Deprecate SSL_*_read_ahead and enforce DTLS packet boundaries.

Now that WebRTC honors packet boundaries (, we
can start enforcing them correctly. Configuring read-ahead now does
nothing. Instead DTLS will always set "read-ahead" and also correctly
enforce packet boundaries when reading records. Add tests to ensure that
badly fragmented packets are ignored. Because such packets don't fail
the handshake, the tests work by injecting an alert in the front of the
handshake stream and ensuring the DTLS implementation ignores them.

ssl3_read_n can be be considerably unraveled now, but leave that for
future cleanup. For now, make it correct.


Change-Id: I800cfabe06615af31c2ccece436ca52aed9fe899
Reviewed-by: Adam Langley <>
8 files changed