diff --git a/CMakeLists.txt b/CMakeLists.txt
index d87ec02..762f77b 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -527,13 +527,13 @@ ENDIF(CONNECTION_FILTER)
OPTION(SUPPORT_DTLS "Enables/Disables encryption support for IPFIX messages." OFF)
IF (SUPPORT_DTLS)
- FIND_PACKAGE(OpenSSL 1.0.0)
+ FIND_PACKAGE(OpenSSL)
IF (NOT OPENSSL_FOUND)
MESSAGE(FATAL_ERROR "Could not find openssl. Please install the library or turn off SUPPORT_DTLS")
ENDIF (NOT OPENSSL_FOUND)
- IF (NOT (${OPENSSL_VERSION} VERSION_LESS 1.1.0))
- MESSAGE(FATAL_ERROR "openssl version must be less than 1.1.0")
- ENDIF (NOT (${OPENSSL_VERSION} VERSION_LESS 1.1.0))
+ IF (NOT (${OPENSSL_VERSION} VERSION_GREATER_EQUAL 1.1.0))
+ MESSAGE(FATAL_ERROR "openssl version must be 1.1.0 or higher")
+ ENDIF (NOT (${OPENSSL_VERSION} VERSION_GREATER_EQUAL 1.1.0))
INCLUDE_DIRECTORIES(${OPENSSL_INCLUDE_DIR})
TARGET_LINK_LIBRARIES(vermont ${OPENSSL_LIBRARIES})
ADD_DEFINITIONS(-DSUPPORT_DTLS)
diff --git a/configs/dtls/dtls_exporter.xml b/configs/dtls/dtls_exporter.xml
index 6b9b39e..4e70e36 100644
--- a/configs/dtls/dtls_exporter.xml
+++ b/configs/dtls/dtls_exporter.xml
@@ -3,7 +3,7 @@
2
- ../sample_data/sample1.cap
+ wlp2s0
ip
2
@@ -69,7 +69,7 @@
3600
127.0.0.1
- DTLS_OVER_SCTP
+ DTLS_OVER_UDP
collector.example.com
60000
diff --git a/configs/dtls/dtls_printer.xml b/configs/dtls/dtls_printer.xml
index 0420f0b..c49b1e6 100644
--- a/configs/dtls/dtls_printer.xml
+++ b/configs/dtls/dtls_printer.xml
@@ -5,8 +5,8 @@
configs/example_certs/vermontCA.pem
/etc/ssl/certs
- DTLS_OVER_SCTP
-
+
+ DTLS_OVER_UDP
diff --git a/configs/example_certs/collector_cert.pem b/configs/example_certs/collector_cert.pem
index 7f91ef8..b26af33 100644
--- a/configs/example_certs/collector_cert.pem
+++ b/configs/example_certs/collector_cert.pem
@@ -1,57 +1,29 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 3 (0x3)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: CN=Vermont example CA
- Validity
- Not Before: Mar 3 17:34:16 2009 GMT
- Not After : Feb 26 17:34:16 2029 GMT
- Subject: CN=Collector
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:c8:a8:bc:ed:e1:4a:1c:e6:7c:db:f2:41:26:99:
- 0c:97:9f:52:4f:4f:ec:06:35:2f:32:ec:3c:88:13:
- b2:d3:88:83:00:d9:5b:a2:58:be:25:3c:16:67:92:
- 61:1e:7e:3d:9a:7a:01:7d:ca:71:76:f3:96:74:80:
- ec:78:3c:32:26:13:3a:d8:02:60:23:2d:b5:e5:88:
- 93:93:86:f9:cb:c4:f4:7f:40:53:14:2a:9a:65:f5:
- 9e:6f:7d:52:7f:ae:f2:b5:2f:9a:54:23:fc:fa:ed:
- 57:4a:23:c7:f9:87:e6:1f:e4:d3:47:45:c6:4a:2e:
- 94:38:ae:51:c8:06:7d:4f:05
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 48:B1:AF:25:4D:6C:97:56:64:84:2F:3F:F7:E6:CD:26:C9:95:0F:E9
- X509v3 Authority Key Identifier:
- keyid:F9:79:19:E7:91:26:27:24:EC:78:65:8C:BB:CD:10:8F:A2:1A:DC:05
-
- X509v3 Subject Alternative Name:
- DNS:collector.example.com
- Signature Algorithm: sha1WithRSAEncryption
- 5e:63:1a:f2:ff:c0:dd:b6:3f:ef:f0:14:3d:6c:67:95:e1:ab:
- 1a:ef:e8:16:fc:0d:f6:4f:2e:7d:05:2f:02:ff:27:d0:f0:0a:
- dd:fe:9a:f7:d3:bb:43:2c:9c:f6:50:6f:ec:00:03:b0:f4:86:
- 77:3c:0b:86:fb:09:c7:76:75:0e:19:44:21:11:c7:1b:5b:d8:
- 1c:59:ae:49:79:e0:5e:b1:6c:34:c9:b1:a1:61:70:6a:32:05:
- b8:c5:60:01:a5:ab:36:1b:4f:41:32:a0:90:e9:7c:ea:3c:45:
- 0f:47:7a:c4:cb:b7:8a:5f:51:4f:d2:c8:14:e8:bc:e3:99:2b:
- 3a:2a
-----BEGIN CERTIFICATE-----
-MIICFjCCAX+gAwIBAgIBAzANBgkqhkiG9w0BAQUFADAdMRswGQYDVQQDExJWZXJt
-b250IGV4YW1wbGUgQ0EwHhcNMDkwMzAzMTczNDE2WhcNMjkwMjI2MTczNDE2WjAU
