Is there any output printed on stderr of either side of the connection? -Kyle H
On Sun, Aug 31, 2008 at 6:02 AM, Pau Rodriguez-Estivill <[EMAIL PROTECTED]> wrote: > I already tested with last version and I have the same results: > Here the versions used and the build options: > > OpenSSL 0.9.8h 28 May 2008 > built on: Sun Aug 31 13:56:12 CEST 2008 > platform: linux-x86_64 > options: bn(64,64) md2(int) rc4(8x,int) des(idx,cisc,16,int) > idea(int) blowfish(ptr2) > compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB > -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 > -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int -DOPENSSL_BN_ASM_MONT > -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM > > OpenSSL 0.9.8h 28 May 2008 > built on: Sun Aug 31 14:10:35 CEST 2008 > platform: linux-elf > options: bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) > idea(int) blowfish(idx) > compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB > -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H > -march=pentium -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall > -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM > -DRMD160_ASM -DAES_ASM > > > On Sun, Aug 31, 2008 at 1:20 PM, Pau Rodriguez-Estivill > <[EMAIL PROTECTED]> wrote: >> OpenSSL 0.9.8g 19 Oct 2007 >> And also isn't de official, is the Debian build. >> >> So I'm also going to try last version, you recomend 0.9.8h or last snapshot? >> Thanks. >> >> Pau >> >> On Sun, Aug 31, 2008 at 10:16 AM, Kyle Hamilton <[EMAIL PROTECTED]> wrote: >>> Specifically which version of the openssl library are you using? I'm >>> going to try to dig into this. >>> >>> -Kyle H >>> >>> On Sat, Aug 30, 2008 at 9:45 AM, Pau Rodriguez-Estivill >>> <[EMAIL PROTECTED]> wrote: >>>> Hi! >>>> I have done more tests of this strange data blocks: >>>> I send 2 kinds of blocks one of 1500 bytes (block A) and another of >>>> 48bytes (block B). >>>> A blocks have an identifier. >>>> >>>> The normal way is receive first 1500bytes of A and then 48 of B: >>>> 1: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA (id 515) >>>> 2: B >>>> >>>> But this is what happened when the error occurs: >>>> 1: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA (id 516) >>>> 2: B >>>> 3: A (id 516, 48bytes) >>>> 4: SSL_ERROR_WANT_READ >>>> 5: AA (id 516, 80bytes) >>>> 6: ???????????????????????????????? (1500 bytes, unknown) >>>> 7: A (id 516, 48bytes) >>>> 8: ???????????????????????????????? (1500 bytes, same as 6 but not sure) >>>> >>>> All packets have the same identifier, yes, this is what I can't believe. >>>> And also I don't know from where the 80 bytes block size came from!? >>>> >>>> I hope that with this example, i could make more clear the problem. >>>> >>>> Thanks, for the reply. >>>> >>>> Pau >>>> >>>> On Sat, Aug 30, 2008 at 4:40 AM, Pau Rodriguez Estivill >>>> <[EMAIL PROTECTED]> wrote: >>>>> I always try to do an SSL_read every time I give a new packet to >>>>> OpenSSL library, >>>>> It's true that I only try it once per packet I give. >>>>> >>>>> Maybe I should try SSL_pending after this read, to ensure that aren't >>>>> more data. >>>>> Normally SSL_pending return 0, even before trying to read. >>>>> >>>>> When I call to SSL_read and it give me an error, as I said, the next >>>>> time I call SSL_read it give me a wrong buffer but it's size is >>>>> correct according last SSL_write from the other computer. But at least >>>>> the first bytes of the block are not correct, because it doesn't >>>>> appear as a IPv4 valid packet (I mean an internal packet from the >>>>> inside of the VPN). And also any of the next SSL_reads return a valid >>>>> decoded block or at least not starting from the first byte. And none >>>>> of them return any SSL_* error. >>>>> I really think it could be a problem of buffers management. I also >>>>> don't trust the DTLS implementation just because I know any >>>>> application how make an extensive usage of this >>>>> implementation/protocol. >>>>> >>>>> Maybe anybody can propose a test to get more information about this >>>>> problem. >>>>> >>>>> Thanks, for the reply. >>>>> >>>>> Pau >>>>> >>>> ______________________________________________________________________ >>>> OpenSSL Project http://www.openssl.org >>>> User Support Mailing List openssl-users@openssl.org >>>> Automated List Manager [EMAIL PROTECTED] >>>> >>> ______________________________________________________________________ >>> OpenSSL Project http://www.openssl.org >>> User Support Mailing List openssl-users@openssl.org >>> Automated List Manager [EMAIL PROTECTED] >>> >> > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
