diff --git a/ChangeLog b/ChangeLog index c2ee6ea..cdc210e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2017-03-17 Björn Freise + + Updating openSSL libs to v1.0.2l-dev + + * dtls/openssl.py: Added mtu-functions SSL_set_mtu() and DTLS_set_link_mtu() + * dtls/prebuilt/win32-*: Updated libs for x86 and x86_64 to version 1.0.2l-dev + * dtls/sslconnection.py: mtu size set hardcoded to 1500 - otherwise the windows implementation has problems + 2017-03-17 Björn Freise Added interface for SSL_CTX_set_info_callback() diff --git a/dtls/openssl.py b/dtls/openssl.py index 52142fb..b95138a 100644 --- a/dtls/openssl.py +++ b/dtls/openssl.py @@ -77,18 +77,19 @@ else: libcrypto = CDLL("libcrypto.so.1.0.0") libssl = CDLL("libssl.so.1.0.0") -# -# Integer constants - exported -# -BIO_NOCLOSE = 0x00 -BIO_CLOSE = 0x01 -SSLEAY_VERSION = 0 -SSL_OP_NO_COMPRESSION = 0x00020000 -SSL_VERIFY_NONE = 0x00 -SSL_VERIFY_PEER = 0x01 -SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 0x02 -SSL_VERIFY_CLIENT_ONCE = 0x04 -SSL_SESS_CACHE_OFF = 0x0000 +# +# Integer constants - exported +# +BIO_NOCLOSE = 0x00 +BIO_CLOSE = 0x01 +SSLEAY_VERSION = 0 +SSL_OP_NO_QUERY_MTU = 0x00001000 +SSL_OP_NO_COMPRESSION = 0x00020000 +SSL_VERIFY_NONE = 0x00 +SSL_VERIFY_PEER = 0x01 +SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 0x02 +SSL_VERIFY_CLIENT_ONCE = 0x04 +SSL_SESS_CACHE_OFF = 0x0000 SSL_SESS_CACHE_CLIENT = 0x0001 SSL_SESS_CACHE_SERVER = 0x0002 SSL_SESS_CACHE_BOTH = SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_SERVER @@ -130,6 +131,7 @@ SSL_CB_HANDSHAKE_DONE = 0x20 # # Integer constants - internal # +SSL_CTRL_SET_MTU = 17 SSL_CTRL_OPTIONS = 32 SSL_CTRL_SET_READ_AHEAD = 41 SSL_CTRL_SET_SESS_CACHE_MODE = 44 @@ -144,6 +146,7 @@ BIO_C_SET_NBIO = 102 DTLS_CTRL_GET_TIMEOUT = 73 DTLS_CTRL_HANDLE_TIMEOUT = 74 DTLS_CTRL_LISTEN = 75 +DTLS_CTRL_SET_LINK_MTU = 120 X509_NAME_MAXLEN = 256 GETS_MAXLEN = 2048 @@ -504,7 +507,7 @@ __all__ = [ # Constants "BIO_NOCLOSE", "BIO_CLOSE", "SSLEAY_VERSION", - "SSL_OP_NO_COMPRESSION", + "SSL_OP_NO_QUERY_MTU", "SSL_OP_NO_COMPRESSION", "SSL_VERIFY_NONE", "SSL_VERIFY_PEER", "SSL_VERIFY_FAIL_IF_NO_PEER_CERT", "SSL_VERIFY_CLIENT_ONCE", "SSL_SESS_CACHE_OFF", "SSL_SESS_CACHE_CLIENT", @@ -524,6 +527,7 @@ __all__ = [ "CRYPTO_set_locking_callback", "DTLSv1_get_timeout", "DTLSv1_handle_timeout", "DTLSv1_listen", + "DTLS_set_link_mtu", "BIO_gets", "BIO_read", "BIO_get_mem_data", "BIO_dgram_set_connected", "BIO_dgram_get_peer", "BIO_dgram_set_peer", @@ -532,6 +536,8 @@ __all__ = [ "SSL_CTX_set_options", "SSL_CTX_set_info_callback", "SSL_read", "SSL_write", + "SSL_set_options", + "SSL_set_mtu", "SSL_state_string_long", "SSL_alert_type_string_long", "SSL_alert_desc_string_long", "SSL_CTX_set_cookie_cb", "OBJ_obj2txt", "decode_ASN1_STRING", "ASN1_TIME_print", @@ -815,16 +821,19 @@ def DTLSv1_handle_timeout(ssl): def DTLSv1_listen(ssl): su = sockaddr_u() - ret = _SSL_ctrl(ssl, DTLS_CTRL_LISTEN, 0, byref(su)) - errcheck_ord(ret, _SSL_ctrl, (ssl, DTLS_CTRL_LISTEN, 