This patch adds support for DTLS Mobility, as published in our paper:
http://link.springer.com/chapter/10.1007/978-3-642-25959-3_33?null
After negotiating support with HelloExtensions, an extended RecordHeader is
used to allow changing IP addresses with an unconnected UDP socket. Address
This patch adds the BIO_CTRL_DGRAM_SET_DONT_FRAG option for BIO_ctrl() to
activate the Don't Fragment bit for the current socket, if possible on the
platform.
This a necessary feature to realize a Path MTU Discovery with Heatbeats and to
use SCTP over DTLS for RTCWeb (Real-time Browser to
DTLS/SCTP requires DATA and FORWARD-TSN chunks to be protected with SCTP-AUTH.
It is checked if this has been activated successfully for the local and remote
peer. Due to a bug, however, the gauth_number_of_chunks field of the authchunks
struct is missing on FreeBSD, and was therefore not
On Mar 6, 2012, at 7:29 PM, Stephen Henson via RT wrote:
[seggelm...@fh-muenster.de - Mon Mar 05 15:26:38 2012]:
The DTLS implementation does not lower the assumed MTU after
unsuccessful retransmissions, which results in a failing handshake in
case fragmentation is necessary.
With this
DTLS does not handle timeouts correctly, because the timeout counter is reset
every time anything has been received, and not only after a full handshake
flight. The reset should only be done when the retransmission timer is stopped,
otherwise the maximum number of retransmission is never met in
The DTLS implementation does not lower the assumed MTU after unsuccessful
retransmissions, which results in a failing handshake in case fragmentation is
necessary.
With this patch the MTU is reduced to a safe value of 576 - 20 - 8 for IPv4
and 1280 - 40 - 8 for IPv6, respectively, after 2
DTLS maintains timers for every handshake flight in case retransmissions are
necessary. In the current implementation the timer is stopped as soon as any
message of the following flight arrived. This can lead to a deadlock, if the
flight was incomplete for some reason and the missing message is
This patch fixes two padding related bugs for the Heartbeat Response messages.
For DTLS, the wrong pointer was used, which may overwrite the payload with the
random padding. For TLS, there was no random padding at all.
Best regards
Robin
tls-heartbeat-padding-bug-1.0.1.patch
A new version with auto-generated error codes (instead adding them manually)
and improved extension state initialization.
Best regards
Robin
dtls-tls-heartbeats-1.0.1.patch
Description: Binary data
New version with less binary operations.
SSL_OP_NO_HB_REQUEST is replaced with
SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS and the alias
SSL_set_tlsext_heartbeat_no_requests(ssl, arg).
SSL_heartbeat_pending(ssl) is replaced with
SSL_get_tlsext_heartbeat_pending(ssl) for consistency's sake.
Remove more unnecessary binary operations.
Best regards
Robin
dtls-tls-heartbeats-1.0.1.patch
Description: Binary data
Here is an updated version of the patch for the current 1.0.1 branch.
Best regards
Robin
ipv6.patch
Description: Binary data
Updated version with less defines and without breaking binary compatibility.
Best regards
Robin
dtls-tls-heartbeats-1.0.1.patch
Description: Binary data
Here is an updated version with the numbers for the Heartbeat Protocol and the
Hello Extension assigned by IANA.
Best regards
Robin
Here is an updated version with the numbers for the Heartbeat Protocol and the Hello Extensionassigned by IANA.
Best regardsRobin
dtls-tls-heartbeats-1.0.1.patch
This patch adds TLS/DTLS Heartbeats, as described in
tools.ietf.org/html/draft-ietf-tls-dtls-heartbeat
Heartbeats can be sent any time when no handshake is in progress to check the
availability of the peer. The retransmission feature of DTLS is used to repeat
lost Heartbeats. If no response is
The signature in the ServerKeyExchange is created with wrong parameters with
ECC keys, because the TLS header length is used instead of the DTLS header
length.
Thanks to Erwin Himawan for providing hints!
Best regards
Robin
--- ssl/d1_srvr.c 5 Sep 2011 10:25:21 - 1.20.2.21
The reception of incomplete or incorrectly formatted DTLS fragments is handled
with an OPENSSL_assert(), causing the program to exit rather then just
terminating the connection. This patch exchanges the asserts with unexpected
message and illegal parameter alerts.
