Topic: Documented wolfSSL embedded ssl bug fix from old forums
2006-09-22 16:27:10 UTC
It seems that I found a serious bug in yaSSL C library.
When my client calls SSL_Write() with a long msg of length 13173 bytes, the peer server has problem in SSL_Read() to decoding the long msg because the long msg actually arrives at server in 3 pieces.
It seems SSL_read should buffer msgs till complete SSL packet arrives before it goes on decoding.
Please help look into this problem if it is one.
2006-09-22 19:10:02 UTC
Yes, that's right. wolfSSL should buffer incomplete messages like yaSSL does, I'll fix this.
Thanks for the report.
2006-09-22 21:03:24 UTC
It is great. Thanks for the prompt response!
By the way, most functions in the library need some self-protection, eg. verifying input SSL* parameter not null, verifying that incompatible methods parameter of SSL_CTX_new() on either side won't cause core dump. I ignorantly set my SSL server to use TLSv1_client_method() which caused the server to crash in SSL_Accept() or MD5Update().