Bug 527015 - DTLS broken in 1.0.0-beta3
DTLS broken in 1.0.0-beta3
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: openssl (Show other bugs)
rawhide
All Linux
low Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Fedora Extras Quality Assurance
:
Depends On:
Blocks: F12Target
  Show dependency treegraph
 
Reported: 2009-10-03 04:40 EDT by David Woodhouse
Modified: 2009-10-09 05:19 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-10-09 04:40:34 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Patch (830 bytes, patch)
2009-10-03 04:48 EDT, David Woodhouse
no flags Details | Diff

  None (edit)
Description David Woodhouse 2009-10-03 04:40:16 EDT
As soon as the openconnect VPN client tries to call SSL_read() on a DTLS connection, it goes into an endless loop.

GDB is useless...

(gdb) bt
#0  0xffffffffff60013b in ?? ()
#1  0x00007fff4c765610 in ?? ()
#2  0x00007fff4c7ff644 in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

The fix is already in the 1.0.0 branch in CVS; it's the second hunk of RT#1993:
http://rt.openssl.org/Ticket/Display.html?id=1993&user=guest&pass=guest

--- ssl/d1_pkt.c 2009-07-13 13:44:04.000000000 +0200
+++ ssl/d1_pkt.c 2009-07-23 12:47:41.000000000 +0200
@@ -775,7 +775,7 @@
/* Check for timeout */
if (dtls1_is_timer_expired(s))
{
- if (dtls1_read_failed(s, -1) > 0);
+ if (dtls1_read_failed(s, -1) > 0)
goto start;
}
Comment 1 David Woodhouse 2009-10-03 04:48:13 EDT
Created attachment 363544 [details]
Patch
Comment 2 David Woodhouse 2009-10-08 12:37:06 EDT
Is it OK for me to commit this patch and build a new package?

This bug has broken my VPN connectivity under F-12.
Comment 3 Tomas Mraz 2009-10-08 14:01:37 EDT
I'll commit&build it but we will also need a releng request to tag it into F-12.
Comment 4 Tomas Mraz 2009-10-09 04:40:34 EDT
Built as openssl-1.0.0-0.beta3.9.fc12.
Also created a tag request https://fedorahosted.org/rel-eng/ticket/2417
Comment 5 David Woodhouse 2009-10-09 05:19:20 EDT
VPN works with this package; thanks.

Note You need to log in before you can comment on or make changes to this bug.