0, byref(su))) - return addr_tuple_from_sockaddr_u(su) - -def SSL_read(ssl, length, buffer): - if buffer: - length = min(length, len(buffer)) - buf = (c_char * length).from_buffer(buffer) - else: - buf = create_string_buffer(length) + ret = _SSL_ctrl(ssl, DTLS_CTRL_LISTEN, 0, byref(su)) + errcheck_ord(ret, _SSL_ctrl, (ssl, DTLS_CTRL_LISTEN, 0, byref(su))) + return addr_tuple_from_sockaddr_u(su) + +def DTLS_set_link_mtu(ssl, mtu): + return _SSL_ctrl(ssl, DTLS_CTRL_SET_LINK_MTU, mtu, None) + +def SSL_read(ssl, length, buffer): + if buffer: + length = min(length, len(buffer)) + buf = (c_char * length).from_buffer(buffer) + else: + buf = create_string_buffer(length) res_len = _SSL_read(ssl, buf, length) if buffer: return res_len @@ -841,6 +850,12 @@ def SSL_write(ssl, data): str_data = str(data) return _SSL_write(ssl, str_data, len(str_data)) +def SSL_set_options(ssl, op): + return _SSL_ctrl(ssl, SSL_CTRL_OPTIONS, op, None) + +def SSL_set_mtu(ssl, mtu): + return _SSL_ctrl(ssl, SSL_CTRL_SET_MTU, mtu, None) + def SSL_state_string_long(ssl): try: ret = _SSL_state_string_long(ssl) diff --git a/dtls/prebuilt/win32-x86/libeay32.dll b/dtls/prebuilt/win32-x86/libeay32.dll index 8f8a254..2790b8c 100644 Binary files a/dtls/prebuilt/win32-x86/libeay32.dll and b/dtls/prebuilt/win32-x86/libeay32.dll differ diff --git a/dtls/prebuilt/win32-x86/ssleay32.dll b/dtls/prebuilt/win32-x86/ssleay32.dll index 1a70063..129a31b 100644 Binary files a/dtls/prebuilt/win32-x86/ssleay32.dll and b/dtls/prebuilt/win32-x86/ssleay32.dll differ diff --git a/dtls/prebuilt/win32-x86_64/libeay32.dll b/dtls/prebuilt/win32-x86_64/libeay32.dll index 9724d58..4c99c93 100644 Binary files a/dtls/prebuilt/win32-x86_64/libeay32.dll and b/dtls/prebuilt/win32-x86_64/libeay32.dll differ diff --git a/dtls/prebuilt/win32-x86_64/ssleay32.dll b/dtls/prebuilt/win32-x86_64/ssleay32.dll index 648f388..8f1eb45 100644 Binary files a/dtls/prebuilt/win32-x86_64/ssleay32.dll and b/dtls/prebuilt/win32-x86_64/ssleay32.dll differ diff --git a/dtls/sslconnection.py b/dtls/sslconnection.py index 8814770..dde0b6b 100644 --- a/dtls/sslconnection.py +++ b/dtls/sslconnection.py @@ -404,18 +404,19 @@ class SSLConnection(object): try: peer_address = sock.getpeername() except socket.error: - peer_address = None - if server_side: - post_init = self._init_server(peer_address) - else: - post_init = self._init_client(peer_address) - - SSL_set_bio(self._ssl.value, self._rbio.value, self._wbio.value) - self._rbio.disown() - self._wbio.disown() - if post_init: - post_init() - + peer_address = None + if server_side: + post_init = self._init_server(peer_address) + else: + post_init = self._init_client(peer_address) + + SSL_set_options(self._ssl.value, SSL_OP_NO_QUERY_MTU) + DTLS_set_link_mtu(self._ssl.value, 1500) + SSL_set_bio(self._ssl.value, self._rbio.value, self._wbio.value) + self._rbio.disown() + self._wbio.disown() + if post_init: + post_init() def get_socket(self, inbound): """Retrieve a socket used by this connection