On 20/04/17 12:26, mahesh gs wrote: > Hi Matt, > > Yes I raised github case for the same issue. I also tried running this > call flow with the latest SNAPSHOT code (openssl-SNAP-20170419) and > handshake is successful with the latest SNAPSHOT code which is not an > official release. > > I checked the github repo history and observer that during commits on > (11 th Jan) as a part of "Move state machine knowledge out of the record > layer". "renegotiate" bit that is set to "2" in function > "tls_post_process_client_hello" has been removed. May be that is causing > the call flow to be successful in the latest SNAPSHOT release. > > I am assuming commits that are done on 11th Jan or later are not part of > release openssl 01.01.00e Ah. No. That commit is in the dev branch only (scheduled for version 1.1.1) and won't be backported to the 1.1.0 branch. I can see why that commit might help things, but probably a different solution is more appropriate for 1.1.0. I'm looking at this issue at the moment. Matt > > > Thanks, > Mahesh G S > > On Wed, Apr 19, 2017 at 6:56 PM, Matt Caswell <matt@xxxxxxxxxxx > <mailto:matt@xxxxxxxxxxx>> wrote: > > For those following this discussion Mahesh has created a github issue > with much more detail (at least I am assuming this is the same issue): > > https://github.com/openssl/openssl/issues/3251 > <https://github.com/openssl/openssl/issues/3251> > > Matt > > > On 18/04/17 21:17, Michael Tuexen wrote: > >> On 13. Apr 2017, at 11:11, mahesh gs <mahesh116@xxxxxxxxx > <mailto:mahesh116@xxxxxxxxx>> wrote: > >> > >> Hi, > >> > >> We are running SCTP connections with DTLS enabled in our > application. We have adapted openssl version (openssl-1.1.0e) to > achieve the same. > >> > >> We have generated the self signed root and node certificates for > testing. We have a strange problem with the incomplete DTLS > handshake if we run the DTLS client and DTLS server is different > systems.If we run the DTLS client and server in same system > handshake is successful, handshake is not successful if run client > and server in different VM's. > >> > >> This strange problem happens only for SCTP/DTLS connection. With > the same set of certificates TCP/TLS connection is successful and we > are able to exchange the application data. > >> > >> I am attaching the code bits for SSL_accept and SSL_connect and > also the wireshark trace of unsuccessful handshake. Please assist me > to debug this problem. > >> > >> SSL_accept returns SSL_ERROR_WANT_READ(2) infinite times but > SSL_connect is called 4 or 5 times and select system call timeout. > > Which OS are you using? With a test program I could reproduce > SSL_accept() returning SSL_ERROR_WANT_READ under FreeBSD, > > but not under Linux. Haven't figured out what the problem is. So > if you are using FreeBSD we might experience the same problem... > > > > Best regards > > Michael > >> > >> Thanks, > >> Mahesh G S > >> > >> > >> <testcode.txt><proxy.cap>-- > >> openssl-users mailing list > >> To unsubscribe: > https://mta.openssl.org/mailman/listinfo/openssl-users > <https://mta.openssl.org/mailman/listinfo/openssl-users> > > > -- > openssl-users mailing list > To unsubscribe: > https://mta.openssl.org/mailman/listinfo/openssl-users > <https://mta.openssl.org/mailman/listinfo/openssl-users> > > > > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
