As soon as the openconnect VPN client tries to call SSL_read() on a DTLS connection, it goes into an endless loop. GDB is useless... (gdb) bt #0 0xffffffffff60013b in ?? () #1 0x00007fff4c765610 in ?? () #2 0x00007fff4c7ff644 in ?? () Backtrace stopped: previous frame identical to this frame (corrupt stack?) The fix is already in the 1.0.0 branch in CVS; it's the second hunk of RT#1993: http://rt.openssl.org/Ticket/Display.html?id=1993&user=guest&pass=guest --- ssl/d1_pkt.c 2009-07-13 13:44:04.000000000 +0200 +++ ssl/d1_pkt.c 2009-07-23 12:47:41.000000000 +0200 @@ -775,7 +775,7 @@ /* Check for timeout */ if (dtls1_is_timer_expired(s)) { - if (dtls1_read_failed(s, -1) > 0); + if (dtls1_read_failed(s, -1) > 0) goto start; }
Created attachment 363544 [details] Patch
Is it OK for me to commit this patch and build a new package? This bug has broken my VPN connectivity under F-12.
I'll commit&build it but we will also need a releng request to tag it into F-12.
Built as openssl-1.0.0-0.beta3.9.fc12. Also created a tag request https://fedorahosted.org/rel-eng/ticket/2417
VPN works with this package; thanks.