Re: [openssl-users] Setting an OCSP stapling response on a DTLS server result in crash

On 30/08/16 15:26, Matt Caswell wrote: > > > On 29/08/16 17:37, Julien Vermillard wrote: >> I patched s_server to send a fake OCSP content (4 bytes). >> I suppose the server will just push that to the client and the client >> should fail complaining it's not a correct OCSP response. >> But the

Re: [openssl-users] Setting an OCSP stapling response on a DTLS server result in crash

Awesome thanks :) I'll try it. Yes I have the feeling I'm the first user of stapling with DTLS -- Julien Vermillard On Tue, Aug 30, 2016 at 4:26 PM, Matt Caswell wrote: > > > On 29/08/16 17:37, Julien Vermillard wrote: > > I patched s_server to send a fake OCSP content (4 bytes). > > I suppose

Re: [openssl-users] Setting an OCSP stapling response on a DTLS server result in crash

On 29/08/16 17:37, Julien Vermillard wrote: > I patched s_server to send a fake OCSP content (4 bytes). > I suppose the server will just push that to the client and the client > should fail complaining it's not a correct OCSP response. > But the server crash with: > ssl/statem/statem_dtls.c:127:

Re: [openssl-users] Setting an OCSP stapling response on a DTLS server result in crash

Ok - thanks. I'll try and take a look tomorrow. Matt On 29/08/16 17:37, Julien Vermillard wrote: > I patched s_server to send a fake OCSP content (4 bytes). > I suppose the server will just push that to the client and the client > should fail complaining it's not a correct OCSP response. > But t

Re: [openssl-users] Setting an OCSP stapling response on a DTLS server result in crash

I patched s_server to send a fake OCSP content (4 bytes). I suppose the server will just push that to the client and the client should fail complaining it's not a correct OCSP response. But the server crash with: ssl/statem/statem_dtls.c:127: OpenSSL internal error: assertion failed: s->init_num ==

Re: [openssl-users] Setting an OCSP stapling response on a DTLS server result in crash

It's a mix of C and Go, so it's really not minimal, but I'll try to modify s_server to see if I can reproduce it. -- Julien Vermillard On Mon, Aug 29, 2016 at 6:13 PM, Matt Caswell wrote: > > > On 29/08/16 17:08, Julien Vermillard wrote: > > I have a DTLS 1.2 server based on last master (commit

Re: [openssl-users] Setting an OCSP stapling response on a DTLS server result in crash

On 29/08/16 17:08, Julien Vermillard wrote: > I have a DTLS 1.2 server based on last master (commit > d196305aa0de1fc38837c27cb1ea6e60af9dd98d) > I try to add ocsp stapling support (based on code in s_server.c). > > Basicaly in my callback I set the OCSP response by: > > > if (SSL_set_tls

[openssl-users] Setting an OCSP stapling response on a DTLS server result in crash

I have a DTLS 1.2 server based on last master (commit d196305aa0de1fc38837c27cb1ea6e60af9dd98d) I try to add ocsp stapling support (based on code in s_server.c). Basicaly in my callback I set the OCSP response by: if (SSL_set_tlsext_status_ocsp_resp(s,dataPtr,respLen) == 0) { return