Hi Matt,
yes, we have found that later and have add the call backs. But we never get the Client Hello with cookie. The Hello verify request is sent from the server.
Thanks for pointing out that listen was for cookies. Now without that providing the SSL_accept, it hangs. We are unable to figure out why it hangs. Only client hello is sent. Is there any way to spot what is going wrong.
Thanks,
Grace
On Tue, Oct 31, 2017 at 3:50 PM, Matt Caswell <matt@xxxxxxxxxxx> wrote:
On 31/10/17 06:06, Grace Priscilla Jero wrote:
> Thankyou for the suggestions. After correcting few options the
> "ClientHello" goes successfully but we have failure in "DTLSv1_listen".
> There are'nt any cookies in the Client Hello request.
> But DTLSv1_listen return error and the failure in see is in
> "SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_COOKIE_GEN_CALLBACK_FAILURE);" This is most likely because you haven't called
SSL_CTX_set_cookie_generate_cb() first.
> We are using 1.1.0f version. Is there a way we can disable cookies?
Well the whole *point* of calling DTLSv1_listen() is to generate those
cookies. If you don't want cookies, don't call it.
Matt
>
> Thanks,
> Grace
>
> On Fri, Oct 27, 2017 at 12:39 PM, Grace Priscilla Jero
> <grace.priscilla@xxxxxxxxx <mailto:grace.priscilla@gmail.com >> wrote:
>
> Hi Matt,
>
> SSL_get_error() returns 5.
> It is the same socket using which the UDP connection is established.
> Could you suggest some logging that can be done for OPENSSL.
>
> Thanks,
> Grace
>
>
> On Thu, Oct 26, 2017 at 9:23 PM, Matt Caswell <matt@xxxxxxxxxxx
> <mailto:matt@xxxxxxxxxxx>> wrote:
>
>
>
> On 26/10/17 16:43, Grace Priscilla Jero wrote:
> > Thankyou for the responses.
> > We figured the issue. But now we are getting error -5 from "SSL_connect"
> > and the errno is set to 22 which means invalid argument.
> > Is there a easy way to debug or get logs for SSL_connect.
> >
> > Below is the sequence for the dtls udp connect that we are trying.
> > ssl = SSL_new(ctx)
> > bio = BIO_new_dgram(sock_id,BIO_NOCLOSE)
> > SSL_set_bio(ssl, bio, bio);
> > VI_res = SSL_connect(ssl)
>
> Do you really mean SSL_connect() returns -5? Or do you mean that
> after a
> negative return value from SSL_connect() you call
> SSL_get_error() and
> that return 5 (SSL_ERROR_SYSCALL)?
>
> If you really mean SSL_connect() returns -5 then you need to call
> SSL_get_error() as a next step.
>
> If you are getting SSL_ERROR_SYSCALL then my guess is that there
> is a
> problem with sock_id. How do create it?
>
> Matt
>
>
> >
> >
> >
> > Thanks,
> > Grace
> >
> > On Tue, Oct 24, 2017 at 4:07 PM, Matt Caswell <matt@xxxxxxxxxxx <mailto:matt@xxxxxxxxxxx>
> > <mailto:matt@xxxxxxxxxxx <mailto:matt@xxxxxxxxxxx>>> wrote:
> >
> >
> >
> > On 24/10/17 11:25, Grace Priscilla Jero wrote:
> > > We are using SSL_accept to accept the connection for which we see the
> > > failure. Please let know if you have any thoughts.
> >
> > Have you set the wbio correctly? Does SSL_get_wbio() return your wbio
> > object if you call it immediately before SSL_do_handshake()?
> >
> > Matt
> >
> > --
> > openssl-users mailing list
> > To unsubscribe:
> > https://mta.openssl.org/mailman/listinfo/openssl-users
> <https://mta.openssl.org/mailman/listinfo/openssl-users >
> > <https://mta.openssl.org/mailman/listinfo/openssl-users
> <https://mta.openssl.org/mailman/listinfo/openssl-users >>
> >
> >
> >
> >
> --
> openssl-users mailing list
> To unsubscribe:
> https://mta.openssl.org/mailman/listinfo/openssl-users
> <https://mta.openssl.org/mailman/listinfo/openssl-users >
>
>
>
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
