[openssl-users] DTLS over UDP
Nivedita
maddi.nivedita at gmail.com
Thu Feb 15 10:47:38 UTC 2018
Hi Michael,
Please find the response inline.
Regards,
Nivedita
On Wed, Feb 14, 2018 at 10:55 PM, Michael Richardson <mcr at sandelman.ca>
wrote:
>
> Nivedita <maddi.nivedita at gmail.com> wrote:
> > Hi Michael,
>
> > Thanks for the reply.
>
> > I have mentioned the answers below.
>
> >okay. I saw only one comment. Maybe you could use standard usenet
> quoting?
> >Tell me a bit more about what you are working on?
> >I'm trying to make CoAP+DTLS work with the ruby-on-rails "David" CoAP
> server.
>
Nivedita - We are using c and Socket programming to establish dtls over
udp for sip communication.
> > Nivedita <maddi.nivedita at gmail.com> wrote:
> >> I am trying to establish DTLS over UDP connection by using
> >> DTLSv1_listen method .
>
> >> I have followed the below steps - 1. Created a server socket and
> using
> >> this socket created bio and ssl object. bio =
> >> BIO_new_dgram(VI_sock,BIO_NOCLOSE)) SSL_set_bio(ssl,VP_bio,VP_bio);
>
> >> 2. Enable cookie exchange on SSL object. SSL_set_options(ssl,
> >> SSL_OP_COOKIE_EXCHANGE);
>
> >> 3. Then started listening using dtlsv1_listen for the new client
> >> connections. Once dtlsv1_listen is successful and i got the peer
> >> address.
>
> mcr> okay.
>
>
> > Nivedita- All the above mentioned steps i am doing on server side .
> On the
> > client side i have already initiated ssl_connect.
> > On the server side when i am listening using dtlsv1_listen method -
>
> >> 4. Once i got the peer address , i am creating one more socket
> >> 5. With the new socket i tried to connect to peer address.
>
> > mcr> Do you mean, you call "SSL_connect()"?
> > mcr> Or do you mean you bind(2) and connect(2) the socket.
>
>You didn't answer this.
>You imply you might have tried "SSL_connect()" on the server side.
Nivedita - SSL_connect is already issued on client side , because of
which it triggered the server and dtlsv1_listen was successful and i got
the peer address from dtlsv1_listen.
> Then once i got the client address from the dtlsv1_listen
> method, i am creating one more socket and trying to connect to this
> client address.
>
Vi_res= connect(new sockid, client_addr, sizeof (client
addr));
I am able to connect to client address which i got in
dtlsv1_listen method using new socket id. and i want to do the ssl_accept
on the new socket id by issuing bio_set_fd and bio_ctrl.
But ssl_accept fails with error code 2.
BIO_set_fd(SSL_get_rbio(ssl),VI_new_sock_id,BIO_NOCLOSE);
BIO_ctrl(SSL_get_rbio(VP_ssl),BIO_CTRL_DGRAM_SET_CONNECTED, 0,
&client_addr)
ssl_accept (VP_ssl)
I would like to mention that VP_ssl is created using server socket id,
but we are trying to do ssl_accept on newly created socket id which is
connected to peer address[got from dtlsv1_listen method) , so that we can
use this socket for further read-write operations and server socket for
listening operations.
>
>
> >> 6. Then i am trying to do ssl_accept on the new socket by calling
> >> bio_set_fd.
>
> >> BIO_set_fd(SSL_get_rbio(ssl),VI_new_sock_id,BIO_NOCLOSE);
>
> >> BIO_ctrl(SSL_get_rbio(VP_ssl),BIO_CTRL_DGRAM_SET_CONNECTED, 0,
> >> &client_addr);
>
> >> SSL_set_fd(ssl,VI_newsock_id);
>
> mcr> So, SSL_set_fd() will allocate a ne bio, which probably undoes
> the effect
> mcr> of calling BIO_CRTL_DGRAM_SET_CONNECTED. Since you have set the
> fd of
> mcr> the existing BIO, I think you can omit that line.
>
> Please omit the SSL_set_fd(), since you've already done it.
>
> I have a pull request at:
> https://github.com/openssl/openssl/pull/5024
>
> which I am reworking to suit the OpenSSL team.
> I am solving the same problem that you have encountered.
>
> --
> ] Never tell me the odds! | ipv6 mesh
> networks [
> ] Michael Richardson, Sandelman Software Works | network
> architect [
> ] mcr at sandelman.ca http://www.sandelman.ca/ | ruby on
> rails [
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180215/7d9beb8b/attachment.html>
More information about the openssl-users
mailing list