Well passing the ret value from SSL_get_error() (which is 2) to
ERR_error_string() results in:
... error:00000002:lib(0):func(0):system lib ...
which is a system error isn't it? - hence my reasoning to try using
strerror().
Removing the timeout causes the socket to block and then DTLSv1_listen()
never returns. It looks like my client is connecting so I think half of
the handshake is working. Something is not right somewhere...
On 19/02/13 03:44, David Geib wrote:
You can't use strerror for OpenSSL errors. Look into ERR_get_error()
and ERR_error_string().
I think what's happening with your code is that you set a recv timeout
on the listen socket, so you listen for one second and then hit the
timeout and the socket returns EWOULDBLOCK/EAGAIN to OpenSSL which
causes OpenSSL to return SSL_ERROR_WANT_READ. So do whatever you
wanted to do if the timeout expired, or don't set one.
On Sun, Feb 17, 2013 at 7:40 PM, T J <jordan.tre...@gmail.com
<mailto:jordan.tre...@gmail.com>> wrote:
Hi
I'm have some problems getting a client to connect to a server
using DTLS. My code is based on Robin Seggelmann's DTLSv1 example
at fh-muenster.de <http://fh-muenster.de>. I'm implementing it on
a point-point network only (data connection between 2 radios), IP4
over udp so I've stripped it down a bit.
In my server, the return from DTLSv1_listen (which is based on
SSL_accept() I believe) is -1, and when I supply SSL_get_error
with the ssl and that return I get a value of 2. Passing that
value to strerror() returns "No such file or directory" but I
think that's a red herring and what really is going on is that the
return val of 2 means SSL_ERROR_WANT_READ - is this correct? If
so, what am I supposed to do about it - read something from the
underlying bio? If so, how do I find out how much is in the bio so
that I can make a call to BIO_read()?
Hopefully someone can see where I'm going wrong either in my code
or in my thinking...?
This is how I currently have my server:
int rcdh_startTlsServer(void)
{
int ret = 1, err = 0;
SOCKET hSock = 0,client_fd = 0;
SSL *ssl;
BIO *bio;
struct timeval timeout;
struct sockaddr_in client_addr,server_addr;
memset(&server_addr, 0, sizeof(struct sockaddr_storage));
memset(&client_addr, 0, sizeof(struct sockaddr_storage));
/* Open an UDP listening socket for this server*/
server_addr.sin_family = AF_INET;
server_addr.sin_addr.s_addr = htonl(INADDR_ANY);
server_addr.sin_port = htons(PEDH_PORT);
hSock = socket(AF_INET, SOCK_DGRAM, 0);
if (hSock < 0) {
printf("socket error\n");
}
bind(hSock, (const struct sockaddr *) &server_addr,
sizeof(struct sockaddr_in));
/* Create BIO */
bio = BIO_new_dgram(hSock, BIO_NOCLOSE);
/* Set and activate timeouts */
timeout.tv_sec = 1;
timeout.tv_usec = 0;
BIO_ctrl(bio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
/* Create a new SSL structure for this connection*/
ssl = SSL_new(sslctxBob);
if (ssl == NULL) {
printf( "Server: Error setting up SSL\n");
ret = 0;
}
SSL_set_bio(ssl, bio, bio);
printf("Server: Waiting for incoming connection...\n");
while ((ret = DTLSv1_listen(ssl, &client_addr)) <= 0)
{
if (ret <0)
{
err = SSL_get_error(ssl,ret);
printf("Server: SSL_accept ret=%d, error %d:\"%s\"
\n",ret,err,strerror(err)); //***
if (err == 2)
{
//do something about SSL_ERROR_WANT_READ
}
}
}
printf("Server: ret=%d. received connection attempt from
%x:%d.\n",ret,client_addr.sin_addr.s_addr,client_addr.sin_port);
}
It never gets to the last printf() and the output from *** is :
Server: SSL_accept ret=-1, error 2:"No such file or directory"
repeated about every second...
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
<mailto:openssl-users@openssl.org>
Automated List Manager majord...@openssl.org
<mailto:majord...@openssl.org>
