[openssl-users] Issue with DTLS for UDP

Matt Caswell matt at openssl.org
Tue Oct 31 10:20:09 UTC 2017



On 31/10/17 06:06, Grace Priscilla Jero wrote:
> Thankyou for the suggestions. After correcting few options the
> "ClientHello" goes successfully but we have failure in "DTLSv1_listen".
> There are'nt any cookies in the Client Hello request.
> But DTLSv1_listen return error and the failure in see is in
> "SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_COOKIE_GEN_CALLBACK_FAILURE);"

This is most likely because you haven't called
SSL_CTX_set_cookie_generate_cb() first.

> We are using 1.1.0f version. Is there a way we can disable cookies?

Well the whole *point* of calling DTLSv1_listen() is to generate those
cookies. If you don't want cookies, don't call it.

Matt

> 
> Thanks,
> Grace
> 
> On Fri, Oct 27, 2017 at 12:39 PM, Grace Priscilla Jero
> <grace.priscilla at gmail.com <mailto:grace.priscilla at gmail.com>> wrote:
> 
>     Hi Matt,
> 
>     SSL_get_error()  returns 5. 
>     It is the same socket using which the UDP connection is established.
>     Could you suggest some logging that can be done for OPENSSL.
> 
>     Thanks,
>     Grace
> 
> 
>     On Thu, Oct 26, 2017 at 9:23 PM, Matt Caswell <matt at openssl.org
>     <mailto:matt at openssl.org>> wrote:
> 
> 
> 
>         On 26/10/17 16:43, Grace Priscilla Jero wrote:
>         > Thankyou for the responses.
>         > We figured the issue. But now we are getting error -5 from "SSL_connect"
>         > and the errno is set to 22 which means invalid argument.
>         > Is there a easy way to debug or get logs for SSL_connect.
>         >
>         > Below is the sequence for the dtls udp connect that we are trying.
>         > ssl = SSL_new(ctx)
>         > bio = BIO_new_dgram(sock_id,BIO_NOCLOSE)
>         > SSL_set_bio(ssl, bio, bio);
>         > VI_res = SSL_connect(ssl)
> 
>         Do you really mean SSL_connect() returns -5? Or do you mean that
>         after a
>         negative return value from SSL_connect() you call
>         SSL_get_error() and
>         that return 5 (SSL_ERROR_SYSCALL)?
> 
>         If you really mean SSL_connect() returns -5 then you need to call
>         SSL_get_error() as a next step.
> 
>         If you are getting SSL_ERROR_SYSCALL then my guess is that there
>         is a
>         problem with sock_id. How do create it?
> 
>         Matt
> 
> 
>         >
>         >
>         >
>         > Thanks,
>         > Grace
>         >
>         > On Tue, Oct 24, 2017 at 4:07 PM, Matt Caswell <matt at openssl.org <mailto:matt at openssl.org>
>         > <mailto:matt at openssl.org <mailto:matt at openssl.org>>> wrote:
>         >
>         >
>         >
>         >     On 24/10/17 11:25, Grace Priscilla Jero wrote:
>         >     > We are using SSL_accept to accept the connection for which we see the
>         >     > failure. Please let know if you have any thoughts.
>         >
>         >     Have you set the wbio correctly? Does SSL_get_wbio() return your wbio
>         >     object if you call it immediately before SSL_do_handshake()?
>         >
>         >     Matt
>         >
>         >     --
>         >     openssl-users mailing list
>         >     To unsubscribe:
>         >     https://mta.openssl.org/mailman/listinfo/openssl-users
>         <https://mta.openssl.org/mailman/listinfo/openssl-users>
>         >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>         <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>         >
>         >
>         >
>         >
>         --
>         openssl-users mailing list
>         To unsubscribe:
>         https://mta.openssl.org/mailman/listinfo/openssl-users
>         <https://mta.openssl.org/mailman/listinfo/openssl-users>
> 
> 
> 
> 
> 


More information about the openssl-users mailing list