Hi Michael,
Please find the response inline.
Regards,
Nivedita
On Wed, Feb 14, 2018 at 10:55 PM, Michael Richardson <mcr@xxxxxxxxxxxx> wrote:
Nivedita <maddi.nivedita@xxxxxxxxx> wrote:
> Hi Michael,
> Thanks for the reply.
> I have mentioned the answers below.
>okay. I saw only one comment. Maybe you could use standard usenet quoting?
>Tell me a bit more about what you are working on?
>I'm trying to make CoAP+DTLS work with the ruby-on-rails "David" CoAP server.
Nivedita - We are using c and Socket programming to establish dtls over udp for sip communication.
> Nivedita <maddi.nivedita@xxxxxxxxx> wrote:
>> I am trying to establish DTLS over UDP connection by using
>> DTLSv1_listen method .
>> I have followed the below steps - 1. Created a server socket and using
>> this socket created bio and ssl object. bio =
>> BIO_new_dgram(VI_sock,BIO_NOCLOSE)) SSL_set_bio(ssl,VP_bio,VP_bio) mcr> okay.;
>> 2. Enable cookie exchange on SSL object. SSL_set_options(ssl,
>> SSL_OP_COOKIE_EXCHANGE);
>> 3. Then started listening using dtlsv1_listen for the new client
>> connections. Once dtlsv1_listen is successful and i got the peer
>> address.
> Nivedita- All the above mentioned steps i am doing on server side . On the
> client side i have already initiated ssl_connect.
> On the server side when i am listening using dtlsv1_listen method -
>> 4. Once i got the peer address , i am creating one more socket
>> 5. With the new socket i tried to connect to peer address.
> mcr> Do you mean, you call "SSL_connect()"?
> mcr> Or do you mean you bind(2) and connect(2) the socket.
>You didn't answer this.
>You imply you might have tried "SSL_connect()" on the server side.
>You imply you might have tried "SSL_connect()" on the server side.
Nivedita - SSL_connect is already issued on client side , because of which it triggered the server and dtlsv1_listen was successful and i got the peer address from dtlsv1_listen.
Then once i got the client address from the dtlsv1_listen method, i am creating one more socket and trying to connect to this client address.
Vi_res= connect(new sockid, client_addr, sizeof (client addr));
I am able to connect to client address which i got in dtlsv1_listen method using new socket id. and i want to do the ssl_accept on the new socket id by issuing bio_set_fd and bio_ctrl.
But ssl_accept fails with error code 2.
BIO_set_fd(SSL_get_rbio(ssl),VI_new_sock_id,BIO_NOCLOSE);
BIO_ctrl(SSL_get_rbio(VP_ssl), BIO_CTRL_DGRAM_SET_CONNECTED, 0, &client_addr)
BIO_ctrl(SSL_get_rbio(VP_ssl)
ssl_accept (VP_ssl)
I would like to mention that VP_ssl is created using server socket id, but we are trying to do ssl_accept on newly created socket id which is connected to peer address[got from dtlsv1_listen method) , so that we can use this socket for further read-write operations and server socket for listening operations.
>> 6. Then i am trying to do ssl_accept on the new socket by calling
>> bio_set_fd.
>> BIO_set_fd(SSL_get_rbio(ssl),VI_new_sock_id,BIO_NOCLOSE); mcr> So, SSL_set_fd() will allocate a ne bio, which probably undoes the effect
>> BIO_ctrl(SSL_get_rbio(VP_ssl),BIO_CTRL_DGRAM_SET_CONNECTED, 0,
>> &client_addr);
>> SSL_set_fd(ssl,VI_newsock_id);
mcr> of calling BIO_CRTL_DGRAM_SET_CONNECTED. Since you have set the fd of
mcr> the existing BIO, I think you can omit that line.
Please omit the SSL_set_fd(), since you've already done it.
I have a pull request at:
https://github.com/openssl/openssl/pull/5024
which I am reworking to suit the OpenSSL team.
I am solving the same problem that you have encountered.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] mcr@xxxxxxxxxxxx http://www.sandelman.ca/ | ruby on rails [
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
