Maybe you can try: http://www.aet.tu-cottbus.de/rt2/Ticket/Display.html?id=1245 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=335703 This patch may fix the segmentation fault that I also confirm on openssl-0.9.8a running on linux-2.6.14/686 Some developer should review that patch. (I'll try it later if nobody has)
On 2005-12-10 16:38:16 +0000, robert dugal wrote: > Openssl 0.9.8a is incorrectly encoding the DTLS version as 0x01,0x00 > instead of 0xfe,0xff > $ ./openssl s_client -dtls1 -debug > CONNECTED(00000003) > write to 0x5d3640 [0x5dd3f8] (119 bytes => 119 (0x77)) > 0000 - 16 01 00 00 00 00 00 00-00 00 00 00 6a 01 00 00 ............j... > > > > Openssl 0.9.8a is incorrectly encoding the ChangeCipherSpec message as 3 > bytes instead of 1 byte, including a 2 byte message sequence number. > $ ./openssl s_client -dtls1 -debug > <snipped> > write to 0x5d3640 [0x5e2d80] (16 bytes => 16 (0x10)) > 0000 - 14 01 00 00 00 00 00 00-00 00 03 00 03 01 00 03 ................ > The first 13 bytes are the record header followed by the CCS which is 3 > bytes: 01 00 03 > > There is no MSN in the CCS. I had a lengthy discussion with Eric on this > topic and he was very clear that the CCS has no MSN and he did not want to > add it to the CCS. > > > I also discovered it is very easy to crash openssl or make the handshake > fail using the -mtu argument (testing on windows xp). > > ./openssl s_server -dtls1 -debug -mtu 100 > ./openssl s_client -dtls1 -debug -mtu 100 > - server Segmentation fault (core dumped) > > ./openssl s_server -dtls1 -debug -mtu 128 > ./openssl s_client -dtls1 -debug -mtu 128 > - server 888:error:143F8412:SSL routines:DTLS1_READ_BYTES:sslv3 alert bad > certificate > - client 4052:error:1409000D:SSL routines:SSL3_GET_SERVER_CERTIFICATE:ASN1 > lib:s3_clnt.c > > ./openssl s_server -dtls1 -debug -mtu 256 > ./openssl s_client -dtls1 -debug -mtu 256 > - server DTLS1_READ_BYTES:sslv3 alert bad certificate > - client 3080:error:1409000D:SSL routines:SSL3_GET_SERVER_CERTIFICATE:ASN1 > lib:s3_clnt.c > > ./openssl s_server -dtls1 -debug -mtu 512 > ./openssl s_client -dtls1 -debug -mtu 512 > - server SSL3_GET_FINISHED:digest check failed > - client handshake failure ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
