When the underlying BIO_write() fails to send a datagram, we leave the

offending record queued as 'pending'. The DTLS code doesn't expect this, and we end up hitting an OPENSSL_assert() in do_dtls1_write(). The simple fix is just _not_ to leave it queued. In DTLS, dropping packets is perfectly acceptable -- and even preferable. If we wanted a service with retries and guaranteed delivery, we'd be using TCP. PR: #1703 Submitted by: David Woodhouse <dwmw2@infradead.org>
author: Lutz Jänicke <jaenicke@openssl.org> 2008-10-10 10:41:32 +0000
committer: Lutz Jänicke <jaenicke@openssl.org> 2008-10-10 10:41:32 +0000
commit: ab073bad4fb950f84c02e8660a9c36647d7f476e (patch)
tree: 4f8c9bda422e2d97503d485beb00b569f8c7e199 /ssl/s3_pkt.c
parent: cfe04f607dff03a0069dbeb5d5da21516382bfdd (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 72853a2e72..9476dcddf6 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -753,8 +753,15 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
 			s->rwstate=SSL_NOTHING;
 			return(s->s3->wpend_ret);
 			}
-		else if (i <= 0)
+		else if (i <= 0) {
+			if (s->version == DTLS1_VERSION ||
+			    s->version == DTLS1_BAD_VER) {
+				/* For DTLS, just drop it. That's kind of the whole
+				   point in using a datagram service */
+				s->s3->wbuf.left = 0;
+			}
 			return(i);
+		}
 		s->s3->wbuf.offset+=i;
 		s->s3->wbuf.left-=i;
 		}
author	Lutz Jänicke <jaenicke@openssl.org>	2008-10-10 10:41:32 +0000
committer	Lutz Jänicke <jaenicke@openssl.org>	2008-10-10 10:41:32 +0000
commit	ab073bad4fb950f84c02e8660a9c36647d7f476e (patch)
tree	4f8c9bda422e2d97503d485beb00b569f8c7e199 /ssl/s3_pkt.c
parent	cfe04f607dff03a0069dbeb5d5da21516382bfdd (diff)