Hi Daniel,
the UDP behaviour is a follows: If a user sends a UDP message which is
larger than the PMTU, but does fit into the send buffer, it is accepted
by the kernel, fragmented by the IP layer and transmitted. If the
size is larger than the send buffer, the send call fails since the
send
On Aug 10, 2009, at 11:21 AM, David Schwartz wrote:
Daniel Mentz wrote:
In my understanding DTLS should provide UDP semantics when run over
the
later.
That is correct.
That is if a user message is too large in terms of the PMTU it
should either be silently discarded or the sender
Hi All
I am using SSL_CTX_set_cert_verify_callback(ctx, callback, (void *)arg)
API to register the callback function for certificate verification.
However I need to set the mode (SSL_VERIFY_PEER) for SSL Context.
I am using below code to set mode and callback function. Is it right way
of doing
Hi,
I've found a memory leak and a potential buffer overflow in
d2i_SSL_SESSION() function. The fix is attached. Some explanations are
below.
1) First part. Memory leak. When doing simply return(NULL), SSL_SESSION
object at a pointer is not deallocated. I changed it so that it will be
Thanks David and Michael for your answers.
I should have pointed out in my original e-mail that I assume that the
DF (Don't Fragment) bit is set at all times. Sure, you could use IP
fragmentation and that works fine under some circumstances. But I don't
want to rely on that due to the reasons
First Time I have seem Cannot find path to openssl/engines/ .
In FreeBSD-7.2 and64 it is a show stopper. In the old
BSDI BSD/OS 4.3.X just create directory and away you go.
Suggestion:
Can the path to openssl/engines/ point ot path to openssl/lib/
after all only .so's are being installed.
--
On Tue, Aug 11, 2009, Alexei Khlebnikov wrote:
Hi,
I've found a memory leak and a potential buffer overflow in
d2i_SSL_SESSION() function. The fix is attached. Some explanations are
below.
1) First part. Memory leak. When doing simply return(NULL), SSL_SESSION
object at a pointer is
On Tue, Aug 11, 2009, The Doctor wrote:
First Time I have seem Cannot find path to openssl/engines/ .
In FreeBSD-7.2 and64 it is a show stopper. In the old
BSDI BSD/OS 4.3.X just create directory and away you go.
Suggestion:
Can the path to openssl/engines/ point ot path to
On Aug 11, 2009, at 3:47 PM, Daniel Mentz wrote:
Thanks David and Michael for your answers.
I should have pointed out in my original e-mail that I assume that
the DF (Don't Fragment) bit is set at all times. Sure, you could use
IP fragmentation and that works fine under some circumstances.
On Tue, 11 Aug 2009 17:08:19 +0200, Dr. Stephen Henson st...@openssl.org
wrote:
Please send any patches or bug reports to the request tracker in future.
That
way they don't get overlooked.
I tried to do so, but I don't have an account there, guest account doesn't
have rights to create a
Dear all,
the attached patch fixes a bug where a single user message
was distributed over multiple DTLS records.
Best regards
Michael
fragmentation.patch
Description: Binary data
[seggelm...@fh-muenster.de - Mon Jul 27 17:03:25 2009]:
This patch fixes the timeout handling. The method dtls1_get_timeout()
was intended to determine the next handshake message timeout when
using select() calls, to set their timeout. This method is renamed to
DTLSv1_get_timeout(),
On Aug 11, 2009, at 7:40 PM, Stephen Henson via RT wrote:
[seggelm...@fh-muenster.de - Mon Jul 27 17:03:25 2009]:
This patch fixes the timeout handling. The method dtls1_get_timeout()
was intended to determine the next handshake message timeout when
using select() calls, to set their timeout.
On Tue, Aug 11, 2009, Michael Txen wrote:
On Aug 11, 2009, at 7:40 PM, Stephen Henson via RT wrote:
[seggelm...@fh-muenster.de - Mon Jul 27 17:03:25 2009]:
This patch fixes the timeout handling. The method dtls1_get_timeout()
was intended to determine the next handshake message timeout when
On Aug 11, 2009, at 9:15 PM, Dr. Stephen Henson wrote:
On Tue, Aug 11, 2009, Michael Txen wrote:
On Aug 11, 2009, at 7:40 PM, Stephen Henson via RT wrote:
[seggelm...@fh-muenster.de - Mon Jul 27 17:03:25 2009]:
This patch fixes the timeout handling. The method
dtls1_get_timeout()
was
On Tue, Aug 11, 2009, Michael Txen wrote:
On Aug 11, 2009, at 9:15 PM, Dr. Stephen Henson wrote:
Using SSL_ctrl() in a similar way to (for example)
SSL_set_tlsext_host_name().
Do you mean using SSL_ctrl() instead of DTLSv1_get_timeout()? How should
DTLSv1_handle_timeout() be handled?
16 matches
Mail list logo