Thanks to Zhu Qun-Ying for
Since patch #2506 the MTU stored in DTLS1_STATE is cleared with every initial
handshake. This prevents setting an MTU manually when SSL_OP_NO_QUERY_MTU is
set and causes OpenSSL to crash because an MTU of 0 is used therefore an memcpy
with a negative length in the following. This patch prevents
DTLS buffers records of the next epoch while listening, although it's not
supposed to change its state. Additionally, when the decryption of buffered
records fails, the connection is dropped with a BadRecord alert, instead of
just silently discarding the message. With this patch nothing is
The socket timeout is adjusted before reading and reset afterwards, in case a
handshake is in progress to handle handshake timeouts properly. The reset,
however, is done before the socket error handling. The new system call
overwrites the error code when using Windows and breaks the error
The server starts a timer when sending a HelloVerifyRequest, although its state
should remain unchanged.
Thanks to Yogesh Chopra for finding this bug!
Best regards
Robin
--- ssl/d1_srvr.c 25 May 2011 14:29:55 - 1.20.2.18
+++ ssl/d1_srvr.c 27 Jun 2011 10:02:10 -
@@
As mentioned by Nilesh Vaghela, DTLSv1_handle_timeout() does not handle errors
because of too many retransmissions correctly. The return value should be -1
instead of 0, so the application can detect the error.
Best regards
Robin
--- ssl/d1_lib.c25 May 2011 14:30:05 -
Setting SSL_MODE_RELEASE_BUFFERS should be ignored for DTLS, but instead causes
the program to crash. This is due to missing version checks and is fixed with
this patch.
Best regards
Robin
--- ssl/s3_pkt.c11 May 2011 13:37:52 - 1.72.2.7.2.7
+++ ssl/s3_pkt.c25 May
Here is an updated version of the patch, also addressing the memory leak
reported in #1714.
Best regards
Robin
--- ssl/d1_lib.c3 Apr 2011 17:14:48 - 1.8.2.13.2.1
+++ ssl/d1_lib.c6 May 2011 12:40:39 -
@@ -129,26 +129,33 @@
return(1);
}
-void
The client always starts timer for the retransmission of the ChangeCipherSpec
and Finished, although that is only correct when performing a full handshake.
With the abbreviated session resumption handshake, these messages are not
followed by a response of the server, so the timer is never
The implementation of dtls1_clear(), called by SSL_clear(), is not handling the
DTLS1_STATE struct at s-d1. Hence, calling SSL_clear() does not reset any
value stored in this struct, which includes epochs, sequence numbers, replay
check bitmask, buffered messages, etc. This also prevents the
Hi,
On Apr 1, 2011, at 9:28 AM, via RT wrote:
I’ve tested DTLS implementation and know that several fixes has been
applied for issues related to fragment.
Thanks for testing! There is a known issue with the bitmask, the patch #2457
addresses that, but has not been applied to the official
DTLS clears the handshake retransmission buffer every time a message has been
received, assuming no retransmissions are necessary anymore. This fails when
the last flight of the server was lost twice. The first time DTLS bundles the
SessionTicket, ChangeCipherSpec and Finished messages into one
With patch #2230 a DTLS reassembly bitmask array should have been changed.
Unfortunately this change was lost, so there is still a bug. Fragmented
messages with lengths of multiples of 8 may not be handled correctly, because
the highest byte of the bitmask will be compared to 0x00 instead of
While listening for incoming connections, DTLS should answer every ClientHello
with a HelloVerifyRequest without changing its state. However, this is not the
case since the handshake sequence numbers are still incremented with every
incoming message. After receiving an initial ClientHello (seq
On 05.09.2010, at 02:08, Stephen Henson via RT wrote:
[seggelm...@fh-muenster.de - Mon Aug 30 16:26:24 2010]:
On Aug 27, 2010, at 2:32 PM, Stephen Henson via RT wrote:
[seggelm...@fh-muenster.de - Fri Aug 27 11:34:17 2010]:
Unfortunately, there was newer code which was not yet covered
On Aug 27, 2010, at 2:32 PM, Stephen Henson via RT wrote:
[seggelm...@fh-muenster.de - Fri Aug 27 11:34:17 2010]:
Unfortunately, there was newer code which was not yet covered by the
patch. This caused an abbreviated handshake to fail.
