5 >>> (Santiago) >>> >>> >>> >>> Hello, >>> >>> >>> >>> We recently did some negative testing against OpenSSL 1.0.1e, with a focus >>> on DTLS, and observed that the library, running on the peer, could be made >>> to abort by simply disconnecting during the handshake process. >>> >>> >>> >>> The abort is due to a getsockopt() or setsockopt() call failing from within >>> dgram_sctp_read() because the socket descriptor has been rendered invalid >>> by the disconnect. >> Did you test DTLS/UDP or DTLS/SCTP? Do you really mean dgram_sctp_read()? >> >> Best regards >> Michael >>> >>> >>> >>> We ran the same scenario against TLS, but it is not affected. >>> >>> >>> >>> ______________________________________________________________________ >>> OpenSSL Project http://www.openssl.org >>> Development Mailing List openssl-dev@openssl.org >>> Automated List Manager majord...@openssl.org >>> >> >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> Development Mailing List openssl-dev@openssl.org >> Automated List Manager majord...@openssl.org >> > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org >