-MRIwEAYDVQQDEwlDb2xsZWN0b3IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-AMiovO3hShzmfNvyQSaZDJefUk9P7AY1LzLsPIgTstOIgwDZW6JYviU8FmeSYR5+
-PZp6AX3KcXbzlnSA7Hg8MiYTOtgCYCMtteWIk5OG+cvE9H9AUxQqmmX1nm99Un+u
-8rUvmlQj/PrtV0ojx/mH5h/k00dFxkoulDiuUcgGfU8FAgMBAAGjbzBtMAkGA1Ud
-EwQCMAAwHQYDVR0OBBYEFEixryVNbJdWZIQvP/fmzSbJlQ/pMB8GA1UdIwQYMBaA
-FPl5GeeRJick7HhljLvNEI+iGtwFMCAGA1UdEQQZMBeCFWNvbGxlY3Rvci5leGFt
-cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQBeYxry/8Ddtj/v8BQ9bGeV4asa7+gW
-/A32Ty59BS8C/yfQ8Ard/pr307tDLJz2UG/sAAOw9IZ3PAuG+wnHdnUOGUQhEccb
-W9gcWa5JeeBesWw0ybGhYXBqMgW4xWABpas2G09BMqCQ6XzqPEUPR3rEy7eKX1FP
-0sgU6LzjmSs6Kg==
+MIIE7zCCAtegAwIBAgIUKj7HWWW8djC+TQvrBR3N3FDkI2gwDQYJKoZIhvcNAQEL
+BQAwHTEbMBkGA1UEAwwSVmVybW9udCBleGFtcGxlIENBMB4XDTIwMDQxMTA1NTYw
+NFoXDTIwMDUxMTA1NTYwNFowIDEeMBwGA1UEAwwVY29sbGVjdG9yLmV4YW1wbGUu
+Y29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0iZwtlWCcbIQ8eQP
+qypj53NgJ3lmKf+YtbNEauEEP8sRlxw5GbXl0PsQ2lwFOcUqZbxs2Awcspo8tIBi
+CZFkEyTrrl0UhP+qQVvn54Aa5bt419FnZDMyrjXh/5D2NHdxNTFj6xpHhAzwv3b1
++1hFYi8p9aL98UMDJGJm+6uJMiiNd8+kIGCbp7w1Qhdp5W0/jCNe+SKlPQTvUQrl
+eR4IpQM8Sqg+H8KRIc0S4/L3FXoHexIO9sHzgk+/++gbh/GsGQVlueLQHNG/gQRX
+rd5pdvevKXLbO28Qx1ZM0VLK1gUhxdx60Kh1RADah2PEgtjusX+YGSqmJXT+i6mh
+an0Qpai1WwbOLvGG6K8mz+YZ5i73+vxywax6dq/v26aC458ViWVGMm4/BDApxi+q
+zqgpFZgs/WR9o+ofp7bnzZPk9XyuSO4wxeP0NkE2Gxy6AW0Vx+hT8wvzLPiM283Y
+wDUhTzwLPXqfG2DBCHLkfqgijC5Hje1dlJkQI1Qzx5Iv02p5UqYUJlc8nAsvdyK3
+99yjWUyt5RcsHbp1Qopw+I9iiofXgEUx7SGWE0IzMYDFxw/E9afFSuNSczObVxWa
+8CxyerpLCSR8JqK8y1zmMwDPPA9ZPUb4EAhT87N62H/WWBUEWxnC3KWDlpKd63Ab
+4+sNPoCZ9M8rjwfuMYI6nWCdsikCAwEAAaMkMCIwIAYDVR0RBBkwF4IVY29sbGVj
+dG9yLmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4ICAQBiZNCZQBl6TEKoVh8g
+CFMyV1dyZAizmV8m3ZIVvS+rwl+bIxxbyLq+J8Y/uAeJVmSh/djaVDrJffksF7E+
+bDuw/IU2wmsGWtsmrWGpZJHZpV26WZBbLFgq6Gc0C04gCcgLOIYPGbOv/6TC/WXJ
+CIcAwjryaoK1zER4lxDFX/qX8Wqb7t9lcNIdjrsWB+YiQUzKa/sVvkbQ8yso54jI
+jqz0f9JPXMnYtb3XXEg8iCIxIdbQFKYb8MsdiBEcRITKz0el09BusaMZ9qwi4ikx
+3I+7+5hjVtmC4gfoQmmmvdLOsFMTX0Y5cWuLDyw2SuWBOyg5HcucXTH29IQIJb9i
+1puar1V59yuJlJEUkpcVMU3wm6QiMabc+hJ0YQSKCEUo7zphtj05b09qsHOjH38b
+COJKh2SZoQxI9yPkisWap97/Tu9w+5U1DD5wawRd0HaI0DS0xQqS5e6TL3afwMEZ
++J3hW0lh7pun/UjwXN2gZaGpQdPRKVkRVV1s6Kj7v3zd9pGKOxZQPG/loup0QSke
+PemLiYEzdXHukN9wtBktNZ8Uau5goXugl+kcX4WdwzA+5jB9jQxLtL18odYjQowO
+1JSFE9ZnFveik4IRY/L2zQSRQvHOEiPUEl8dHtHvcQliiWcR210FJ6urfv02by+K
+AJwJA1IxBZIrzFknHeE4JpoatA==
-----END CERTIFICATE-----
diff --git a/configs/example_certs/collector_key.pem b/configs/example_certs/collector_key.pem
index ccfc794..396901f 100644
--- a/configs/example_certs/collector_key.pem
+++ b/configs/example_certs/collector_key.pem
@@ -1,15 +1,51 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDIqLzt4Uoc5nzb8kEmmQyXn1JPT+wGNS8y7DyIE7LTiIMA2Vui
-WL4lPBZnkmEefj2aegF9ynF285Z0gOx4PDImEzrYAmAjLbXliJOThvnLxPR/QFMU
-Kppl9Z5vfVJ/rvK1L5pUI/z67VdKI8f5h+Yf5NNHRcZKLpQ4rlHIBn1PBQIDAQAB
-AoGAIGWF404tXg8kd4pcVHP/YXd6nY2EyNfLYAheGYY8qARxSjDNp592S6Kw51Xt
-0jOFlKxAE2Qc/5yCXRr3ks39NnlJkdxYPehjobIemFlr/rW85S5Qds9gjV0VBbnd
-ouozSi9Onk/yOkB8jd71aKuKvzy07IOK9kW/RrVcqu8G5IECQQDp30a+LlPftiwo
-7KC9o08OapTOROcnvRPOql3UrTzQYZbaSSUT589UMS6FyAxayAdVb92VwLsubyBc
-3J1QGdLlAkEA26T+XFBWPsq2WvnBERb/g5Ik0kKy26ME1gObOvbG8zlO2kUF95vz
-t19LaakgUv7qMV2HPeK5J3KHq05mgQUpoQJAIAyV8Df/DHg1gwIyYOqBSfN3IvE0
-UDDMBxU3uI5o+BF3j8BYUWsB8YKv4mtwrfwdbSrgTcZUoF9gKvmcoT54tQJAWa2m
-BP7wF7cgeUib4WRocsnKquZ8rFyE7vSN/qcfV9NANLIV26EbAvWvjrZ08i4OZJVx
-UH0vZ8HFTtY119vJwQJBAKlXaAAeM3wPYfU+kd0ogQJssCMHLCxTw17RaN21Io9p
-AHM+elYKJgkInoCynGV+s/Ajs5FB62rLJs3GBKi+clY=
+MIIJKgIBAAKCAgEA0iZwtlWCcbIQ8eQPqypj53NgJ3lmKf+YtbNEauEEP8sRlxw5
+GbXl0PsQ2lwFOcUqZbxs2Awcspo8tIBiCZFkEyTrrl0UhP+qQVvn54Aa5bt419Fn
+ZDMyrjXh/5D2NHdxNTFj6xpHhAzwv3b1+1hFYi8p9aL98UMDJGJm+6uJMiiNd8+k
+IGCbp7w1Qhdp5W0/jCNe+SKlPQTvUQrleR4IpQM8Sqg+H8KRIc0S4/L3FXoHexIO
+9sHzgk+/++gbh/GsGQVlueLQHNG/gQRXrd5pdvevKXLbO28Qx1ZM0VLK1gUhxdx6
+0Kh1RADah2PEgtjusX+YGSqmJXT+i6mhan0Qpai1WwbOLvGG6K8mz+YZ5i73+vxy
+wax6dq/v26aC458ViWVGMm4/BDApxi+qzqgpFZgs/WR9o+ofp7bnzZPk9XyuSO4w
+xeP0NkE2Gxy6AW0Vx+hT8wvzLPiM283YwDUhTzwLPXqfG2DBCHLkfqgijC5Hje1d
+lJkQI1Qzx5Iv02p5UqYUJlc8nAsvdyK399yjWUyt5RcsHbp1Qopw+I9iiofXgEUx
+7SGWE0IzMYDFxw/E9afFSuNSczObVxWa8CxyerpLCSR8JqK8y1zmMwDPPA9ZPUb4
+EAhT87N62H/WWBUEWxnC3KWDlpKd63Ab4+sNPoCZ9M8rjwfuMYI6nWCdsikCAwEA
+AQKCAgEAq6EhZIippFmdZTCxa0WPmjOsUBDh02MgQSVLt05WvhMHJrayG8FnFCo4
+NV36Fphka/pbmocp2OQGuBQx/UZ0yP3aTelPHOABGKgK2hLR5NYbd4daPYdi2MzA
+6oxlx6vVFXBk/lnUFpDK/lQVyVTqNan3Rtn7M9Na+Zg0K06JGiHsh/FZReggt/kK
+NhQRNILo53br1eTpttAU88dGaoiQ3tOppf+J3T52cXie+PQxv6SN/4FcH0N/sOmZ
+Dg8ejQRfXX/++LW46hCTqrb1NNb0o2jd8agQTJYEygg9bKeFaQ1/66yJ0WgDfaqE
+zxY4I/Uv3F8sxUEDuIu4aC/92I6TzHuC7HnqH8Kn/gNSK6l+uZ0OTjXisnGG7GVw
+zdrp92dHkg8eTTTX7nhxH8TaoDcImXadRupOQNEp3ScMBxLyl3ek3Q9TpBGR+xgC
+M/hrRR43VIog2CQF0yyAlC9u499esJ+OsSgOjZWVdHGiioLys4yRTLm4e5ujVziq
+usX6fXZPYMqEpXFRSZ+swNrAJ85lqxmI+Qb334nQI7VQdfYAVg3izRHDKV1YQNer
+UlayNuRijcLokPBcUw8Hi/cXVtJLpqROVJLJpzltM/2xeRAtqbxJ3r6QABsXh2LG
+TplxYlJmAy7Ksb4yQFZly04m8kY/Oyv+ZUHnlj/h1cturTdrekECggEBAP2KpQSw
+GQIyfEIUt0wR/7RUOl2Df0pUNsoBQSwNgCHQRLfK7HUkNd/hGKLWPl7InyuDkTTU
+ZC/nyAiUmE/bkHmvEITDVXUquimVq/bGm35TGrt7XSGL+UQzp4omE4W4yPcGJHYa
+P1kLifPzlQeNmZKJaKWZgct9X/sMYoJyBIJKfb6JmyWoNESG+r6mj3hy1u445Hf7
+yre3GYSUlCJ2ANbfiRteDUWyKnxR6CE3yjzXl6pok9RGxBdKecUqeYJ9Dr4dZ0rn
+Bu8+zn3JcGIXAripjVsvF+hmdwcrSpHi9OxYk9T0TClebcsexbRP/eAydQgynwTg
++6AQBkFfPuqedvUCggEBANQwFkZFX72qUjz5E6rWDDBBoUNisqWGPifL4ggqzXQN
+1m2x7kcjF9qMyRIvbwJCv7PHrnXF2tlouYwcsSXWzI91qSdJQ6PPX8SbxCMuKcG0
+ENztPKS3Z87PA2b7Jfzl7qQRqe0pIn28hl0Bpu1olrQhqXwCL/pnVvyfxgRfCG6P
+LsaSEAi9Y+0LPZ9aHWIdwMyY61kHY8fz83dxxnt43i9ZEDkc2Lhugd1L2/MwyjpA
+BkiOsAOPhc7+GyKLwVOk6VrMa5tCnmUgheqfYK1rNco5Uxeo6Tm860zWATe9zQPc
+NkkfJOdW7XfcWTKmfoji7iY51Yyz4BtcMy/Yvq7QheUCggEBAM3OUzFA+Kvt6yuA
+wWFAYv4wOMhby2G8hlTnO83Uj6Pi+UTvtY1I/Wpjv6m+mxY5Z+rce2wU09aHILrG
+U/TO17HOx2vdW2smacMDuXkxslqSfuqcsvZeNtKD04WybrpnSsop9ELh/3X6hdq+
+aMSezoBChe2Wc+OIO/b/EJ+uibZxXSzjakrhBLxzjOphLaiqH4l0KRC0FNOYD2Ct
+cqmefAPvo83RRJjEjPQpUHJWZRWKM5SiGw1+/AGj9MB1P/kKJoNwPr5wVhKyOs+k
+SlN1NkJLb3ELAy8krY3mODu/rOyE4ktEmuYhvqHYsscw/3WTv6gN30MIlXhSSaGa
+/OlaBFkCggEAJI6AV+z92LRuZLjY7ZbhFLNJ8E0h0Ci3rq2OrK+LJBJ6Pf3ounLO
+WkXlIm/vpSkQ1A1z/jBvSwOi7APJdWZzacfws6cIs0E4E6xud00tvoSiXx20VACR
+Lu01fdmJKvAGVFgCuaxbl+QSFhYBx2c8h55BD+9kirShJPb166zfzAR5H5bskkTm
+4WENZdXluBC+NcGm0njWdQ2PhaWhd4ZUaT3j8KMKp4PKdfDq3RQr0ytSqc+DfamN
+eSMIU8RWM233EkCjzWUF2xBmYgzBYD9XThbgPPRJ8judImjAXvUhTCf1ZlWqSv0L
+/pmE+Jf8tuK5+vX917bpxmz1GKoz9/RPDQKCAQEA9RkCWS9eGjoO6oNjdUitheMG
++l9qjqtMs0xOIVUxFWgVv0n9TWbQQdyS4TYfwv4ACaL6ehMZO0ntWWDlRkh/CYSj
+wsH2bueIE5Q7Y2MVOIXiH0nB9K3Vyi9effSPqxFtLNN8H613AluUW+1SFRK0CUYe
+fP1gLbA8p8T4edAEoFug2eGuCz44S51/lmxXrdn/kyj1LTTm4GGyWxxLWhiERjvs
+EcZWixLFpX34zGR0wyIQEMgDjt6tNe8Nz3aMkDBEymKHL4meKCZFlNKyaS4+5x6f
+BLiXcIa7GI1Qvbjkr0SYKpshyNbTI7MA83UYNnFwhcuHPorpToB7vL9c0HdDCw==
-----END RSA PRIVATE KEY-----
diff --git a/configs/example_certs/exporter_cert.pem b/configs/example_certs/exporter_cert.pem
index 4dec6c9..643488a 100644
