DTLS failure between Android and Kurento

[Matthew Mah]

I am trying to connect an Android client based on the AppRTCDemo to Kurento. I have a successful SDP exchange, but there is a failure in the DTLS exchange. 

This is what wireshark sees at the Kurento server on UDP for DTLS:

S = server, C = client

S -> C Client Hello

C -> S Server Hello, Certificate, Server Key Exchange, Certificate Request, Server Hello Done

S -> C Certificate

S -> C Client Key Exchange

S -> C Certificate Verify

S -> C Change Cipher Spec

S -> C Encrypted Handshake Message

There are no further UDP DTLS messages from the server, and the client sends groups of these messages (now separate packets, not in one) at exponentially increasing time intervals:

C -> S Server Hello

C -> S Certificate

C -> S Server Key Exchange

C -> S Certificate Request

C -> S Server Hello Done

In the Android client log, these messages indicate the client does not like the Kurento DTLS messages. 

SSL_accept:error in SSLv3 read client hello A

SSL_accept:error in SSLv3 read client certificate A

SSL_accept:error in SSLv3 read certificate verify A

SSL_accept:error in SSLv3 read finished A

DTLS timeout expired

DTLS timeout expired

I have not discovered why the Android client indicates errors in the messages received from the Kurento server. I have located webrtc/base/opensslstreamadapter.cc, where the SSL connection is setup, but I cannot find where the SSL info callbacks are made that result in the above messages for the SSL_accept errors. 

How do I track down the reason for the SSL_accept errors? 

I think I have all of the ICE issues resolved because both the Android client and Kurento see packets from the other side. 

I originally posted this question to the Kurento group without resolution. 

[Fedor Sumkin]

Hello, 

We solved the similar problem with Kurento. You can find the discussion and solution here. May be this will help you.

воскресенье, 5 апреля 2015 г., 0:19:06 UTC+6 пользователь Matthew Mah написал: