[openssl-users] DTLS with multiple clients
Varun Kulkarni
var.kulkarni at gmail.com
Thu Apr 5 17:53:47 UTC 2018
Hi Matt,
I was able to fix the issue with the following changes. The change was to
create new fd (bound to server address) each time DTLSv1_listen() was
called. Previously, I used the same fd for every DTLSv1_listen call. The
new dgram BIO was created with an old fd. On passing newly created fd to
BIO_new_dgram, the problem seems to be resolved. However, this leads to
another question. Why doesn't DTLS_listen queue up the connections similar
to accept call? Does that mean DTLS can support only one handshake at a
time? Is it recommended to create multiple fds bound to server address and
then spawning a thread (per fd) to listen to DTLS requests.
while(1) {
int fd = socket(AF_INET6, SOCK_DGRAM, 0);bind(fd, &server_addr,
sizeof(struct sockaddr_in6));
BIO *bio = BIO_new_dgram(fd, BIO_NOCLOSE); SSL *ssl = SSL_new(ctx);
SSL_set_bio(ssl, bio, bio); /* Enable cookie exchange */ SSL_set_options(ssl,
SSL_OP_COOKIE_EXCHANGE); /* Wait for incoming connections */ while (!
DTLSv1_listen(ssl, &client_addr)); /* connect to client on different fd and
complete the handshake and process data packets */
}
Thanks,
Varun
On Thu, Apr 5, 2018 at 1:03 AM, Matt Caswell <matt at openssl.org> wrote:
> Are you able to share a simple reproducer of your problem?
>
> Matt
>
> On 05/04/18 02:14, Varun Kulkarni wrote:
> > Hi,
> >
> > I was able to get DTLS work with the latest version of openssl with a
> > single client and server. However, I was unable to get it to work with
> > multiple clients. The first client completes the handshake and works
> > well. But however the function DTLSv1_listen returns 1 immediately even
> > for an application data packet (after the first client completes the
> > handshake), where it should ideally return 0 and wait for the next
> > client hello. Since it hangs on SSL_accept, the next client hello
> > packets won't be answered.
> >
> >
> > The closest reference I have got is from:
> > https://gist.github.com/Jxck/b211a12423622fe304d2370b1f1d30d5. This
> > doesn't seem to work for multiple clients.
> >
> > Any suggestions/references would be helpful in this regard. If this is
> > not the right mailing list, please point me to the right one.
> >
> >
> > --
> >
> >
> > Thanks and Regards,
> > Varun K S
> >
> >
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
--
Regards,
Varun K S
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180405/6841a7ce/attachment.html>
More information about the openssl-users
mailing list