[openssl-users] Information to detach a BIO from fd
Michael Richardson
mcr at sandelman.ca
Thu Jan 11 13:00:40 UTC 2018
Grace Priscilla Jero <grace.priscilla at gmail.com> wrote:
> We are having a scenario wherein we are having 2 BIOs for DTLS
> attached to the same fd. Each BIO has a different SSL associated with
> it. The messages are getting written to different BIO each time and we
> are trying to resolve it.
> Is there a API or any way to detach one of the BIO/SSL from the fd for
> DTLS?
No. How did you get into that situation in the first place?
My belief is that the DTLS API is suitable for (Secure)RTP only, and not for
CoAP-type usage. (or other DTLS server end-point usage)
According to some source code comments, you should have called connect() on
the socket after the first connection was received, and then (or
previously... there are race conditions either way), opened a new
socket.
I ran into this, and I wound up creating a new API, which is in a pull
request:
https://github.com/openssl/openssl/pull/5024
https://github.com/mcr/openssl/tree/dtls-listen-refactor
Sadly, the new test case I wrote is not running consistently, which I'm still
debugging.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] mcr at sandelman.ca http://www.sandelman.ca/ | ruby on rails [
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180111/0b17102b/attachment.sig>
More information about the openssl-users
mailing list