Applied now, thanks.
Note that since we need to
Updated version. The variable new_session is now set during a full handshake as
before, to avoid breaking applications which access it directly instead using
SSL_renegotiate_pending() to determine whether a handshake is in progress.
--- ssl/d1_clnt.c 26 Jan 2010 19:46:29 -
OpenSSL does not compile anymore as a shared library with Mac OS X since
check-ins #19768 - #19771 by appro. It always fails with the following error:
making all in engines...
/bin/sh: -c: line 0: unexpected EOF while looking for matching ``'
/bin/sh: -c: line 1: syntax error: unexpected end of
Here is an up to date version of the patch for OpenSSL 1.0.1, adding the TLS
Key Exporter, as described in RFC 5705.
--- ssl/ssl.h 6 Jan 2010 17:37:38 - 1.221.2.24
+++ ssl/ssl.h 17 Jun 2010 12:25:35 -
@@ -1806,6 +1806,10 @@
/* Pre-shared secret session resumption functions */
Here is an up to date version of the patch for OpenSSL 1.0.1.
This patch adds the new variable 'renegotiate' to the SSL struct. Until now the
variable 'new_session' is used to indicate if a renegotiation is in progress
AND if a new session has to be created, i.e. a full handshake has to be
On Apr 26, 2010, at 12:44 PM, Stephen Henson via RT wrote:
[seggelm...@fh-muenster.de - Mon Apr 26 11:04:29 2010]:
You're right. The loop was written in the assumption that the control
variable in the for loop can become -1. Since the variable type was
changed to unsigned long, that
There is still a bug in the bitmask macros, reported by Daniel Mentz. While
checking if the message is complete a read might occur beyond the bitmask
array. This is fixed with this patch and the check is now also done backwards
which should be faster usually.
Regards,
Robin
---
In my opinion the patch is also not necessary, because dtls1_buffer_message()
requires a pointer to some 64 bit data to be used as the priority for the
queue. However, s-s3-rrec.seq_num already is a pointer, since it is an array.
Using (s-s3-rrec.seq_num) usually returns the same value, i.e.
On Apr 14, 2010, at 2:20 PM, Stephen Henson via RT wrote:
This patch appears to be broken on OpenSSL 0.9.8 it gives warnings:
d1_both.c: In function ‘dtls1_reassemble_fragment’:
d1_both.c:623: error: passing argument 2 of ‘pqueue_find’ makes integer
from pointer without a cast
On 14.04.2010, at 15:35, Stephen Henson via RT wrote:
[seggelm...@fh-muenster.de - Wed Apr 14 12:08:30 2010]:
In my opinion the patch is also not necessary, because
dtls1_buffer_message() requires a pointer to some 64 bit data to be
used as the priority for the queue. However,
The recent checkin #19560 causes a bug by changing the third parameter from
rr-seq_num to rr-seq_num in dtls_buffer_record() calls in d1_pkt.c. However,
this is not correct because rr-seq_num is an array, see ssl3.h:
unsigned char seq_num[8];
So it was referenced correctly, the change was not
This patch adds an OPENSSL_SYS_BSD define, to consider BSD platforms when
implementing platform-dependent functionality. This is necessary for future
DTLS features.
--- Configure 19 Jan 2010 21:40:54 - 1.621.2.34
+++ Configure 8 Apr 2010 10:39:52 -
@@ -381,19 +382,19 @@
Whenever handshake messages are buffered because they arrived reordered and
already belong to the next epoch, the MAC validation fails when the messages
are finally processed because the sequence number is not restored and instead 0
is always used. This is fixed with setting the
DTLS drops the connection with a BAD_RECORD alert whenever validation of the
MAC or decryption failed. This is ok with the specification as an optional
behavior but is also an easy target for a potential attack to drop the
connection. An attacker only has to send random data to cause the
The reassembly for fragmented DTLS handshake messages only works if the
fragments don't overlap, aren't reordered and haven't been retransmitted. This
patch fixes this and allows the reassembly of messages regardless of
retransmissions, losses, reordering or even the mixture of fragments of
To handle handshake message timeouts properly, DTLS sets the socket timeouts
according to the currently remaining time until the next timeout occurs.
