[openssl-users] Query regarding DTLS handshake

mahesh gs mahesh116 at gmail.com
Thu Apr 13 12:24:35 UTC 2017 

Hi,

Further to this, I enabled the openssl alerts. I observed the following
issue.

On Client side i see error in write finish and this already is repeated
continuously

[image: Inline image 1]

On the server side , server fails in read certificate verify.

[image: Inline image 2]

Can anyone help me to analyze the code and the reason for this issue ?

Thanks,
Mahesh G S


On Thu, Apr 13, 2017 at 2:41 PM, mahesh gs <mahesh116 at gmail.com> wrote:

> Hi,
>
> We are running SCTP connections with DTLS enabled in our application. We
> have adapted openssl version (openssl-1.1.0e) to achieve the same.
>
> We have generated the self signed root and node certificates for testing.
> We have a strange problem with the incomplete DTLS handshake if we run the
> DTLS client and DTLS server is different systems.If we run the DTLS client
> and server in same system handshake is successful, handshake is not
> successful if run client and server in different VM's.
>
> This strange problem happens only for SCTP/DTLS connection. With the same
> set of certificates TCP/TLS connection is successful and we are able to
> exchange the application data.
>
> I am attaching the code bits for SSL_accept and SSL_connect and also the
> wireshark trace of unsuccessful handshake. Please assist me to debug this
> problem.
>
> SSL_accept returns  SSL_ERROR_WANT_READ(2) infinite times but SSL_connect
> is called 4 or 5 times and select system call timeout.
>
> Thanks,
> Mahesh G S
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170413/ce2abc56/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 78032 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170413/ce2abc56/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 80668 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170413/ce2abc56/attachment-0003.png>

More information about the openssl-users mailing list