<div dir="ltr">Hi Matt,<div><br></div><div><br></div><div>I was able to fix the issue with the following changes. The change was to create new fd (bound to server address) each time DTLSv1_listen() was called. Previously, I used the same fd for every DTLSv1_listen call. The new dgram BIO was created with an old fd. On passing newly created fd to BIO_new_dgram, the problem seems to be resolved. However, this leads to another question. Why doesn't DTLS_listen queue up the connections similar to accept call? Does that mean DTLS can support only one handshake at a time? Is it recommended to create multiple fds bound to server address and then spawning a thread (per fd) to listen to DTLS requests.</div><div><br></div><div> <pre style="box-sizing:border-box;font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:13.6px;margin-top:0px;margin-bottom:0px;word-wrap:normal;padding:16px;overflow:auto;line-height:1.45;background-color:rgb(246,248,250);border-radius:3px;word-break:normal;color:rgb(36,41,46);font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial"><span class="gmail-pl-k" style="box-sizing:border-box;color:rgb(215,58,73)">while</span>(<span class="gmail-pl-c1" style="box-sizing:border-box;color:rgb(0,92,197)">1</span>) {</pre><pre style="box-sizing:border-box;font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:13.6px;margin-top:0px;margin-bottom:0px;word-wrap:normal;padding:16px;overflow:auto;line-height:1.45;background-color:rgb(246,248,250);border-radius:3px;word-break:normal;color:rgb(36,41,46);font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial"><pre style="font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial;box-sizing:border-box;font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:13.6px;margin-top:0px;margin-bottom:0px;word-wrap:normal;padding:16px;overflow:auto;line-height:1.45;background-color:rgb(246,248,250);border-radius:3px;word-break:normal;color:rgb(36,41,46)"><span class="gmail-pl-k" style="box-sizing:border-box;color:rgb(215,58,73)">int</span> fd = socket(AF_INET6, SOCK_DGRAM, <span class="gmail-pl-c1" style="box-sizing:border-box;color:rgb(0,92,197)">0</span>);
<span class="gmail-pl-en" style="box-sizing:border-box;color:rgb(111,66,193)">bind</span>(fd, &server_addr, <span class="gmail-pl-k" style="box-sizing:border-box;color:rgb(215,58,73)">sizeof</span>(<span class="gmail-pl-k" style="box-sizing:border-box;color:rgb(215,58,73)">struct</span> sockaddr_in6));
</pre><br class="gmail-Apple-interchange-newline">
BIO *bio = <span class="gmail-pl-c1" style="box-sizing:border-box;color:rgb(0,92,197)">BIO_new_dgram</span>(fd, BIO_NOCLOSE);
SSL *ssl = <span class="gmail-pl-c1" style="box-sizing:border-box;color:rgb(0,92,197)">SSL_new</span>(ctx);
<span class="gmail-pl-c1" style="box-sizing:border-box;color:rgb(0,92,197)">SSL_set_bio</span>(ssl, bio, bio);
<span class="gmail-pl-c" style="box-sizing:border-box;color:rgb(106,115,125)"><span class="gmail-pl-c" style="box-sizing:border-box;color:rgb(106,115,125)">/*</span> Enable cookie exchange <span class="gmail-pl-c" style="box-sizing:border-box;color:rgb(106,115,125)">*/</span></span>
<span class="gmail-pl-c1" style="box-sizing:border-box;color:rgb(0,92,197)">SSL_set_options</span>(ssl, SSL_OP_COOKIE_EXCHANGE);
<span class="gmail-pl-c" style="box-sizing:border-box;color:rgb(106,115,125)"><span class="gmail-pl-c" style="box-sizing:border-box;color:rgb(106,115,125)">/*</span> Wait for incoming connections <span class="gmail-pl-c" style="box-sizing:border-box;color:rgb(106,115,125)">*/</span></span>
<span class="gmail-pl-k" style="box-sizing:border-box;color:rgb(215,58,73)">while</span> (!<span class="gmail-pl-c1" style="box-sizing:border-box;color:rgb(0,92,197)">DTLSv1_listen</span>(ssl, &client_addr));
<span class="gmail-pl-c" style="box-sizing:border-box;color:rgb(106,115,125)"><span class="gmail-pl-c" style="box-sizing:border-box;color:rgb(106,115,125)">/*</span> connect to client on different fd and complete the handshake and process data packets */</span></pre><pre style="box-sizing:border-box;font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:13.6px;margin-top:0px;margin-bottom:0px;word-wrap:normal;padding:16px;overflow:auto;line-height:1.45;background-color:rgb(246,248,250);border-radius:3px;word-break:normal;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">}</pre></div><div><br></div><div><br></div><div><br></div><div>Thanks,</div><div>Varun</div><div><br></div><div><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Apr 5, 2018 at 1:03 AM, Matt Caswell <span dir="ltr"><<a href="mailto:matt@openssl.org" target="_blank">matt@openssl.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Are you able to share a simple reproducer of your problem?<br>
<br>
Matt<br>
<div class="HOEnZb"><div class="h5"><br>
On 05/04/18 02:14, Varun Kulkarni wrote:<br>
> Hi,<br>
><br>
> I was able to get DTLS work with the latest version of openssl with a<br>
> single client and server. However, I was unable to get it to work with<br>
> multiple clients. The first client completes the handshake and works<br>
> well. But however the function DTLSv1_listen returns 1 immediately even<br>
> for an application data packet (after the first client completes the<br>
> handshake), where it should ideally return 0 and wait for the next<br>
> client hello. Since it hangs on SSL_accept, the next client hello<br>
> packets won't be answered. <br>
><br>
><br>
> The closest reference I have got is from:<br>
> <a href="https://gist.github.com/Jxck/b211a12423622fe304d2370b1f1d30d5" rel="noreferrer" target="_blank">https://gist.github.com/Jxck/<wbr>b211a12423622fe304d2370b1f1d30<wbr>d5</a>. This<br>
> doesn't seem to work for multiple clients.<br>
><br>
> Any suggestions/references would be helpful in this regard. If this is<br>
> not the right mailing list, please point me to the right one.<br>
><br>
><br>
> --<br>
><br>
><br>
> Thanks and Regards,<br>
> Varun K S<br>
><br>
><br>
</div></div><span class="HOEnZb"><font color="#888888">--<br>
openssl-users mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/<wbr>mailman/listinfo/openssl-users</a><br>
</font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div><br></div><div><br></div><div>Regards,</div><div>Varun K S</div></div></div></div>
</div></div>