However, in some cases this doesn't work because the operating system returns
the socket call a few milliseconds before the DTLS timer expires.
On Apr 6, 2010, at 10:56 AM, Daniel Mentz wrote:
Robin Seggelmann via RT wrote:
To handle handshake message timeouts properly, DTLS sets the socket timeouts
according to the currently remaining time until the next timeout occurs.
However, in some cases this doesn't work because
Application data arriving between ChangeCipherSpec and Finished is buffered and
processed after the handshake has been completed. While calling
dtls1_buffer_record() a NULL-pointer was passed as priority. This causes a
crash when multiple messages have to be buffered. With this patch the
This patch addresses this issue.
--- ssl/d1_pkt.c4 Oct 2009 16:52:35 - 1.27.2.18
+++ ssl/d1_pkt.c4 Apr 2010 09:10:09 -
@@ -667,14 +667,14 @@
if (rr-length == 0) goto again;
/* If this record is from the next epoch (either HM or ALERT),
-*
In the fix for #1949 was a typo which breaks DTLS and results in an infinite
loop. The state SSL3_ST_CW_FLUSH is for the client and the server needs
SSL3_ST_SW_FLUSH. Here's a patch to fix that:
--- ssl/d1_srvr.c 26 Jan 2010 19:40:36 - 1.2.2.27
+++ ssl/d1_srvr.c 31 Jan
The Sessionticket extension doesn't work with DTLS. The NewSessionTicket
message of the server is truncated because of a wrong calculation of the length
and the server is also unable to parse the ticket attached to a ClientHello
because DTLS is considered as an unknown protocol version.
Since IPv6 support was added, in dgram_write() the size of data-peer cannot be
used for sendto() anymore. The union has the size of sockaddr_in6 when IPv6 is
enabled and therefore sendto() always fails with Invalid Argument when only
IPv4 is used. It should be either the size of sockaddr_in or
This patch adds the renegotiaton extension for DTLS and also fixes a
segmentation fault occuring on server-side when the ClientHello could not be
processed and therefore no cipher is set.
Regards,
Robin
--- ssl/d1_both.c 2 Nov 2009 13:37:17 - 1.14.2.16
+++ ssl/d1_both.c
The latest changes of bss_dgram.c affected the behavior of
BIO_CTRL_DGRAM_GET_PEER, which now requires to preset the expected IP type
before requesting the current peer. This was done to prevent that the user
always has to use sockaddr_storage, even if he doesn't use IPv6 at all. The
default
In check-in 18896 for openssl/crypto/perlasm/x86_64-xlate.pl in branch
OpenSSL_1_0_0-stable was a typo:
- # in $self-{label}
- $self-{label} =~ s/(?![0-9a-f])(0[x0-9a-f]+)/oct($1)/egi;
+ # in $self-{label}, new gas requires sign extentions...
+ user
DTLS fragmentation doesn't consider the additional data required with
using encryption, so the packet size then exceeds the MTU when
fragmentation is performed. This patch subtracts the size of the mac
and the additional encryption bytes of the maximum possible length for
a fragment, if
On Sep 8, 2009, at 8:26 PM, Robin Seggelmann via RT wrote:
Am 08.09.2009 um 19:59 schrieb Stephen Henson via RT:
[seggelm...@fh-muenster.de - Tue Sep 08 18:31:29 2009]:
That's just a simple example. If you use blocking sockets, it
doesn't
return until a ClientHello with a valid cookie
On Sep 9, 2009, at 2:23 PM, Stephen Henson via RT wrote:
[seggelm...@fh-muenster.de - Wed Sep 09 08:49:17 2009]:
On Sep 8, 2009, at 8:26 PM, Robin Seggelmann via RT wrote:
Here's an updated version of the patch:
[snipped]
This doesn't compile cleanly, patches should compile without
Am 08.09.2009 um 18:15 schrieb Stephen Henson via RT:
[seggelm...@fh-muenster.de - Thu Sep 03 18:09:34 2009]:
This patch adds the function dtls1_listen(SSL *s, struct sockaddr
*client), as well as the user accessible macro DTLSv1_listen(). It is
intended to be called with an SSL object with
Am 08.09.2009 um 19:59 schrieb Stephen Henson via RT:
[seggelm...@fh-muenster.de - Tue Sep 08 18:31:29 2009]:
That's just a simple example. If you use blocking sockets, it doesn't
return until a ClientHello with a valid cookie has been received
(returns 1) or an error occurred (returns 0).
