I tried to get non-blocking DTLS working a while ago, but in order to
get a connection to work, I had to comment out the retransmission of
commands as described in the patch below.
Unfortunately, this breaks retransmission, so it's not really suitable
for distribution. But it at least gives a clue as to where to start
making fixes.
I tried asking the original author of DTLS support about this, but I
didn't get a response.
The patches below also include the ones that were needed to fix DTLS
support up to 0.9.8e. Hopefully those are part of 0.9.8h, and if they
are, then only the chunk that replaces "return
dtls1_retransmit_buffered_messages(s)" with "return -1".
__joe
diff -r openssl-clean-0.9.8e/ssl/d1_both.c openssl-0.9.8e/ssl/d1_both.c
728,735c728,735
< overlap = (s->init_num - DTLS1_HM_HEADER_LENGTH) - frag_off;
<
< /* retain the header for the first fragment */
< if ( s->init_num > DTLS1_HM_HEADER_LENGTH)
< {
< memmove(&(s->init_buf->data[s->init_num]),
< &(s->init_buf->data[s->init_num + DTLS1_HM_HEADER_LENGTH
+ overlap]),
< frag_len - overlap);
---
> if ( s->init_num > DTLS1_HM_HEADER_LENGTH)
> {
> s->init_num -= DTLS1_HM_HEADER_LENGTH;
> overlap = (s->init_num - DTLS1_HM_HEADER_LENGTH) - frag_off;
>
> memmove(&(s->init_buf->data[s->init_num]),
> &(s->init_buf->data[s->init_num + DTLS1_HM_HEADER_LENGTH +
overlap]),
> frag_len - overlap);
737,740c737,743
< s->init_num += frag_len - overlap;
< }
< else
< s->init_num += frag_len;
---
> s->init_num += frag_len - overlap;
> }
> else
> {
> overlap = 0;
> s->init_num += frag_len;
> }
974,975c977,987
<
< return dtls1_retransmit_buffered_messages(s) ;
---
> /*
> In non-blocking mode, this retransmit gets spammed, which freaks
out the server. Changing
> to always reporting the timeout fixes that case when no packets are
going to be lost, but
> I hesitate to claim it fixed, since it means that retransmits are
busted.
>
> What should happen is that the timeout and retransmits are somehow
application-managed
> in non-blocking modes, but I'm not sure where to start poking at
that. ask nagendra?
> */
> return -1;
> // int ret = dtls1_retransmit_buffered_messages(s) ;
> // return ret;
diff -r openssl-clean-0.9.8e/ssl/d1_pkt.c openssl-0.9.8e/ssl/d1_pkt.c
577a578
> rr->length = 0;
590a592
> rr->length = 0;
597a600
> rr->length = 0;
diff -r openssl-clean-0.9.8e/ssl/d1_srvr.c openssl-0.9.8e/ssl/d1_srvr.c
1012c1012,1013
<
---
> unsigned int msg_len;
>
1088c1089,1091
< /* XDTLS: set message header ? */
---
> msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
> dtls1_set_message_header(s, s->init_buf->data,
> SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len);
On Jun 16, 2008, at 18.41, Yong Zhang wrote:
Hi,
I have a program which is using DTLS blocking mode. And it works fine.
But I need to change it to non-blocking mode to port it to my
platform.
Can openssl DTLS support this?
I have tried to change the underlying sock to non-blocking mode. When
the SSL_connect is called, I can see using ethereal that the first
hello message were send out a lot of times. Is this normal behaviour?
or something wrong? When I only change the client to non-blocking, I
can connect to the server.
If I change both server and client to non-blocking, the server can
finish the handshake, but the client can not.
The one I am using is 0.9.8.a with the DTLS patch. But I have tried
the 0.9.8h, the result looks similar.
Thanks!
Yong
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
