[openssl-users] DTLS for SCTP connections

mahesh gs mahesh116 at gmail.com
Wed Feb 22 06:47:29 UTC 2017 

Hi,

Thank you for sharing the sample code.

I tried running SCTP DTLS Echo server and client. I am facing strange
problem "ssl_connect" hangs on the client side, even the "ssl_accept" hangs
on the server side.

Client side back trace

(gdb) bt
#0  0x0000003db4c0ea10 in __recvmsg_nocancel () from /lib64/libpthread.so.0
#1  0x00007ffff7a64dc5 in dgram_sctp_read (b=0x6223f0, out=0x629073
"\026\376\377", outl=17741) at bss_dgram.c:1178
#2  0x00007ffff7a597a9 in BIO_read (b=0x6223f0, out=0x629073, outl=17741)
at bio_lib.c:210
#3  0x00007ffff7db80e4 in ssl3_read_n (s=0x622c70, n=13, max=17741,
extend=<value optimized out>) at s3_pkt.c:258
#4  0x00007ffff7dcaf75 in dtls1_get_record (s=0x622c70) at d1_pkt.c:676
#5  0x00007ffff7dcb6b8 in dtls1_read_bytes (s=0x622c70, type=22,
buf=0x7ffffffedfd0 "\006", len=12, peek=0) at d1_pkt.c:938
#6  0x00007ffff7dcdda5 in dtls1_get_message_fragment (s=0x622c70,
st1=<value optimized out>, stn=4449, max=30, ok=0x7ffffffee09c)
    at d1_both.c:908
#7  0x00007ffff7dce414 in dtls1_get_message (s=0x622c70, st1=4448,
stn=4449, mt=14, max=30, ok=0x7ffffffee09c) at d1_both.c:512
#8  0x00007ffff7dacaf9 in ssl3_get_server_done (s=0x622c70) at
s3_clnt.c:2458
#9  0x00007ffff7dc8467 in dtls1_connect (s=0x622c70) at d1_clnt.c:466
#10 0x0000000000402f75 in start_client(char*, char*, int, int, int) ()
#11 0x0000000000403573 in main ()


Server side back trace

(gdb) info threads
  2 Thread 0x7ffff793c700 (LWP 20161)  0x0000003db4c0ea2d in recvmsg ()
from /lib64/libpthread.so.0
* 1 Thread 0x7ffff793e720 (LWP 20155)  0x0000003db4c0e84d in accept () from
/lib64/libpthread.so.0
(gdb) t 2
[Switching to thread 2 (Thread 0x7ffff793c700 (LWP 20161))]#0
 0x0000003db4c0ea2d in recvmsg () from /lib64/libpthread.so.0
(gdb) bt
#0  0x0000003db4c0ea2d in recvmsg () from /lib64/libpthread.so.0
#1  0x00007ffff7a633a6 in BIO_dgram_sctp_wait_for_dry (b=0x7ffff0001930) at
bss_dgram.c:1803
#2  0x00007ffff7dc7830 in dtls1_accept (s=0x7ffff00008c0) at d1_srvr.c:403
#3  0x00000000004021ee in connection_handle(void*) ()
#4  0x0000003db4c07851 in start_thread () from /lib64/libpthread.so.0
#5  0x0000003db48e890d in clone () from /lib64/libc.so.6
(gdb)


I am also attaching the wireshark trace (port 4443) and a server key for
decoding wireshark.

Command used on server side: ./dtls_sctp_echo -L 16.181.38.161 -p 4443

Command used on client side : ./dtls_sctp_echo -L 16.181.38.161 -p 4443 -l
50 -n 5 16.181.38.161

Thanks in advance for your valuable input

Regards,
Mahesh G S



On Tue, Feb 21, 2017 at 2:28 PM, Michael Tuexen <
Michael.Tuexen at lurchi.franken.de> wrote:

> > On 21 Feb 2017, at 09:53, mahesh gs <mahesh116 at gmail.com> wrote:
> >
> > Hi,
> >
> > We have a client, server applications that is using SCTP as a transport
> protocol. We have to secure the connections using DTLS. I am using openssl
> version 1.0.2 which supports DTLS. But the problem i am facing is usage of
> DTLS SCTP related API's. Openssl documentation does not clearly explain all
> the SCTP related API's and usage sequence.
> >
> > I have tried going though internet and found most of the sites redirect
> to one link for SCTP DTLS sample code. But this link is not working.
> >
> > http://sctp.fh-muenster.de/dtls-samples.html
> Try
> http://web.archive.org/web/20150617012520/http://sctp.fh-
> muenster.de/dtls-samples.html
> and yes, we need to bring the machine up again.
>
> Best regards
> Michael
> >
> > If any of you has an sample code of DTLS adaptation for SCTP. It would
> immensely help me for my work.
> >
> > Looking forward to your valuable inputs.
> >
> > Thanks,
> > Mahesh G S
> > --
> > openssl-users mailing list
> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170222/42f8c9e8/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: log.pcap
Type: application/octet-stream
Size: 31278 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170222/42f8c9e8/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: server.key.pem
Type: application/octet-stream
Size: 3899 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170222/42f8c9e8/attachment-0003.obj>

More information about the openssl-users mailing list