ports->ssl-ports issues, plus DTLS question

[David Storrs]

We are trying to use TLS (or, more specifically, DTLS) over UDP.  In order to do this we create an input-port?/output-port? pair via make-pipe and then run the pair through ports->ssl-ports.  The handshake this causes is failing and therefore the whole process hangs and the ports don't get converted.  We have a couple questions:

1) Does the Racket openssl library (i.e. (require openssl)) implement DTLS?

2) What might be causing the failure?  (Hopefully) minimal code is below; we have been banging our heads on it and could use some advice.


; Pseudo code, simplified from live code and not tested

(define server-ctx (ssl-make-server-context 'tls12))
(ssl-load-certificate-chain!      server-ctx pem)
(ssl-load-private-key!            server-ctx pem)
(ssl-server-context-enable-ecdhe! server-ctx 'secp521r1)

(define client-ctx (ssl-make-client-context 'tls12))
(ssl-set-ciphers! client-ctx "ECDHE-RSA-AES128-SHA256")

(define rx-in-ch  (make-async-channel))
(define sock (udp-open-socket))
(udp-bind! sock ...)

(define-values (rx-in1 rx-out1) (make-pipe size))
(define-values (tx-in1 tx-out1) (make-pipe size))

(define-values (rx-in tx-out)

   (ports->ssl-ports rx-in1 tx-out1
                    #:mode               'accept
                    #:context            server-ctx
                    #:close-original?    #t

                    #:shutdown-on-close? #t))

; the 'connect version is elided for brevity
         


;;;  Rx
; sync on the UDP socket.  When data is received, async-channel-put it onto rx-in-ch.
; sync on rx-in-ch.  When data is received, write it onto rx-out port from make-pipe
; sync on rx-in port from make-pipe.  When data is received it will be processed by a handler function

;;; Tx
; the handler function writes to tx-out
; sync on tx-in.  When data is received, a handler will udp-send-to onto the UDP socket