[openssl-users] Issue with DTLS for UDP

Grace Priscilla Jero grace.priscilla at gmail.com
Tue Oct 31 06:06:33 UTC 2017


Thankyou for the suggestions. After correcting few options the
"ClientHello" goes successfully but we have failure in "DTLSv1_listen".
There are'nt any cookies in the Client Hello request.
But DTLSv1_listen return error and the failure in see is in
"SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_COOKIE_GEN_CALLBACK_FAILURE);"

We are using 1.1.0f version. Is there a way we can disable cookies?

Thanks,
Grace

On Fri, Oct 27, 2017 at 12:39 PM, Grace Priscilla Jero <
grace.priscilla at gmail.com> wrote:

> Hi Matt,
>
> SSL_get_error()  returns 5.
> It is the same socket using which the UDP connection is established.
> Could you suggest some logging that can be done for OPENSSL.
>
> Thanks,
> Grace
>
>
> On Thu, Oct 26, 2017 at 9:23 PM, Matt Caswell <matt at openssl.org> wrote:
>
>>
>>
>> On 26/10/17 16:43, Grace Priscilla Jero wrote:
>> > Thankyou for the responses.
>> > We figured the issue. But now we are getting error -5 from "SSL_connect"
>> > and the errno is set to 22 which means invalid argument.
>> > Is there a easy way to debug or get logs for SSL_connect.
>> >
>> > Below is the sequence for the dtls udp connect that we are trying.
>> > ssl = SSL_new(ctx)
>> > bio = BIO_new_dgram(sock_id,BIO_NOCLOSE)
>> > SSL_set_bio(ssl, bio, bio);
>> > VI_res = SSL_connect(ssl)
>>
>> Do you really mean SSL_connect() returns -5? Or do you mean that after a
>> negative return value from SSL_connect() you call SSL_get_error() and
>> that return 5 (SSL_ERROR_SYSCALL)?
>>
>> If you really mean SSL_connect() returns -5 then you need to call
>> SSL_get_error() as a next step.
>>
>> If you are getting SSL_ERROR_SYSCALL then my guess is that there is a
>> problem with sock_id. How do create it?
>>
>> Matt
>>
>>
>> >
>> >
>> >
>> > Thanks,
>> > Grace
>> >
>> > On Tue, Oct 24, 2017 at 4:07 PM, Matt Caswell <matt at openssl.org
>> > <mailto:matt at openssl.org>> wrote:
>> >
>> >
>> >
>> >     On 24/10/17 11:25, Grace Priscilla Jero wrote:
>> >     > We are using SSL_accept to accept the connection for which we see
>> the
>> >     > failure. Please let know if you have any thoughts.
>> >
>> >     Have you set the wbio correctly? Does SSL_get_wbio() return your
>> wbio
>> >     object if you call it immediately before SSL_do_handshake()?
>> >
>> >     Matt
>> >
>> >     --
>> >     openssl-users mailing list
>> >     To unsubscribe:
>> >     https://mta.openssl.org/mailman/listinfo/openssl-users
>> >     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>> >
>> >
>> >
>> >
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171031/c08bfcbc/attachment.html>


More information about the openssl-users mailing list