[openssl-users] DTLS UDP issue

Matt Caswell matt at openssl.org
Tue Oct 31 17:07:34 UTC 2017

On 31/10/17 16:58, Grace Priscilla Jero wrote:
> Hi Matt,
> Please find attached the pcap which contains only the "Hello Client".

Thanks. Switching back to openssl-users.

> Search with ip.src==
> SSL_accept fails with -1 and get error gives the number as 2.

Error 2 is SSL_ERROR_WANT_READ which is normal. It just means it wants
to read data but hasn't got enough yet (probably because the data has
not arrived yet). You need to loop and retry SSL_accept() - are you
doing that?

> Below is the sequence for accept:
> Socket creation
> Make it non-blocking

How are you creating the socket?

> BIO_new_dgram
> SSL_new
> SSL_set_bio
> BIO_set_fd

Why are you calling BIO_set_fd() here? Has the fd changed from when you
called BIO_new_dgram()?

> SSL_set_accept_state
> SSL_set_fd

This replaces the BIO you created earlier with a new standard socket BIO
(i.e. not dgram) based on the supplied fd. That is not going to work.
Remove this call.


> SSL_accept
> Thanks,
> Grace

More information about the openssl-users mailing list