Bug 1462541 - openssl with DTLS hangs as a server
openssl with DTLS hangs as a server
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: openssl (Show other bugs)
26
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Tomas Mraz
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-18 12:25 EDT by Nikos Mavrogiannopoulos
Modified: 2017-06-25 12:20 EDT (History)
1 user (show)

See Also:
Fixed In Version: openssl-1.1.0f-4.fc26
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-06-25 12:20:40 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Nikos Mavrogiannopoulos 2017-06-18 12:25:48 EDT
Description of problem:
When attempting to run a DTLS server using openssl from Fedora 26, the server hangs while receiving packets from the client.

Version-Release number of selected component (if applicable):
openssl-1.1.0f-3

How reproducible:
(instructions require the gnutls git repo for certs/keys)
$ cd tests/suite
$ openssl s_server -cipher ALL -quiet -accept 5555 -keyform pem -certform pem  -timeout -key ./../certs/rsa-2432.pem -cert ./../certs/cert-rsa-2432.pem -dkey ./../key-tests/data/dsa.1024.pem -dcert ./../key-tests/data/cert.dsa.1024.pem  -CAfile ./../../doc/credentials/x509/ca.pem -state  -dtls1_2

In other terminal:
$ gnutls-cli --udp 127.0.0.1 -p 5555 --insecure

(the cmd openssl s_client -connect 127.0.0.1:5555 -dtls
does not seem to work either)

The client hangs waiting for reply from the server. The server seems like it is not receiving the followup client hello messages.


I tried reproducing with upstream 1.1.0f from repository and I couldn't. The connection was established.
Comment 1 Tomas Mraz 2017-06-20 10:14:30 EDT
Investigated and found that this is not broken by downstream patches but by enabling the sctp protocol support.

I'll forward this to upstream.
Comment 2 Fedora Update System 2017-06-23 11:38:16 EDT
openssl-1.1.0f-4.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-09d4464361
Comment 3 Fedora Update System 2017-06-24 21:19:21 EDT
openssl-1.1.0f-4.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-09d4464361
Comment 4 Fedora Update System 2017-06-25 12:20:40 EDT
openssl-1.1.0f-4.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.