I am using DTLSv1_listen in non-blocking underlying socket layer. I am using
openssl-0.9.8o and I looked at the implementation.
int dtls1_listen(SSL *s, struct sockaddr *client)
{
int ret;
SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
s->d1->listen = 1;
ret = SSL_accept(s);
if (ret <= 0) return ret;
(void) BIO_dgram_get_peer(SSL_get_rbio(s), client);
return 1;
}
Does this mean that we do not have to call SS_accept after DTLSv1_listen()
returns with 1. And if it returns -1 with SSL_ERROR_WANT_READ or
SSL_ERROR_WANT_WRITE
then we call again till we get the connection established ? My understanding
was that we have to do SSL_accept on a connected socket so that SSL handshake
happens
separately(certificate/key exchange) and listen socket only receives
ClientHello, sends Helloverify Request and receives ClientHelloWithCookie.
In some examples on web we see that we do call SSL_accept() after DTLSv1_listen
returns with 1. But I looked at s_server.c in the openssl sources, it does not
even call DTLSv1_listen(). How do I understand this ?
I am confused here.
If some one can guide I would appreciate.
--Nilesh.