Am 08.09.2009 um 18:31 schrieb Robin Seggelmann via RT:
Am 08.09.2009 um 18:15 schrieb Stephen Henson via RT:
[seggelm...@fh-muenster.de - Thu Sep 03 18:09:34 2009]:
This patch adds the function dtls1_listen(SSL *s, struct sockaddr
*client), as well as the user accessible macro
On Sep 4, 2009, at 1:21 PM, Stephen Henson via RT wrote:
[seggelm...@fh-muenster.de - Fri Sep 04 09:39:52 2009]:
Still wrong castsI hope that's it now
A fair number of the casts seem to be unnecessary for example in
RAND_bytes(), OPENSSL_malloc() and HMAC(). Do you get warnings
On Sep 2, 2009, at 2:55 PM, Stephen Henson via RT wrote:
[seggelm...@fh-muenster.de - Wed Aug 26 19:49:38 2009]:
This patch fixes the size of the read and write buffers which are 8
bytes too small for DTLS. The function ssl3_setup_buffers() is called
to allocate the necessary memory for the
This patch adds the function dtls1_listen(SSL *s, struct sockaddr
*client), as well as the user accessible macro DTLSv1_listen(). It is
intended to be called with an SSL object with a listening socket.
Every ClientHello arriving will be answered with a HelloVerifyRequest
without allocating
This patch fixes several issues with DTLS cookies. At first the
maximum cookie length was defined as 32 bytes, while the specification
states 256 bytes. Then there was code in the wrong order which
prevented the use of cookies larger than 0 bytes in
ssl3_get_client_hello(), it was tried to
This patch fixes the size of the read and write buffers which are 8
bytes too small for DTLS. The function ssl3_setup_buffers() is called
to allocate the necessary memory for the read and write buffers. This
is done in two subfunctions, ssl3_setup_read_buffer() and
When configuring OpenSSL with ./config shared --prefix=$HOME/install
on Mac OS X 10.5.8, it compiles cleanly but doesn't install.
Apparently some Makefiles seem to be messed up:
making install in crypto...
...
making install in ssl...
making install in engines...
installing 4758cca
cp:
On Aug 12, 2009, at 3:23 PM, Stephen Henson via RT wrote:
[seggelm...@fh-muenster.de - Wed Aug 12 08:34:27 2009]:
Ok, here's an updated version. Internally is dtls1_get_timeout() and
dtls1_handle_timeout() used. They can be called externally using
SSL_ctrl() with DTLS_CTRL_GET_TIMEOUT and
On Aug 11, 2009, at 7:40 PM, Stephen Henson via RT wrote:
[seggelm...@fh-muenster.de - Mon Jul 27 17:03:25 2009]:
This patch fixes the timeout handling. The method dtls1_get_timeout()
was intended to determine the next handshake message timeout when
using select() calls, to set their
This patch fixes the timeout handling. The method dtls1_get_timeout()
was intended to determine the next handshake message timeout when
using select() calls, to set their timeout. This method is renamed to
DTLSv1_get_timeout(), to fit the common naming scheme and the
declaration is moved.
In d1_clnt.c the variables s-d1-send_cookie and s-hit aren't reset
when initiating a new renegotiation handshake. This is ok if a new
session is created, that is everything will be reset anyway, but with
an abbreviated handshake without a new session this causes the
handshake to fail.
When the socket timeout has to be adjusted because of a handshake
timeout expiring earlier, the user set value is saved and reset
afterwards. This patch adds a missing if-clause in
dgram_reset_rcv_timeout() to prevent the reset of the socket timeout
when no timer is active. Since no
This patch changes the behavior of DTLS regarding erroneous record
headers. The current implementation reports an error if the version or
length entries of the record layer are unexpected and closes the
connection. This is probably takes over from TLS but doesn't make
sense with DTLS,
Hi Michael,
this bug has already been described in bug report #1828 and has been
fixed in OpenSSL 1.0.0 beta 2 as well as in the current version of the
0.9.8 stable development branch. To solve this issue you can either
use OpenSSL 1.0.0 beta 2 or use the patches for 0.9.8k provided on
The variable s-s3-tmp.ecdh is set in ssl3_send_server_key_exchange()
or dtls1_send_server_key_exchange(), after it is checked if it points
to NULL. Later it is read only once in ssl3_get_client_key_exchange(),
but then not freed and set to NULL again. When a renegotiation with a
full
Here is an updated version, the last didn't cover every variation of
the handshake message flow because the CertificateVerify state is
entered every time, not only when a CertificateVerify message is
really expected.
--- crypto/bio/bss_dgram.c 5 Jun 2009 08:35:54 - 1.7.2.13
I just found another timing bug...
--- crypto/bio/bss_dgram.c 5 Jun 2009 08:35:54 - 1.7.2.13
+++ crypto/bio/bss_dgram.c 5 Jun 2009 14:00:26 -
@@ -217,12 +217,19 @@
timeleft.tv_usec += 100;
}
+ if
When handshake messages can't be reassembled because a fragment got
lost, the ChangeCipherSpec included in the same flight was still
processed. The new mastersecret has not been calculated yet, so random
memory is used causing the connection to fail. This patch drops every
ChangeCipherSpec
On May 16, 2009, at 2:08 PM, Stephen Henson via RT wrote:
[seggelm...@fh-muenster.de - Sat May 16 12:13:35 2009]:
Patch applied to 1.0.0 and HEAD. Should this go into 0.9.8 too?
Thanks for applying. Yes, this is important for 0.9.8, too. Every
patch for DTLS I submitted concerns both
On May 17, 2009, at 6:46 PM, Stephen Henson via RT wrote:
[steve - Sat May 16 18:28:06 2009]:
Patch applied to 1.0, HEAD and 0.9.8. Thanks for the report.
Patch reverted on 0.9.8, it breaks compilation. Please supply a
version
for 0.9.8.
The 0.9.8 version:
--- ssl/d1_both.c
On May 17, 2009, at 6:44 PM, Stephen Henson via RT wrote:
Ooops, missed the attachment. Patch now applied to 1.0.0-beta and
HEAD.
A modified version was applied to 0.9.8, please check that is OK.
The only problem I found was a variable name in apps/s_server.c and
apps/s_client.c, that
Patch applied to 1.0.0 and HEAD. Should this go into 0.9.8 too?
Thanks for applying. Yes, this is important for 0.9.8, too. Every
patch for DTLS I submitted concerns both branches, there are no
differences so far.
Robin
Records are buffered if they arrive with a future epoch to be
processed after finishing the corresponding handshake. There is
currently no limitation to this buffer allowing an attacker to perform
a DOS attack with sending records with future epochs until there is no
memory left. This
In dtls1_process_out_of_seq_message() the check if the current message
is already buffered was missing. For every new message was memory
allocated, allowing an attacker to perform an denial of service attack
with sending out of seq handshake messages until there is no memory
left.
I have just found the new get_current_time() function in bss_dgram.c
and modified the patch so that it will be used. Additionally I have
copied this function to d1_lib.c and made the timer functions there
use it to avoid redundant code.
dtls-timer-bug-1.0.0.patch
Description: Binary
This patch is broken due to line wrap issues. Try a plain text
attachment or if that fails a gziped one.
Ok, let's try a plain text attachment...
Some of the changes break source compatibility with previous
versions of
the patch. That's ok for now but once this stuff appears in a
OK that's better but the patch doesn't apply cleanly to 1.0.0-stable:
getting rejects in bss_dgram.c
Oh, I was still using beta 2 to create the patches and haven't noticed
the changes you made in the meantime. Here is a new version attached.
