Matt Caswell wrote on 04/20/2017 01:29 PM: > > > On 20/04/17 12:26, mahesh gs wrote: >> Hi Matt, >> >> Yes I raised github case for the same issue. I also tried running this >> call flow with the latest SNAPSHOT code (openssl-SNAP-20170419) and >> handshake is successful with the latest SNAPSHOT code which is not an >> official release. >> >> I checked the github repo history and observer that during commits on >> (11 th Jan) as a part of "Move state machine knowledge out of the record >> layer". "renegotiate" bit that is set to "2" in function >> "tls_post_process_client_hello" has been removed. May be that is causing >> the call flow to be successful in the latest SNAPSHOT release. >> >> I am assuming commits that are done on 11th Jan or later are not part of >> release openssl 01.01.00e > > Ah. No. That commit is in the dev branch only (scheduled for version > 1.1.1) and won't be backported to the 1.1.0 branch. I can see why that > commit might help things, but probably a different solution is more > appropriate for 1.1.0. > > I'm looking at this issue at the moment. > > Matt > hi, btw: I've tested similar scenario and handshake works fine. test env: client and server on different VMs (rhel7.2, openssl 1.1.0e, non-blocking sockets and segmented certificate) So, it should work also with 1.1.0e version. Martin >> >> >> Thanks, >> Mahesh G S >> >> On Wed, Apr 19, 2017 at 6:56 PM, Matt Caswell <matt@xxxxxxxxxxx >> <mailto:matt@xxxxxxxxxxx>> wrote: >> >> For those following this discussion Mahesh has created a github issue >> with much more detail (at least I am assuming this is the same issue): >> >> https://github.com/openssl/openssl/issues/3251 >> <https://github.com/openssl/openssl/issues/3251> >> >> Matt >> >> >> On 18/04/17 21:17, Michael Tuexen wrote: >> >> On 13. Apr 2017, at 11:11, mahesh gs <mahesh116@xxxxxxxxx >> <mailto:mahesh116@xxxxxxxxx>> wrote: >> >> >> >> Hi, >> >> >> >> We are running SCTP connections with DTLS enabled in our >> application. We have adapted openssl version (openssl-1.1.0e) to >> achieve the same. >> >> >> >> We have generated the self signed root and node certificates for >> testing. We have a strange problem with the incomplete DTLS >> handshake if we run the DTLS client and DTLS server is different >> systems.If we run the DTLS client and server in same system >> handshake is successful, handshake is not successful if run client >> and server in different VM's. >> >> >> >> This strange problem happens only for SCTP/DTLS connection. With >> the same set of certificates TCP/TLS connection is successful and we >> are able to exchange the application data. >> >> >> >> I am attaching the code bits for SSL_accept and SSL_connect and >> also the wireshark trace of unsuccessful handshake. Please assist me >> to debug this problem. >> >> >> >> SSL_accept returns SSL_ERROR_WANT_READ(2) infinite times but >> SSL_connect is called 4 or 5 times and select system call timeout. >> > Which OS are you using? With a test program I could reproduce >> SSL_accept() returning SSL_ERROR_WANT_READ under FreeBSD, >> > but not under Linux. Haven't figured out what the problem is. So >> if you are using FreeBSD we might experience the same problem... >> > >> > Best regards >> > Michael >> >> >> >> Thanks, >> >> Mahesh G S >> >> >> >> >> >> <testcode.txt><proxy.cap>-- >> >> openssl-users mailing list >> >> To unsubscribe: >> https://mta.openssl.org/mailman/listinfo/openssl-users >> <https://mta.openssl.org/mailman/listinfo/openssl-users> >> > >> -- >> openssl-users mailing list >> To unsubscribe: >> https://mta.openssl.org/mailman/listinfo/openssl-users >> <https://mta.openssl.org/mailman/listinfo/openssl-users> >> >> >> >>
Attachment:
0xB42AB632.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
