Bug 465711

Summary: DTLS bug causes application abort()
Product: [Fedora] Fedora Reporter: David Woodhouse <dwmw2>
Component: opensslAssignee: Tomas Mraz <tmraz>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 9CC: tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 0.9.8g-13.fc10 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-01-15 10:27:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Patch for assert failure on outgoing send failure.
none
Patch for the second problem -- the inappropriately dropped packets and resulting garbage for non-blocking I/O none

Description David Woodhouse 2008-10-05 21:05:47 UTC 
Created attachment 319502 [details]
Patch for assert failure on outgoing send failure.

http://rt.openssl.org/Ticket/Display.html?id=1703 documents an OPENSSL_assert() failure in DTLS for which a patch exists. (openssl-0.9.8g-dtls-drop.patch)


I've just found (and fixed) another bug which causes DTLS in blocking mode to drop packets it shouldn't -- and yet another bug which causes it in _non-blocking_ mode to return garbage instead of actually dropping the 'offending' packet. (openssl-0.9.8g-dtls-replay-fix.patch)
Comment 1 David Woodhouse 2008-10-05 21:07:06 UTC 
Created attachment 319503 [details]
Patch for the second problem -- the inappropriately dropped packets and resulting garbage for non-blocking I/O
Comment 2 David Woodhouse 2008-10-06 08:30:52 UTC 
http://rt.openssl.org/Ticket/Display.html?id=1752 is the second problem.
Comment 3 David Woodhouse 2008-10-14 10:39:56 UTC 
These patches are now applied to OpenSSL CVS.
Comment 4 David Woodhouse 2008-12-21 10:25:57 UTC 
We're now shipping the openconnect client for Cisco VPN, but it still doesn't work with DTLS because of these bugs...
Comment 5 David Woodhouse 2009-01-09 10:29:51 UTC 
These two DTLS patches, which are already committed to OpenSSL CVS, are missing from the latest openssl update package...
Comment 6 Fedora Update System 2009-04-21 14:08:12 UTC 
openssl-0.9.8g-13.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/openssl-0.9.8g-13.fc10
Comment 7 Fedora Update System 2009-05-09 03:57:00 UTC 
openssl-0.9.8g-13.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.