Thanks to all for your useful replies. Comments inline:
2014-08-31 19:14 GMT+02:00 Michael Tuexen <michael.tue...@lurchi.franken.de>: >>> It does not work. I call SSL_write() by passing a very long data >>> (65536) and it still returns -1. So, in case I want to write a big >>> data over a DTLS UDP connection, how can I do that? I expected that > I don't think you can do that. A user message is mapped into a DTLS > message. This is limited by the protocol (I think there is a limit > in the 16 KB range) Yes, I've verified it. The limit is 16 KB which is defined in ssl/ssl3.h: #define SSL3_RT_MAX_PLAIN_LENGTH 16384 > and by the MTU of the path, which is normally > about 1500 bytes. Sending larger frames would require IP level fragmentation, > which normally has to be avoided. Clear. >>> SSL_MODE_ENABLE_PARTIAL_WRITE would work in a way that SSL_write() >>> returns a value suitable for a UDP datagram so I send it and then call >>> SS_write() again by passing the following chuck in my data buffer. >>> >>> Is it a bug? or am I missing something? > Not sure... I think allowing this in the API doesn't make much sense. OK, so it seems that the application is responsible of performing PMTU discovery and then call SSL_write() which a size smaller than the discovered one (given than the encrypted data may be larger). Thanks a lot to all. -- Iñaki Baz Castillo <i...@aliax.net> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
