Hello,
thank you for your help. I tried to use the BIO as I have been advised.
I found in a man page, an example to use the BIO pair. But I get an error:
"16384:error:20067079:BIO routines:BIO_ctrl:unsupported method:bio_lib.c:314:"
After a look at the source code, I thought it could be something in relation of the uncommon structure of L2CAP layer/ Bluez inplementation.
Then I tried to build my own BIO chain.
What I do is:
creation of the connection with a L2CAP socket
creation of a BIO socket over the last one
client = BIO_new_socket(bt_socket, BIO_NOCLOSE);
creation of the BIO ssl
acc = BIO_new_ssl(ctx,0);
I link to the last BIO, using push
BIO_push(client, acc)
If I do not use push in the other way, then I get an error stating that the BIO_read is not set:
"16384:error:140950D3:SSL routines:SSL3_READ_N:read bio not set:s3_pkt.c:200:"
then,
BIO_push(acc, client)
Then the channel should be ready... So I call BIO_do_handshake(acc).
If I set the L2CAP socket non-blocking, then it crashes with an empty error message.
With blocking mode, it waits for someone beginning the connection.
I have the same structure on the client side. When I launch it, then it sends a first packet (hcidump shows that it arrives on the server side), and then wait, and the server does not seem to be willing to react...
If I use a simple write() on the BIO socket on the client side instead of the call for the handshake, then on the server side I get an error:
"16384:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:297:"
so the packet reaches the BIO ssl.
So I cannot figure out why the handshake hangs up like that. Why the server is not reacting, or answering.
Does anybody have an idea?
Thanks
Ronan
Dr. Stephen Henson wrote:
On Thu, Feb 26, 2004, Ronan Daniellou wrote:
Hello everyone,
did anybody already use SSL/TLS over a non TCP-UDP/IP socket successfuly?
You can't use SSL/TLS over UDP due to its unrealiable nature though a draft standard is being discussed in the ietf-tls mailing list to allow SSL/TLS use over UDP. OpenSSL doesn't support it though.
It is possible to use SSL/TLS over any reliable transport. To do this with OpenSSL you can either write a custom BIO (to perform the I/O) or use a BIO pair (in which case you perform the I/O manually in the application).
Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