--- a/configs/example_certs/exporter_cert.pem
+++ b/configs/example_certs/exporter_cert.pem
@@ -1,57 +1,28 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 2 (0x2)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: CN=Vermont example CA
- Validity
- Not Before: Mar 3 17:32:37 2009 GMT
- Not After : Feb 26 17:32:37 2029 GMT
- Subject: CN=Exporter
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:ce:5d:22:d0:1b:a0:6d:55:48:6c:7b:3e:51:0e:
- 4e:43:fd:20:0d:ee:f1:62:cc:bd:fd:1b:bf:d0:0b:
- 38:9b:a0:a7:d2:74:1e:36:77:d5:3b:82:4a:6a:09:
- 80:c4:13:25:4d:29:5d:b5:a8:39:8d:3e:27:36:c9:
- 8e:45:d1:84:b0:1d:ce:91:9b:75:dd:b6:55:a9:f6:
- ec:bd:d5:70:b8:c8:63:c9:37:50:e3:2e:89:92:95:
- 7f:eb:5e:54:d3:6f:67:7a:12:f4:12:2d:b5:95:0d:
- d5:7d:82:33:88:f8:af:40:f8:63:10:c4:37:ae:f8:
- 29:39:00:3a:4e:57:2c:0c:25
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 8E:8A:F0:5D:3A:B5:49:95:8F:E4:66:CB:64:86:97:94:67:65:A6:4F
- X509v3 Authority Key Identifier:
- keyid:F9:79:19:E7:91:26:27:24:EC:78:65:8C:BB:CD:10:8F:A2:1A:DC:05
-
- X509v3 Subject Alternative Name:
- DNS:exporter.example.com
- Signature Algorithm: sha1WithRSAEncryption
- 0d:a8:6e:94:38:87:ad:80:91:b7:5e:4f:1c:8a:09:2d:09:67:
- fe:ff:25:9e:a3:03:78:53:5a:da:ff:22:9c:e9:63:af:f2:e2:
- 8e:04:23:92:d8:df:5b:40:0d:a5:2f:df:2b:7c:30:6e:34:88:
- bc:bc:b5:64:2e:3a:8a:3b:c4:77:9f:3e:a0:a8:dc:e6:00:59:
- 2e:48:2f:63:1d:ee:91:d1:9e:fc:70:5b:a2:79:70:64:e7:57:
- 36:de:90:3f:1a:0f:83:0b:2a:e5:8a:06:7f:8f:b3:46:f4:f2:
- f9:1e:7f:bc:39:54:41:8f:94:1f:a8:43:ff:4e:a5:36:34:75:
- 7b:45
-----BEGIN CERTIFICATE-----
-MIICFDCCAX2gAwIBAgIBAjANBgkqhkiG9w0BAQUFADAdMRswGQYDVQQDExJWZXJt
-b250IGV4YW1wbGUgQ0EwHhcNMDkwMzAzMTczMjM3WhcNMjkwMjI2MTczMjM3WjAT
-MREwDwYDVQQDEwhFeHBvcnRlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-zl0i0BugbVVIbHs+UQ5OQ/0gDe7xYsy9/Ru/0As4m6Cn0nQeNnfVO4JKagmAxBMl
-TSldtag5jT4nNsmORdGEsB3OkZt13bZVqfbsvdVwuMhjyTdQ4y6JkpV/615U029n
-ehL0Ei21lQ3VfYIziPivQPhjEMQ3rvgpOQA6TlcsDCUCAwEAAaNuMGwwCQYDVR0T
-BAIwADAdBgNVHQ4EFgQUjorwXTq1SZWP5GbLZIaXlGdlpk8wHwYDVR0jBBgwFoAU
-+XkZ55EmJyTseGWMu80Qj6Ia3AUwHwYDVR0RBBgwFoIUZXhwb3J0ZXIuZXhhbXBs
-ZS5jb20wDQYJKoZIhvcNAQEFBQADgYEADahulDiHrYCRt15PHIoJLQln/v8lnqMD
-eFNa2v8inOljr/LijgQjktjfW0ANpS/fK3wwbjSIvLy1ZC46ijvEd58+oKjc5gBZ
-LkgvYx3ukdGe/HBbonlwZOdXNt6QPxoPgwsq5YoGf4+zRvTy+R5/vDlUQY+UH6hD
-/06lNjR1e0U=
+MIIEtzCCAp8CFCo+x1llvHYwvk0L6wUdzdxQ5CNgMA0GCSqGSIb3DQEBCwUAMB0x
+GzAZBgNVBAMMElZlcm1vbnQgZXhhbXBsZSBDQTAeFw0yMDA0MTAxODQ1MjdaFw0y
+MDA1MTAxODQ1MjdaMBMxETAPBgNVBAMMCEV4cG9ydGVyMIICIjANBgkqhkiG9w0B
+AQEFAAOCAg8AMIICCgKCAgEAsUva4tvqGZiJsfSbpPZfrViRbBTWFUYMxvBccanc
+OQ5J5m+dnr/YVH13wFWN9oL+9s+IdKgnqmoIrxPz2iH45oL9pmdA/zO5PrJ/Ponu
+W77m2+3ZBHZEWMCDrkfTPVkH6c2xT9Nl4p/UVnjit8cMYloEb/2m/pqc23RiIugU
++BIYZg3epyOW3IE36dDcVIBhuCtsNBbACs/JPrRIm6wNdeyIfh7UhNapvLgF0X0Z
+sXzZGVAaEmUq5/AOK9a0eyHqKOuEaRG2K9kfRkljMNbiE0JwPjb2aUb08Xud7WGA
+d3mx3PLcHf/5/LQPQGIoXHR3LF98To3yDXkfHQDnS+YhsyNfHsTuEPHTCN+guAuN
+r0/lXMuk6M9KZjDAyGxUtUGy021GirHtUsguoQtos74W+DcMxazUjvbtFLC5jJeC
+AhCNjBknIHoaL33AGYh6mYJLdtqEqT/9qIrere1h0o/7UoQOUafY1bdPo764kFPc
+GywSrmWlc3r0M4E1iUUmqY4pC2f5/bT5Fh7JplLy+WCNYGts/rbdE2tb/ke3fHuu
+oX0pvUUPeh8SvXhPyTZOtgrbqf0xDTpsWzmWxU7hBRKlk3nKH5ya7Pno3nl12nuo
+NzxdVWOCTwu0ZH14hXDfC51/KiyIIfagELIKz0E+hyOJ26OvnDgV3JFKorS+bWAe
+mzUCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAL3XvhwbtEzxEEIIVTCLxbIFOT3DU
+yv+maU9EUNzwiQ+04dS04rwJ5/hhvbVX7bL0qq2/Q79IMzgdM+gm3vFy4jAyoEL+
+XGqiKlEeQMd4DVkJimf5w0I0WkEZYAI+KAztiJ/D8qIFZIZkNI2AT32h1GC3um8J
