Re: DTLS not working

On Wed, Nov 29, 2017 at 2:26 AM, Choon Hoe Chua wrote: > Hi All > > I have Openconnect server up and running and clients can connect fine. But > the connection protocol is always TLSv1.2. It does not seem to use DTLS, no > matter which client I use (Cisco Anyconnect on

Re: [PATCH] bugfix: a single SSL record can't contain >16KiB, therefore we must loop when writing a larger buffer

As usual, you're right on all counts, in particular the *non-pedantic* bit about <= vs. <. Thanks! -Dan On Wed, Nov 29, 2017 at 1:32 AM, David Woodhouse wrote: > I pushed a modified version (with the loop condition changed). I > haven't actually tested it, especially at the

Re: [PATCH] bugfix: a single SSL record can't contain >16KiB, therefore we must loop when writing a larger buffer

I pushed a modified version (with the loop condition changed). I haven't actually tested it, especially at the edge conditions for the off-by-one error I thought I saw. Please test. In another throwback to the 20th century, we also try to limit commit messages to 80 columns. I changed that too ;)

[PATCH] bugfix: a single SSL record can't contain >16KiB, therefore we must loop when writing a larger buffer

A single SSL record can't contain >16KiB, so the HTTPS request buffer may not get fully written if it's larger than this. I discovered this frustrating bug while working on GlobalProtect HIP support, which requires sending giant blobs of XML to the gateway. Signed-off-by: Daniel Lenski