<div dir="ltr">Hi Michael,<div><br></div><div>Please find the response inline.</div><div><br></div><div>Regards,</div><div>Nivedita<br><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Feb 14, 2018 at 10:55 PM, Michael Richardson <span dir="ltr"><<a href="mailto:mcr@sandelman.ca" target="_blank">mcr@sandelman.ca</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span><br>
Nivedita <<a href="mailto:maddi.nivedita@gmail.com" target="_blank">maddi.nivedita@gmail.com</a>> wrote:<br>
> Hi Michael,<br>
<br>
> Thanks for the reply.<br>
<br>
> I have mentioned the answers below.<br>
<br>
</span>>okay. I saw only one comment. Maybe you could use standard usenet quoting?<br>>Tell me a bit more about what you are working on?<br>>I'm trying to make CoAP+DTLS work with the ruby-on-rails "David" CoAP server.<br>
<span> </span></blockquote><div> Nivedita - We are using c and Socket programming to establish dtls over udp for sip communication.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span> > Nivedita <<a href="mailto:maddi.nivedita@gmail.com" target="_blank">maddi.nivedita@gmail.com</a>> wrote:<br>
>> I am trying to establish DTLS over UDP connection by using<br>
>> DTLSv1_listen method .<br>
<br>
>> I have followed the below steps - 1. Created a server socket and using<br>
>> this socket created bio and ssl object. bio =<br>
>> BIO_new_dgram(VI_sock,BIO_NOCL<wbr>OSE)) SSL_set_bio(ssl,VP_bio,VP_bio)<wbr>;<br>
<br>
>> 2. Enable cookie exchange on SSL object. SSL_set_options(ssl,<br>
>> SSL_OP_COOKIE_EXCHANGE);<br>
<br>
>> 3. Then started listening using dtlsv1_listen for the new client<br>
>> connections. Once dtlsv1_listen is successful and i got the peer<br>
>> address.<br>
<br>
</span> mcr> okay.<br>
<span><br>
<br>
> Nivedita- All the above mentioned steps i am doing on server side . On the<br>
> client side i have already initiated ssl_connect.<br>
> On the server side when i am listening using dtlsv1_listen method -<br>
<br>
>> 4. Once i got the peer address , i am creating one more socket<br>
>> 5. With the new socket i tried to connect to peer address.<br>
<br>
</span> > mcr> Do you mean, you call "SSL_connect()"?<br> > mcr> Or do you mean you bind(2) and connect(2) the socket.<br></blockquote><div>
<span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"> >You didn't answer this.</span><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"> >You imply you might have tried "SSL_connect()" on the server side.</span>
</div><div> </div><div> Nivedita - SSL_connect is already issued on client side , because of which it triggered the server and dtlsv1_listen was successful and i got the peer address from dtlsv1_listen.</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Then once i got the client address from the dtlsv1_listen method, i am creating one more socket and trying to connect to this client address.<br></blockquote><div> <div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"> Vi_res= connect(new sockid, client_addr, sizeof (client addr));</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"> I am able to connect to client address which i got in dtlsv1_listen method using new socket id. and i want to do the ssl_accept on the new socket id by issuing bio_set_fd and bio_ctrl.</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"> But ssl_accept fails with error code 2.</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"> </div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">
<span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">BIO_set_fd(SSL_get_rbio(ssl),</span><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">V<wbr>I_new_sock_id,BIO_NOCLOSE);</span><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"> BIO_ctrl(SSL_get_rbio(VP_ssl)<wbr>,</span><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">BIO_CTRL_DGRAM_SET_CONNECTED, 0,</span><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"> &client_addr)</span>
</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"> ssl_accept (VP_ssl)</span></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"> I would like to mention that VP_ssl is created using server socket id, but we are trying to do ssl_accept on newly created socket id which is connected to peer address[got from dtlsv1_listen method) , so that we can use this socket for further read-write operations and server socket for listening operations.</span></div>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
<span><br>
>> 6. Then i am trying to do ssl_accept on the new socket by calling<br>
>> bio_set_fd.<br>
<br>
>> BIO_set_fd(SSL_get_rbio(ssl),V<wbr>I_new_sock_id,BIO_NOCLOSE);<br>
<br>
>> BIO_ctrl(SSL_get_rbio(VP_ssl),<wbr>BIO_CTRL_DGRAM_SET_CONNECTED, 0,<br>
>> &client_addr);<br>
<br>
>> SSL_set_fd(ssl,VI_newsock_id);<br>
<br>
</span> mcr> So, SSL_set_fd() will allocate a ne bio, which probably undoes the effect<br>
mcr> of calling BIO_CRTL_DGRAM_SET_CONNECTED. Since you have set the fd of<br>
mcr> the existing BIO, I think you can omit that line.<br>
<br>
Please omit the SSL_set_fd(), since you've already done it.<br>
<br>
I have a pull request at:<br>
<a href="https://github.com/openssl/openssl/pull/5024" rel="noreferrer" target="_blank">https://github.com/openssl/ope<wbr>nssl/pull/5024</a><br>
<br>
which I am reworking to suit the OpenSSL team.<br>
I am solving the same problem that you have encountered.<br>
<div class="m_-9074882757260652617m_-2599155194344003311m_3538464804140376750HOEnZb"><div class="m_-9074882757260652617m_-2599155194344003311m_3538464804140376750h5"><br>
--<br>
] Never tell me the odds! | ipv6 mesh networks [<br>
] Michael Richardson, Sandelman Software Works | network architect [<br>
] <a href="mailto:mcr@sandelman.ca" target="_blank">mcr@sandelman.ca</a> <a href="http://www.sandelman.ca/" rel="noreferrer" target="_blank">http://www.sandelman.ca/</a> | ruby on rails [<br>
<br>
</div></div></blockquote></div><br></div></div></div>