+dyuSdfWRRtefU8/k6vQ9tZ6Y83ytHt3Sh6NEHLX7nj4bsPRLzoBghPkx7l8PltTj
+qPSMUOCnrIZMdlhSGbXVMeDD90d9ArQ43OAhdC8ps6ZQJ1Wa0kmKv01AYH/4M5wt
+ctLdDzfpJUm2XmyFIbnfKmyPgVfS/HvM75fpjr7Tt26yydSOYdyrNijQ5MGQ4Zfn
+JdiWvj/Aw8v05kjLWd1fvg8nlGOKz40xpFz76lEXIBQuxbcWgZwPN5ipse6rD3C5
+osigsRB3/77XHhp/vFh7koEUy55VbXlkKyuRTeVZ2IQ+EPo+dhVboniGI2uTVm+E
+xUwv1f2eiGhjYo0iDxVYnvcThta9FYFIFwddaHiaDahXP6UC8QfHJXBaAEIskBqo
+zyLUYOwgLAdmHZbI7SpuBy/otbIqio3sVnUZLMd7Ky9RD9uO+6TIqNW5WfkjD1W4
+qMkFWKvTnDCPnPG/odAFwH+TY/pNJULpzMSMCL/I6ajxdKbOXKJYG926oeDjEdU+
+3rATJZTS6KFlyo8=
-----END CERTIFICATE-----
diff --git a/configs/example_certs/exporter_key.pem b/configs/example_certs/exporter_key.pem
index b157f5d..8f55d8e 100644
--- a/configs/example_certs/exporter_key.pem
+++ b/configs/example_certs/exporter_key.pem
@@ -1,15 +1,51 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDOXSLQG6BtVUhsez5RDk5D/SAN7vFizL39G7/QCziboKfSdB42
-d9U7gkpqCYDEEyVNKV21qDmNPic2yY5F0YSwHc6Rm3XdtlWp9uy91XC4yGPJN1Dj
-LomSlX/rXlTTb2d6EvQSLbWVDdV9gjOI+K9A+GMQxDeu+Ck5ADpOVywMJQIDAQAB
-AoGAKvC8Xrtw7W8yi8g1Vl54sLMKKXwP5HQgEHvmtN6w38lVQniBFOpoh2J8I4Zo
-seQd/eleo38mwpotRLw6C5MmXbNud9IJtS3CJ0ScexhOhrJUKSFRx/aa0F3aUPW/
-QV4FzHHu+Yfmd2sJm4W9JiFWa8KkMNQdJ9Nih4ITCyZapv0CQQD0tIIJbxp+zWbS
-bq8ltz4luN9SDp1kgju/h8DFKsJhHZssxkBmURfg0O+ZgfixSorL5jtA7rB0AUhG
-vwgeTiI7AkEA1+OUE2CkGip5fkRbOcjHTgtIZ+XoJRkZNkv9KvJ6rucP/oANiLFM
-xV/j/jG5wcK9s0snPg13xrKdTqMa8bRFHwJBAJRP51SiczOReJVoIl3AnzkrwKay
-VvC5Ak+Gju6xiNhlokxT6GpbEhbfa6jlnn6OCGumohkr0eStdknytI/xmUsCQGJN
-3JVeQhswEBZw5eFQDYD6HkRBKg4KebKBs4wk0bxmtp+6i28c3MpbOaP73IvgMyU7
-KWlWFJ5DouG134UEAx0CQQC1AYzV2XRi/g5G3kPD2M0esvItytOa9S7IysWasohc
-ntl3dl62hZhOCJfudppsEn498Y5O8zjq070i/Zzsmxvk
+MIIJJwIBAAKCAgEAsUva4tvqGZiJsfSbpPZfrViRbBTWFUYMxvBccancOQ5J5m+d
+nr/YVH13wFWN9oL+9s+IdKgnqmoIrxPz2iH45oL9pmdA/zO5PrJ/PonuW77m2+3Z
+BHZEWMCDrkfTPVkH6c2xT9Nl4p/UVnjit8cMYloEb/2m/pqc23RiIugU+BIYZg3e
+pyOW3IE36dDcVIBhuCtsNBbACs/JPrRIm6wNdeyIfh7UhNapvLgF0X0ZsXzZGVAa
+EmUq5/AOK9a0eyHqKOuEaRG2K9kfRkljMNbiE0JwPjb2aUb08Xud7WGAd3mx3PLc
+Hf/5/LQPQGIoXHR3LF98To3yDXkfHQDnS+YhsyNfHsTuEPHTCN+guAuNr0/lXMuk
+6M9KZjDAyGxUtUGy021GirHtUsguoQtos74W+DcMxazUjvbtFLC5jJeCAhCNjBkn
+IHoaL33AGYh6mYJLdtqEqT/9qIrere1h0o/7UoQOUafY1bdPo764kFPcGywSrmWl
+c3r0M4E1iUUmqY4pC2f5/bT5Fh7JplLy+WCNYGts/rbdE2tb/ke3fHuuoX0pvUUP
+eh8SvXhPyTZOtgrbqf0xDTpsWzmWxU7hBRKlk3nKH5ya7Pno3nl12nuoNzxdVWOC
+Twu0ZH14hXDfC51/KiyIIfagELIKz0E+hyOJ26OvnDgV3JFKorS+bWAemzUCAwEA
+AQKCAgA5QTHSiQo0cdolqcSJpTaImE1+BcyM2i5OIFj6K8x+cGrVC75vAa0uu8Xs
+SrSpouwLcEG0yojks5FSWLMrAkWKy0p2bmnDAEUWRjZpT8m1vxR2eXzXwAmaT7E2
+muNQsGupyU81ZCNG6C5+LlOo3ZLWQBOmxtci6XM2O4NlmmULJ2zRqDD68LdLRj90
+NoqwjzT/cKZku+QQmcF3imjYPNur9VKux+4BaAEwfI0Edc3ST2scjY2d2yXb+N3a
+sl9eVDl2NXhxJdManedHn3N01i/z4ES3ErDIlq2LPkxl2FLQQnB51cPXvE5SmSND
+u28lTEcgAUX3aEd+qlqt1xjandrLoJ51mSYjS01v8CHC3aqF0dIhEtjvkRAHfQc5
+2WX5T/7265EM9Gdakj3ahvj7BxyCx3OE/D/AP+hCBo8IrRAlgwaXVf/MKKgkcuwC
+Xgzbp0xU69BAA7URtyQ0UlTp1WAtflMJnP87yORmpMfq7kp8wq8l59GeikueBaRb
+4C+W2hJRrZl/qVsEeVdpkU5QH8/we7z2UJ9Lw3q9Sq/vqds8LUSeb6ioPuqgDyYE
+s5q5kKMKLc6c27ZdjOL34Xh8MtMMdFKR40wjgdk/dWXeBvBxdH4WtFOnV7NvnxcP
+e7ybrR4V3QP1rMUp+RtydaLwSwujNRsnZSjF9iyeUWiAy3w2EQKCAQEA6zRkbpKA
+UrIFBZR1Ne3j2NCv9S3ZBhN5xkkXLXcON9eyzeY9ClFQTNdPIoadRNzSyPzCM/DC
+xZWW7epKHZkGc3DXxgLNzaMLWSlNjmcSIDnaVNpUk8bArapQlIjTtHpn1a8+rHNL
+2KFSmoAjfkE4/LjzjcaXlCMQqIAhgMSENmEgPdNCJ4Wjn5LuQZVlf4QMLq3QnNdt
+tDreW5yKr1yS2pwzOHTR85WNOvnOuG8cP+nKbTrfj76MWdn06AUOSyMGv2ZKw10Z
+iPcFltHWE9ZNhlbF7iZ5KKUSOiqXyspZl7nZ68kC1nfv2y1cRBHyaTI/kQbuyE3o