It was the change of the name of
This suggested patch is not conform to ANSI C. The declaration of
variables always has to be done at the beginning of their scope:
--- ssl/d1_both.c 2009-04-19 20:03:11.0 +0200
+++ ssl/d1_both.c 2009-05-12 09:23:30.0 +0200
@@ -519,6 +519,8 @@
if (
I have updated the last patch, considering the suggestions of Daniel
Mentz.
The previous solutions were done in the BIO object, which was not a
good choice. Additionally they didn't allow non-blocking sockets to be
used.
This approach doesn't rely on socket errors anymore. The timer stuff
This patch fixes a bug when checking if the additional timer for
handshake messages is expired. The timeval structs were not compared
in the right way. According to the RFC 4347, timers should be
initialized with 1 second and doubled after each timeout up to 60
seconds. This behavior is
The compatibility with 1.0.0beta1 required more changes than I
thought...the function tls1_PRF was modified significantly. So here's
a working version of the patch:
--- ssl/ssl.h 2008-12-27 03:09:23.0 +0100
+++ ssl/ssl.h 2009-04-17 11:03:58.0 +0200
@@ -1770,6 +1770,10 @@
Updated version for compatibility with 1.0.0beta1:
--- ssl/ssl.h 2008-12-27 03:09:23.0 +0100
+++ ssl/ssl.h 2009-04-16 10:14:12.0 +0200
@@ -1770,6 +1770,10 @@
/* Pre-shared secret session resumption functions */
int SSL_set_session_secret_cb(SSL *s,
Updated version for compatibility with 1.0.0beta1:
--- ssl/d1_clnt.c 2008-06-02 00:33:24.0 +0200
+++ ssl/d1_clnt.c 2009-04-16 09:41:59.0 +0200
@@ -169,7 +169,7 @@
switch(s-state)
{
case SSL_ST_RENEGOTIATE:
-
In ssl/kssl.c the constant _XOPEN_SOURCE is defined which results in
using an old POSIX version and compilation problems on recent FreeBSD
systems when adding SCTP support (necessary for SCTP-aware DTLS).
With _XOPEN_SOURCE defined to 500, in sys/cdefs.h the constant
_POSIX_C_SOURCE will
The corresponding patch for 0.9.8 and 1.0.0:
--- ssl/kssl.c 2009-02-14 22:49:38.0 +0100
+++ ssl/kssl.c 2009-04-16 13:30:18.0 +0200
@@ -68,7 +68,7 @@
#include openssl/opensslconf.h
-#define _XOPEN_SOURCE 500 /* glibc2 needs this to declare strptime() */
+#define
I just had another look at the code in ssl/kssl.c and didn't find any
use of strptime(). The header file time.h doesn't need to be included
at all, because there is nothing (left) requiring it. So the code
should be removed.
--- ssl/kssl.c 2009-02-14 22:49:38.0 +0100
+++
This updated version addresses (hopefully) all changes made to struct
sst_st in 1.0.0beta1 to save/restore the state correctly.
--- ssl/d1_both.c 2007-10-17 23:15:48.0 +0200
+++ ssl/d1_both.c 2009-04-14 11:56:36.0 +0200
@@ -136,7 +136,6 @@
static void
This updated version includes the suggestions of Nagendra Modadugu.
--- ssl/d1_both.c 2007-10-17 23:17:49.0 +0200
+++ ssl/d1_both.c 2009-03-23 19:39:10.0 +0100
@@ -136,7 +136,6 @@
static void dtls1_set_message_header_int(SSL *s, unsigned char mt,
unsigned
This updated version includes the suggestions of Nagendra Modadugu.
--- ssl/d1_lib.c2008-10-13 08:43:05.0 +0200
+++ ssl/d1_lib.c2009-03-23 18:53:11.0 +0100
@@ -114,6 +114,7 @@
d1-processed_rcds.q=pqueue_new();
d1-buffered_messages = pqueue_new();
1 - 100 of 109 matches
Mail list logo