[openssl-users] Issue with DTLS for UDP
Matt Caswell
matt at openssl.org
Tue Oct 31 10:20:09 UTC 2017
On 31/10/17 06:06, Grace Priscilla Jero wrote:
> Thankyou for the suggestions. After correcting few options the
> "ClientHello" goes successfully but we have failure in "DTLSv1_listen".
> There are'nt any cookies in the Client Hello request.
> But DTLSv1_listen return error and the failure in see is in
> "SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_COOKIE_GEN_CALLBACK_FAILURE);"
This is most likely because you haven't called
SSL_CTX_set_cookie_generate_cb() first.
> We are using 1.1.0f version. Is there a way we can disable cookies?
Well the whole *point* of calling DTLSv1_listen() is to generate those
cookies. If you don't want cookies, don't call it.
Matt
>
> Thanks,
> Grace
>
> On Fri, Oct 27, 2017 at 12:39 PM, Grace Priscilla Jero
> <grace.priscilla at gmail.com <mailto:grace.priscilla at gmail.com>> wrote:
>
> Hi Matt,
>
> SSL_get_error() returns 5.
> It is the same socket using which the UDP connection is established.
> Could you suggest some logging that can be done for OPENSSL.
>
> Thanks,
> Grace
>
>
> On Thu, Oct 26, 2017 at 9:23 PM, Matt Caswell <matt at openssl.org
> <mailto:matt at openssl.org>> wrote:
>
>
>
> On 26/10/17 16:43, Grace Priscilla Jero wrote:
> > Thankyou for the responses.
> > We figured the issue. But now we are getting error -5 from "SSL_connect"
> > and the errno is set to 22 which means invalid argument.
> > Is there a easy way to debug or get logs for SSL_connect.
> >
> > Below is the sequence for the dtls udp connect that we are trying.
> > ssl = SSL_new(ctx)
> > bio = BIO_new_dgram(sock_id,BIO_NOCLOSE)
> > SSL_set_bio(ssl, bio, bio);
> > VI_res = SSL_connect(ssl)
>
> Do you really mean SSL_connect() returns -5? Or do you mean that
> after a
> negative return value from SSL_connect() you call
> SSL_get_error() and
> that return 5 (SSL_ERROR_SYSCALL)?
>
> If you really mean SSL_connect() returns -5 then you need to call
> SSL_get_error() as a next step.
>
> If you are getting SSL_ERROR_SYSCALL then my guess is that there
> is a
> problem with sock_id. How do create it?
>
> Matt
>
>
> >
> >
> >
> > Thanks,
> > Grace
> >
> > On Tue, Oct 24, 2017 at 4:07 PM, Matt Caswell <matt at openssl.org <mailto:matt at openssl.org>
> > <mailto:matt at openssl.org <mailto:matt at openssl.org>>> wrote:
> >
> >
> >
> > On 24/10/17 11:25, Grace Priscilla Jero wrote:
> > > We are using SSL_accept to accept the connection for which we see the
> > > failure. Please let know if you have any thoughts.
> >
> > Have you set the wbio correctly? Does SSL_get_wbio() return your wbio
> > object if you call it immediately before SSL_do_handshake()?
> >
> > Matt
> >
> > --
> > openssl-users mailing list
> > To unsubscribe:
> > https://mta.openssl.org/mailman/listinfo/openssl-users
> <https://mta.openssl.org/mailman/listinfo/openssl-users>
> > <https://mta.openssl.org/mailman/listinfo/openssl-users
> <https://mta.openssl.org/mailman/listinfo/openssl-users>>
> >
> >
> >
> >
> --
> openssl-users mailing list
> To unsubscribe:
> https://mta.openssl.org/mailman/listinfo/openssl-users
> <https://mta.openssl.org/mailman/listinfo/openssl-users>
>
>
>
>
>
More information about the openssl-users
mailing list