Hello, mk <m...@cognitivedissonance.ca> writes:
> Does anyone know of any (gnuTLS) examples of DTLS using PSK? I tried with gnutls-serv and gnutls-cli with the -u option, and encountered a crash caused by an incorrect usage of gnutls_psk_server_get_username in gnutls-cli. After applying a fix for that[1], I got it working as below: psktool -u test -p passwd.psk gnutls-serv -u --pskpasswd=passwd.psk --priority=NORMAL:+ECDHE-PSK:+DHE-PSK:+PSK gnutls-cli localhost -u -p 5556 --priority NORMAL:-VERS-TLS1.3:+ECDHE-PSK:+DHE-PSK:+PSK --pskusername test --pskkey $(sed -n 's/^test:\(.*\)/\1/p' passwd.psk) and it works: - Description: (DTLS1.2-X.509)-(ECDHE-SECP256R1)-(CHACHA20-POLY1305) - Session ID: 43:82:0A:96:74:20:3E:BA:5A:45:59:B8:ED:AA:4D:D7:18:0B:EB:EE:4B:2A:AE:48:1A:46:29:2F:52:33:85:E2 - PSK authentication. PSK hint '' - Options: extended master secret, safe renegotiation, - Handshake was completed > I am working on a C++ network socket library which wraps gnuTLS (the C > API); TLS and DTLS are working client and server side using X.509, and > TLS using PSK. However, DTLS using PSK fails client side during the > handshake, after the DTLS cookie is sent, with "A packet with illegal > or unsupported version was received". Maybe it might be helpful to look at the diagnostic logs, collected with GNUTLS_DEBUG_LEVEL. > Existing examples in the manual and online have been invaluable to me > with the work up to now, but I have been unable to find any for this. Footnotes: [1] https://gitlab.com/gnutls/gnutls/-/merge_requests/1730 Regards, -- Daiki Ueno _______________________________________________ Gnutls-help mailing list Gnutls-help@lists.gnutls.org http://lists.gnupg.org/mailman/listinfo/gnutls-help