+Y6TdxgHJiPCSFwKCAQEAwPjEywPKeLQD1TBeIUexk1ZxQ+Kv3Vjh51zBix8I8akc
+hxZ2hYsWcfMPFNJjHN4YzVnwaWXldA6mXpfq5mCOnU3uSB7tHC42iklqQ7nmpj36
+GFoD65Wf3barXB9w0pObTRCMLwMdrnz4iTcfS+MJHrUexNAfKA+YmRppsiYpSlDl
+mfoPE8fzufQPGh/e5aHU/bu4UNJbBnLuy5OJmwfPusieqFChZrmJJeSRbifS8Skw
+yfbrmChAuw5hWudpKuZf7puwMwSNvn7GLVRiTymg4bjRIn8o6/ovin5H/w7ZGJIi
+r57p5PLfZYhMaeyw0KXqivYiYIm+GQE1i85GBiYIkwKCAQAg9dadKCqTbB8ICSXj
+yNKFL7l4wlQHZfNKtjNpS6XSbYfBEuK672oxWnrce8DORaPERqdwX+zrg2sDLDH2
+s9sTklyqgvoUNyT/+anEquz/Vxwhh/cSPmgB7jwclJAWWpDygPxnbkDSusi4nfxb
+VQiHYeO/mnTjbYaIFmybfu6IMFQ0VcaPg0rKsexxhF4U4IxUfkcds5LMDvPaIrXM
+nUx3FiyXXMePOwXvndI6RlfPHRQg+n8ZxbolXUXUveCi5uWrLMqNVh6d8v/1grJd
+VUrH6KEUHpAcAgXr4MwkvvaPLJw9To33QBd8v36Oi3VNCJ2f1TjhGQnX7OKnPNjh
+N9VBAoIBADzCV1xAvlCRBZ/rkcfSxhPJJPKl/o+oO8DYUMxYIj3M7IGQThMwPwnz
+6Oy6baCaQZ7u0aauAbgwIKwqEzkkb+MRtZQZwLidyGh0QzQ95WS0oPln5lIYE3UA
+3iWsdJ6pAT4blrf6uC7HhI3XwE/plWaIyr5XdWfsuTSDv4HrSBbxL8nylSq6S4Bi
+WxrzrAALm3+kyp0QDr8SEyQgOTSKGhsKrgH7GUa55nf65tuTSHTMbmM5DucizXbY
+SUkREekDDnOXq7v0lBjF2+pL5oRcbB6GTbsZ5K2gYbWum0awyyRUZv17ANQosLRM
+XRsA/o9DnnzQkPRqimNfIRf7A8tN0GcCggEACifNcjNWCjSBqLPo7Ssj9+WFYFHT
+Lx6taf2w+DWUwei2tKucK3JYZvKIFOURZhRVpx3vbZqIGeiRogl7APA5yAkEdF/u
+YIcUlbfWpCGW3ayW7BqR7JuWJOZX8m1ImwZ3PXzw8hD0rOrQ4+MTc4gwQ6ktIda0
+dQo8p0RsGf88+43SXpsc/gWCWftaYKvaXZYtkAR9zDXrx/rGCA7pnOplPwvvW2Yl
+0KpMpVngtpYoqUmQdghsc0ILtZ4udBo1agqinrbIhXtArD/gFmFeFnfHZ7TLk+8c
+bfTFn3rPwy6dypCddFuD8ots9mAI+V0atmTI9DS877vake5GMS9MHdqdlQ==
-----END RSA PRIVATE KEY-----
diff --git a/configs/example_certs/vermontCA.pem b/configs/example_certs/vermontCA.pem
index 5f254af..666b049 100644
--- a/configs/example_certs/vermontCA.pem
+++ b/configs/example_certs/vermontCA.pem
@@ -1,14 +1,30 @@
-----BEGIN CERTIFICATE-----
-MIICNjCCAZ+gAwIBAgIJAPzZNYkMsvubMA0GCSqGSIb3DQEBBQUAMB0xGzAZBgNV
-BAMTElZlcm1vbnQgZXhhbXBsZSBDQTAeFw0wOTAzMDMxNzIzMDRaFw0yOTAyMjYx
-NzIzMDRaMB0xGzAZBgNVBAMTElZlcm1vbnQgZXhhbXBsZSBDQTCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEApZJqq1NMAZRMOJbIxCcHCNmb4dX4bfhvVknhJDig
-vbwkBBhjEwHjobiFdEntaySUO/VxlXO9SrbyuF+39gNqtxkJvl2AQ1cy826s7aX3
-deE+A9LoC8WRiEX8bwqwQCDbHF5Ue3yjZVrtScyAgURuGePdGBla9shgpKqZf9yR
-W9ECAwEAAaN+MHwwHQYDVR0OBBYEFPl5GeeRJick7HhljLvNEI+iGtwFME0GA1Ud
-IwRGMESAFPl5GeeRJick7HhljLvNEI+iGtwFoSGkHzAdMRswGQYDVQQDExJWZXJt
-b250IGV4YW1wbGUgQ0GCCQD82TWJDLL7mzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
-DQEBBQUAA4GBADolIeFcm4sX65qS61hS9wZAXnpvCvhu0SFylBLhEYiL+D8QUzx9
-Mtbtwhih60WGb5IBJ6M1QwTTKtSTbPTWK5UoQK2+xjh5IvMVCHDRopCy1jKhIzX7
-/rtFZ9mXyjyLINvf1Q8k8djvXgoGsXQrZdQE4+TRTKVMpn8tFSrFHqEx
+MIIFGzCCAwOgAwIBAgIUOa/NIhdujbRRA4/FSDOL3C08rmAwDQYJKoZIhvcNAQEL
+BQAwHTEbMBkGA1UEAwwSVmVybW9udCBleGFtcGxlIENBMB4XDTIwMDQxMDE4Mjkw
+NFoXDTQwMDQwNTE4MjkwNFowHTEbMBkGA1UEAwwSVmVybW9udCBleGFtcGxlIENB
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvZBSBEXPH/iNtCJfDCFE
+ck7c3d2xKoQ0i50KB99dU0adVfX0p8wwot3sd/OS8LQvfcBBXi3A3TndAsnDrAy4
+HHftY/pyp1zqVMX+sYa1sdlFp/YX0b5Lm8/iLan84Sy9IU5+ITUTdcyqPhj7Bf1W
+qcm3iuBTPXl1PE+P0o3WA6D0QgvYh7ZHQ5nCNJHMtX7RCeCjajVfQXvE3vZe1yxD
+TnsZYl3HXDBKrRPhCAurI53t7vlYaoNMG5pCK+iIackbB90wCrKvoLLla0H85j9g
+AsEcZvntcfmKwt5SwlAz75yZbgAF7DnAati6c1/FOKedtCNIjwvZvTB1rnW3i63H
+Ug1gGmxanA3izelIf525qYfEKkQcuo1nmXMXtuOLSQRteNrrw3F6lP6xcKmqX6qQ
+zQVH3LnXJytIP/gG8MASWtv77NPYiqFVQhVg8MZIggm1I+MnLimo8WJK8P00HlE6
+hlbnMJyBHL7iUOnROOiYdKLn0q8oEw5IeVQlKxyGiGDSeJDLOpQCieXwFJ8Yflmv
+n+JXSACb/B1njATx+/zTCe6KbXrPIgYIgfS1Pd//Jvtp93ZqROEUwoTsKh+wUvd3
