On Jul 20, 2011, at 12:10 AM, Kenneth Robinette wrote: > The statement "PS: I'm actually surprised that you got that far on > Windows, since we NEVER tested any line of the DTLS code on any kind of > Windows" is quite disturbing. > > Is DTLS code contained in production OpenSSL versions? If so, what else is > in OpenSSL that has never been tested It is, but we are providing patches to fix bug in DTLS we find or others are reporting and developed DTLS/SCTP. DTLS/SCTP is currently supported in FreeBSD, Mac OS X and Linux. We hope that the DTLS/SCTP code will be accepted for an upcoming version. Windows is neither our focus nor our field of expertise. Therefore we did not test the DTLS code until people reported Windows specific bugs. The known bugs in the DTLS code of OpenSSL are fixed, however, we can't fix Windows...
I don't know how much Windows testing the guy did, who provided the initial implementation of DTLS. Best regards Michael > on all systems supported by OpenSSL? > > --- On Tue, 7/19/11, Michael Tüxen <michael.tue...@lurchi.franken.de> wrote: > >> From: Michael Tüxen <michael.tue...@lurchi.franken.de> >> Subject: Re: DTLSv1_listen unable to accept second client on windows (This >> works on Linux) >> To: openssl-dev@openssl.org >> Date: Tuesday, July 19, 2011, 2:22 PM >> On Jul 19, 2011, at 12:55 AM, Yogesh >> Chopra wrote: >> >>> Hi, >>> Please find attached Samples.tgz file which contains >> sample code >>> and binaries that you can use to reproduce the problem >> reported. Here >>> is a brief summary of the included files: >>> >>> Samples/ >>> ├── Linux >>> │ >>> │ ├── dtls_udp_echo.c >>> │ └── Make.sample >>> └── Windows >>> └── dtls.zip >>> >>> >>> You can run the client program on a Linux host. >>> Using usage below where -p represents ports and -n >> represents packets to send >>> ./client -r 10.10.100.116 -L 0.0.0.0 -p 23232 -v -l >> 1400 -n 100 >>> >>> You can run 2 -3 client instances from the same host >> (or different host) >>> >>> >>> The windows source code, VC project files are included >> in >>> Samples/Windows/dtls.zip >>> The server listens by default on port 23232 >>> >>> You can run the server binary from >> dtls\windows\vc_proj\Debug\dtls.exe >>> (All server certs are already included in Debug >> directory) >>> >>> >>> As reported earlier, the problem is server does not >> accept any new >>> client connections until a client connection is being >> processed. >>> >>> (You can compile the same windows server >> simple_dtls_udp_server.c on >>> linux too using the Make.sample instructions and see >> that this is not >>> an issue on Linux). >>> >>> I had to remove binaries (linux and windows) due to >> size limitations >>> for post messages. >>> >>> Note: Please refer to this link from Microsoft >>> http://msdn.microsoft.com/en-us/library/ms740621%28v=vs.85%29.aspx >> Reading this in combination with >> http://msdn.microsoft.com/en-us/library/system.net.sockets.udpclient.exclusiveaddressuse.aspx#Y617 >> (First sentence after Remarks) it seems that you simply >> can't >> build a UDP based server using multiple connected socket. >> The problem is not limited to the listen() stuff, even if >> you decide not to use the listen() stuff, DTLS in OpenSSL >> uses connected UDP sockets. Hmm. I've never seen this kind >> of limitation on any Unix system. >> So I suggest to use a non-Windows system for the server >> side, >> most likely a wise decision anyways... >>> >>> This may be a problem in general on windows on using >> SO_REUSEADDR. >>> >>> If there are any known workarounds or alternatives we >> can use that >>> will be great. >> The workaround is to use an operating system with a proper >> IP stack, >> aka a Unix like system. >> >> Best regards >> Michael >> >> PS: I'm actually surprised that you got that far on >> Windows, since we >> NEVER tested any line of the DTLS code on any >> kind of Windows. >>> >>> -Yogi >>> <Samples.tgz> >> >> ______________________________________________________________________ >> OpenSSL Project >> >> http://www.openssl.org >> Development Mailing List >> openssl-dev@openssl.org >> Automated List Manager >> >> majord...@openssl.org >> > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
