Re: DTLS with multiple clients

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Matt,


I was able to fix the issue with the following changes. The change was to create new fd (bound to server address) each time DTLSv1_listen() was called.  Previously, I used the same fd for every DTLSv1_listen call. The new dgram BIO was created with an old fd. On passing newly created fd to BIO_new_dgram, the problem seems to be resolved. However, this leads to another question. Why doesn't DTLS_listen queue up the connections similar to accept call? Does that mean DTLS can support only one handshake at a time? Is it recommended to create multiple fds bound to server address and then spawning a thread (per fd) to listen to DTLS requests.

     
while(1) {
int fd = socket(AF_INET6, SOCK_DGRAM, 0);
bind(fd, &server_addr, sizeof(struct sockaddr_in6));



  BIO *bio = BIO_new_dgram(fd, BIO_NOCLOSE);
  SSL *ssl = SSL_new(ctx);
  SSL_set_bio(ssl, bio, bio);

  /* Enable cookie exchange */
  SSL_set_options(ssl, SSL_OP_COOKIE_EXCHANGE);

  /* Wait for incoming connections */
  while (!DTLSv1_listen(ssl, &client_addr));

  /* connect to client on different fd and complete the handshake and process data packets */
}



Thanks,
Varun



On Thu, Apr 5, 2018 at 1:03 AM, Matt Caswell <matt@xxxxxxxxxxx> wrote:
Are you able to share a simple reproducer of your problem?

Matt

On 05/04/18 02:14, Varun Kulkarni wrote:
> Hi,
>
> I was able to get DTLS work with the latest version of openssl with a
> single client and server. However, I was unable to get it to work with
> multiple clients. The first client completes the handshake and works
> well. But however the function DTLSv1_listen returns 1 immediately even
> for an application data packet (after the first client completes the
> handshake), where it should ideally return 0 and wait for the next
> client hello. Since it hangs on SSL_accept, the next client hello
> packets won't be answered.  
>
>
> The closest reference I have got is from:
> https://gist.github.com/Jxck/b211a12423622fe304d2370b1f1d30d5. This
> doesn't seem to work for multiple clients.
>
> Any suggestions/references would be helpful in this regard. If this is
> not the right mailing list, please point me to the right one.
>
>
> --
>
>
> Thanks and Regards,
> Varun K S
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



--


Regards,
Varun K S
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux