Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

Re: Question on DTLS server calling dtls_handle_timeout during protocol handshake.

74 views

Skip to first unread message

Robin Seggelmann

unread,

Jul 7, 2011, 9:16:27 AM7/7/11

Hi Yogesh,

I have had a look at your modifications. There are some minor mistakes, but I was also able to find a bug in OpenSSL, for which patch #2555 is submitted.

I have made some small changes to your code, but haven't revised everything. Most important is the timer handling, which does not work the way you did it. Check the SSL_connect() part of the client, I have changed that to make use of DTLSv1_get_timeout() and DTLSv1_handle_timeout() correctly.

Best regards
Robin

On Jul 6, 2011, at 1:10 AM, Yogesh Chopra wrote:

> Hi Robin,
> I am using DTLSv1_listen() and calling it repeatedly the
> difference (I believe) is I am using non-blocking sockets. Please
> find attached the sample program from sctp.fh-muenster.de modified for
> non-blocking sockets using select that demonstrates this problem.
>
> You can compile the program using:
>
> gcc dtls_udp_echo.c -o server -I openssl-1.0.0d/include -l pthread -l
> dl openssl-1.0.0d/libssl.a openssl-1.0.0d//libcrypto.a
>
> and to run this use instructions below:
>
> On the server:
>
> ./server -s -L 10.10.100.116 -p 6666 -V
>
> On the client
>
> ./server -r 10.10.100.116 -L 0.0.0.0 -p 6666 -v -l 1400 -n 10
>
>
> Thanks,
> -Yogi
>
>
>
> On Sat, Jul 2, 2011 at 2:05 AM, Robin Seggelmann
> <segge...@fh-muenster.de> wrote:
>> Hi Yogesh,
>>
>> On 01.07.2011, at 00:59, Yogesh Chopra wrote:
>>
>>> The setup is same as before (where traffic from server is blocked to
>>> client). The Server responds only once with a HELLO_VERIFY response
>>> for a HELLO request and then never sends a HELLO_VERIFY response for
>>> subsequent CLIENT HELLO messages
>>>
>>> CLIENT SERVER
>>> HELLO --->
>>> HELLO_VERIFY (For
>>> First request)
>>>
>>> Post first request
>>>
>>> HELLO --->
>>> There is no response from SERVER
>>
>> I tried to reproduce this behavior, but my DTLS programs (available on sctp.fh-muenster.de) behave as expected. The server responds to every ClientHello with a HelloVerifyRequest, which will be dropped due to a firewall policy. The client keeps repeating until I remove the fw policy, after which the handshake will be completed immediately.
>>
>> It is possible that your application does not handle this correctly? Are you using DTLSv1_listen() and call it again and again until it returns 1? That may not be the case, because the second ClientHello as a response to a HelloVerifyRequest is necessary for this call to return successfully, before you can create a new socket for the new connection and complete the handshake for it. Please have a look at the programs on our website.
>>
>> Maybe you can provide an excerpt of your code which handles incoming connections.
>>
>> Best regards
>> Robin
>>
>>
>>
>>
>>
>> ______________________________________________________________________
>> OpenSSL Project http://www.openssl.org
>> Development Mailing List opens...@openssl.org
>> Automated List Manager majo...@openssl.org
>>
> <dtls_udp_echo.c>

dtls_udp_echo.c

0 new messages