+nPGAB+CSHq/lREEQdbai4U2dvfVOoSb3P1gCG7pfM3x9wBdTimj2k5NNw7NVu2w5
+fIfe86HECv9S3ABCmRHYFGkCAwEAAaNTMFEwHQYDVR0OBBYEFPetSx8J3kX7CEEI
+474Dgaet3KdYMB8GA1UdIwQYMBaAFPetSx8J3kX7CEEI474Dgaet3KdYMA8GA1Ud
+EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAIa12xeB2kJW7dSAOwl5sdMZ
+CLLf6U9fPVpVu06KDbwoC/uPJn7dJJfw42YCpCpOUS1uPpUHDZUeuBHWcDDdTwyw
+8jnUuhRJTD5tJ+twjnVM5g6S1oNhh6Y9MB7Z00+SVZ/muu7/g9rvFLUKLFcHJBRt
+cgBps89Cvmz1Fdwg8LGSTacwzmgaBdyXBspPVHX4yuQ1BlpaVk/vQv+HMlTXt6rE
+odsr6FcV3IRd2XIlrFGxFmKsvOsiJzattO+dMyYAcjDoocbofs8w19cPWiwdE672
+EuSIzlymgUvLPea79jlZIDZ6xCWhKlXv9d1EI/EgdpitigdUDBrW1mu0f9Nk0kzA
+VV4pQzuotEZB7SkJWDmJAe26uXvHOuJVo0PEHsvpenetIO4TRQn6bk+B1pYURAcQ
+cHuerWoGWgla8P38vCBmsFFP16ovbnq6p0CxZgIHVd6W12GZgnwxWeiVil8526pP
+vYDYCCW0Pw96nXifINKy4SPH82bZANQBT2y6MVd+CIkdLjR2OWzPqjQqElBw4z5Z
+RoI40Z6uZgV6e/HRkh0J/Af643jkDNRHN9F5dxDFDJe1mH0e9GJ0fNfxxyBXChW5
+qVhFQwIdhX8sRN4mfcyAh6Uc8/uw7YJRe03OZnPXw39rsHD9YxHC1xqEG9dcf1rc
+SX/cWcODQ7YOX0JIvMOH
-----END CERTIFICATE-----
diff --git a/src/common/ipfixlolib/ipfixlolib.c b/src/common/ipfixlolib/ipfixlolib.c
index 5d019aa..ed500fe 100644
--- a/src/common/ipfixlolib/ipfixlolib.c
+++ b/src/common/ipfixlolib/ipfixlolib.c
@@ -578,7 +578,7 @@ int update_collector_mtu(ipfix_exporter *exporter,
int mtu_ssl;
int mtu_bio;
if (col->dtls_connection.dtls_main.ssl) {
- mtu_ssl = col->dtls_connection.dtls_main.ssl->d1->mtu;
+ mtu_ssl = DTLS_get_data_mtu(col->dtls_connection.dtls_main.ssl);
DPRINTF_INFO("MTU got from SSL object: %d",mtu_ssl);
if (mtu_ssl > 0) {
mtu = mtu_ssl;
diff --git a/src/common/ipfixlolib/ipfixlolib_dtls.c b/src/common/ipfixlolib/ipfixlolib_dtls.c
index 865c8b1..33e928f 100644
--- a/src/common/ipfixlolib/ipfixlolib_dtls.c
+++ b/src/common/ipfixlolib/ipfixlolib_dtls.c
@@ -87,7 +87,7 @@ static int ensure_exporter_set_up_for_dtls(ipfix_exporter_certificate *c) {
if (c->ssl_ctx) return 0;
/* This SSL_CTX object will be freed in deinit_openssl_ctx() */
- if ( ! (c->ssl_ctx=SSL_CTX_new(DTLSv1_client_method())) ) {
+ if ( ! (c->ssl_ctx=SSL_CTX_new(DTLS_client_method())) ) {
msg(LOG_CRIT, "Failed to create SSL context");
msg_openssl_errors();
return -1;
@@ -262,7 +262,7 @@ int setup_dtls_connection(ipfix_exporter *exporter, ipfix_receiving_collector *c
if (col->protocol != DTLS_OVER_SCTP)
#endif
(void)BIO_ctrl(bio,BIO_CTRL_DGRAM_MTU_DISCOVER,0,0);
- (void)BIO_ctrl_set_connected(bio,1,&col->addr); /* TODO: Explain, why are we doing this? */
+ (void)BIO_ctrl_set_connected(bio,&col->addr); /* TODO: Explain, why are we doing this? */
SSL_set_bio(con->ssl,bio,bio);
// connect (non-blocking, i.e. handshake is initiated, not terminated)
if((connect(con->socket, (struct sockaddr*)&col->addr, sizeof(col->addr) ) == -1) && (errno != EINPROGRESS)) {
diff --git a/src/common/openssl/OpenSSL.cpp b/src/common/openssl/OpenSSL.cpp
index 17bdf2e..534b357 100644
--- a/src/common/openssl/OpenSSL.cpp
+++ b/src/common/openssl/OpenSSL.cpp
@@ -8,6 +8,7 @@
#include
#include
#include
+#include
namespace { /* unnamed namespace */
Mutex m;
@@ -211,7 +212,7 @@ int check_x509_cert(X509 *peer, int (*cb)(void *context, const char *dnsname), v
return 0;
}
- dnsname = (char *) ASN1_STRING_data(gn->d.ia5);
+ dnsname = (char *) ASN1_STRING_get0_data(gn->d.ia5);
len = ASN1_STRING_length(gn->d.ia5);
while(len>0 && dnsname[len-1] == 0) --len;
diff --git a/src/common/openssl/SSLCTXWrapper.cpp b/src/common/openssl/SSLCTXWrapper.cpp
index 3754676..de0b8f6 100644
--- a/src/common/openssl/SSLCTXWrapper.cpp
+++ b/src/common/openssl/SSLCTXWrapper.cpp
@@ -53,12 +53,17 @@ DH *SSL_CTX_wrapper::get_dh2048() {
};
static unsigned char dh2048_g[]={0x02};
DH *dh;
+ BIGNUM *p, *g;
if ((dh=DH_new()) == NULL) return(NULL);
- dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
- dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
- if ((dh->p == NULL) || (dh->g == NULL))
- { DH_free(dh); return(NULL); }
+ p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+ g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
+ if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
+ DH_free(dh);
+ BN_free(p);
+ BN_free(g);
+ return(NULL);
+ }
return(dh);
}
@@ -88,7 +93,7 @@ SSL_CTX_wrapper::SSL_CTX_wrapper(
bool have_CAs = false;
bool have_cert = false;
ensure_openssl_init();
- ctx = SSL_CTX_new(DTLSv1_server_method());
+ ctx = SSL_CTX_new(DTLS_server_method());
if( ! ctx) {
THROWEXCEPTION("Failed to create SSL_CTX");
}
diff --git a/src/modules/ipfix/IpfixExporterCfg.cpp b/src/modules/ipfix/IpfixExporterCfg.cpp
index 010c078..f3af76b 100644
--- a/src/modules/ipfix/IpfixExporterCfg.cpp
+++ b/src/modules/ipfix/IpfixExporterCfg.cpp
@@ -158,7 +158,7 @@ IpfixSender* IpfixExporterCfg::createInstance()
#ifdef SUPPORT_DTLS
if (pacd) {
pacd->peer_fqdn = NULL;
- const std::set peerFqdns = p->getPeerFqdns();
+ static const std::set peerFqdns = p->getPeerFqdns();
std::set::const_iterator it = peerFqdns.begin();
if (it != peerFqdns.end())
pacd->peer_fqdn = it->c_str();
diff --git a/src/modules/ipfix/IpfixReceiverDtlsUdpIpV4.cpp b/src/modules/ipfix/IpfixReceiverDtlsUdpIpV4.cpp
index 96cb45c..ffc3aff 100644
--- a/src/modules/ipfix/IpfixReceiverDtlsUdpIpV4.cpp
+++ b/src/modules/ipfix/IpfixReceiverDtlsUdpIpV4.cpp
@@ -272,18 +272,18 @@ IpfixReceiverDtlsUdpIpV4::DtlsConnection::DtlsConnection(IpfixReceiverDtlsUdpIpV
memcpy(&clientAddress, pclientAddress, sizeof clientAddress);
- BIO *sbio, *rbio;
+ BIO *wbio, *rbio;
/* create output abstraction for SSL object */
- sbio = BIO_new_dgram(parent.listen_socket,BIO_NOCLOSE);
+ wbio = BIO_new_dgram(parent.listen_socket,BIO_NOCLOSE);
/* create a dummy BIO that always returns EOF */
rbio = BIO_new(BIO_s_mem());
/* -1 means EOF */
BIO_set_mem_eof_return(rbio,-1);
- SSL_set_bio(ssl,rbio,sbio);
+ SSL_set_bio(ssl,rbio,wbio);
SSL_set_accept_state(ssl);
- BIO_ctrl(ssl->wbio,BIO_CTRL_DGRAM_SET_PEER,0,&clientAddress);
+ BIO_ctrl(SSL_get_wbio(ssl),BIO_CTRL_DGRAM_SET_PEER,0,&clientAddress);
}
@@ -388,23 +388,23 @@ int IpfixReceiverDtlsUdpIpV4::DtlsConnection::consumeDatagram(
return 1;
}
#ifdef DEBUG
- if ( ! BIO_eof(ssl->rbio)) {
+ if ( ! BIO_eof(SSL_get_rbio(ssl))) {
msg(LOG_ERR,"EOF *not* reached on BIO. This should not happen.");
}
#endif
- BIO_free(ssl->rbio);
- ssl->rbio = BIO_new_mem_buf(secured_data.get(),len);
- BIO_set_mem_eof_return(ssl->rbio,-1);
+ BIO_free(SSL_get_rbio(ssl));
+ SSL_set_bio(ssl, BIO_new_mem_buf(secured_data.get(),len), SSL_get_wbio(ssl));
+ BIO_set_mem_eof_return(SSL_get_rbio(ssl),-1);
if (state == ACCEPTING) {
ret = accept();
if (ret == 0) return 1;
if (ret == -1) return 0;
#ifdef DEBUG
- if ( ! BIO_eof(ssl->rbio)) {
+ if ( ! BIO_eof(SSL_get_rbio(ssl))) {
msg(LOG_ERR,"EOF *not* reached on BIO. This should not happen.");
}
#endif
- if (BIO_eof(ssl->rbio)) return 1; /* This should always be the case */
+ if (BIO_eof(SSL_get_rbio(ssl))) return 1; /* This should always be the case */
}
boost::shared_array data(new uint8_t[MAX_MSG_LEN]);
ret = SSL_read(ssl,data.get(),MAX_MSG_LEN);