<div dir="ltr">Hi Matt,<div>yes, we have found that later and have add the call backs. But we never get the Client Hello with cookie. The Hello verify request is sent from the server.</div><div><br></div><div>Thanks for pointing out that listen was for cookies. Now without that providing the SSL_accept, it hangs. We are unable to figure out why it hangs. Only client hello is sent. Is there any way to spot what is going wrong.</div><div><br></div><div>Thanks,</div><div>Grace</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Oct 31, 2017 at 3:50 PM, Matt Caswell <span dir="ltr"><<a href="mailto:matt@openssl.org" target="_blank">matt@openssl.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><br>
<br>
On 31/10/17 06:06, Grace Priscilla Jero wrote:<br>
> Thankyou for the suggestions. After correcting few options the<br>
> "ClientHello" goes successfully but we have failure in "DTLSv1_listen".<br>
> There are'nt any cookies in the Client Hello request.<br>
> But DTLSv1_listen return error and the failure in see is in<br>
> "SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_COOKIE_GEN_CALLBACK_<wbr>FAILURE);"<br>
<br>
</span>This is most likely because you haven't called<br>
SSL_CTX_set_cookie_generate_<wbr>cb() first.<br>
<span class=""><br>
> We are using 1.1.0f version. Is there a way we can disable cookies?<br>
<br>
</span>Well the whole *point* of calling DTLSv1_listen() is to generate those<br>
cookies. If you don't want cookies, don't call it.<br>
<span class="HOEnZb"><font color="#888888"><br>
Matt<br>
</font></span><span class="im HOEnZb"><br>
><br>
> Thanks,<br>
> Grace<br>
><br>
> On Fri, Oct 27, 2017 at 12:39 PM, Grace Priscilla Jero<br>
</span><span class="im HOEnZb">> <<a href="mailto:grace.priscilla@gmail.com">grace.priscilla@gmail.com</a> <mailto:<a href="mailto:grace.priscilla@gmail.com">grace.priscilla@gmail.<wbr>com</a>>> wrote:<br>
><br>
> Hi Matt,<br>
><br>
> SSL_get_error() returns 5. <br>
> It is the same socket using which the UDP connection is established.<br>
> Could you suggest some logging that can be done for OPENSSL.<br>
><br>
> Thanks,<br>
> Grace<br>
><br>
><br>
> On Thu, Oct 26, 2017 at 9:23 PM, Matt Caswell <<a href="mailto:matt@openssl.org">matt@openssl.org</a><br>
</span><div class="HOEnZb"><div class="h5">> <mailto:<a href="mailto:matt@openssl.org">matt@openssl.org</a>>> wrote:<br>
><br>
><br>
><br>
> On 26/10/17 16:43, Grace Priscilla Jero wrote:<br>
> > Thankyou for the responses.<br>
> > We figured the issue. But now we are getting error -5 from "SSL_connect"<br>
> > and the errno is set to 22 which means invalid argument.<br>
> > Is there a easy way to debug or get logs for SSL_connect.<br>
> ><br>
> > Below is the sequence for the dtls udp connect that we are trying.<br>
> > ssl = SSL_new(ctx)<br>
> > bio = BIO_new_dgram(sock_id,BIO_<wbr>NOCLOSE)<br>
> > SSL_set_bio(ssl, bio, bio);<br>
> > VI_res = SSL_connect(ssl)<br>
><br>
> Do you really mean SSL_connect() returns -5? Or do you mean that<br>
> after a<br>
> negative return value from SSL_connect() you call<br>
> SSL_get_error() and<br>
> that return 5 (SSL_ERROR_SYSCALL)?<br>
><br>
> If you really mean SSL_connect() returns -5 then you need to call<br>
> SSL_get_error() as a next step.<br>
><br>
> If you are getting SSL_ERROR_SYSCALL then my guess is that there<br>
> is a<br>
> problem with sock_id. How do create it?<br>
><br>
> Matt<br>
><br>
><br>
> ><br>
> ><br>
> ><br>
> > Thanks,<br>
> > Grace<br>
> ><br>
> > On Tue, Oct 24, 2017 at 4:07 PM, Matt Caswell <<a href="mailto:matt@openssl.org">matt@openssl.org</a> <mailto:<a href="mailto:matt@openssl.org">matt@openssl.org</a>><br>
</div></div><div class="HOEnZb"><div class="h5">> > <mailto:<a href="mailto:matt@openssl.org">matt@openssl.org</a> <mailto:<a href="mailto:matt@openssl.org">matt@openssl.org</a>>>> wrote:<br>
> ><br>
> ><br>
> ><br>
> > On 24/10/17 11:25, Grace Priscilla Jero wrote:<br>
> > > We are using SSL_accept to accept the connection for which we see the<br>
> > > failure. Please let know if you have any thoughts.<br>
> ><br>
> > Have you set the wbio correctly? Does SSL_get_wbio() return your wbio<br>
> > object if you call it immediately before SSL_do_handshake()?<br>
> ><br>
> > Matt<br>
> ><br>
> > --<br>
> > openssl-users mailing list<br>
> > To unsubscribe:<br>
> > <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/<wbr>mailman/listinfo/openssl-users</a><br>
> <<a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/<wbr>mailman/listinfo/openssl-users</a><wbr>><br>
> > <<a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/<wbr>mailman/listinfo/openssl-users</a><br>
> <<a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/<wbr>mailman/listinfo/openssl-users</a><wbr>>><br>
> ><br>
> ><br>
> ><br>
> ><br>
> --<br>
> openssl-users mailing list<br>
> To unsubscribe:<br>
> <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/<wbr>mailman/listinfo/openssl-users</a><br>
> <<a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/<wbr>mailman/listinfo/openssl-users</a><wbr>><br>
><br>
><br>
><br>
><br>
><br>
--<br>
openssl-users mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/<wbr>mailman/listinfo/openssl-users</a><br>
</div></div></blockquote></div><br></div>