Created attachment 319502 [details] Patch for assert failure on outgoing send failure. http://rt.openssl.org/Ticket/Display.html?id=1703 documents an OPENSSL_assert() failure in DTLS for which a patch exists. (openssl-0.9.8g-dtls-drop.patch) I've just found (and fixed) another bug which causes DTLS in blocking mode to drop packets it shouldn't -- and yet another bug which causes it in _non-blocking_ mode to return garbage instead of actually dropping the 'offending' packet. (openssl-0.9.8g-dtls-replay-fix.patch)
Created attachment 319503 [details] Patch for the second problem -- the inappropriately dropped packets and resulting garbage for non-blocking I/O
http://rt.openssl.org/Ticket/Display.html?id=1752 is the second problem.
These patches are now applied to OpenSSL CVS.
We're now shipping the openconnect client for Cisco VPN, but it still doesn't work with DTLS because of these bugs...
These two DTLS patches, which are already committed to OpenSSL CVS, are missing from the latest openssl update package...
openssl-0.9.8g-13.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/openssl-0.9.8g-13.fc10
openssl-0.9.8g-13.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.