Surprising behaviour of DTLSv1_listen

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

if I do:
    // ctx is setup with certificate, key and cookie callbacks
    BIO *bio = BIO_new_dgram(sock, BIO_NOCLOSE);
    SSL *ssl = SSL_new(ctx);
    SSL_set_bio(ssl, bio, bio.get());
    DTLS_set_link_mtu(ssl, 1000);
    SSL_set_options(ssl, SSL_OP_COOKIE_EXCHANGE);
    SSL_set_accept_state(ssl);
    SSL_accept(ssl);

then the MTU setting works as expected, i.e. the ServerHello
is split into two DTLS handshake fragments.

But if I do:
    BIO *bio = BIO_new_dgram(sock, BIO_NOCLOSE);
    SSL *ssl = SSL_new(ctx);
    SSL_set_bio(ssl, bio, bio.get());
    DTLS_set_link_mtu(ssl, 1000);
    SSL_set_options(ssl, SSL_OP_COOKIE_EXCHANGE);
    SSL_set_accept_state(ssl);
    DTLSv1_listen(ssl, addr.get());
    SSL_accept(ssl);

then the ServerHello is sent as a single packet (>1500 bytes).

I think the reason is that DTLSv1_listen() internally
calls SSL_clear().
I find this pretty surprising.

I personally don't really care too much, as I'll do my
own cookie handshake without DTLSv1_listen() before I
call SSL_accept(), but I thought I'd report it anyway.

  Detlef
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux