You can't use strerror for OpenSSL errors. Look into ERR_get_error()
and ERR_error_string().
I think what's happening with your code is that you set a recv
timeout on the listen socket, so you listen for one second and then
hit the timeout and the socket returns EWOULDBLOCK/EAGAIN to OpenSSL
which causes OpenSSL to return SSL_ERROR_WANT_READ. So do whatever
you wanted to do if the timeout expired, or don't set one.
On Sun, Feb 17, 2013 at 7:40 PM, T J <jordan.tre...@gmail.com
<mailto:jordan.tre...@gmail.com>> wrote:
Hi
I'm have some problems getting a client to connect to a server
using DTLS. My code is based on Robin Seggelmann's DTLSv1
example at fh-muenster.de <http://fh-muenster.de>. I'm
implementing it on a point-point network only (data connection
between 2 radios), IP4 over udp so I've stripped it down a bit.
In my server, the return from DTLSv1_listen (which is based on
SSL_accept() I believe) is -1, and when I supply SSL_get_error
with the ssl and that return I get a value of 2. Passing that
value to strerror() returns "No such file or directory" but I
think that's a red herring and what really is going on is that
the return val of 2 means SSL_ERROR_WANT_READ - is this correct?
If so, what am I supposed to do about it - read something from
the underlying bio? If so, how do I find out how much is in the
bio so that I can make a call to BIO_read()?
Hopefully someone can see where I'm going wrong either in my code
or in my thinking...?
This is how I currently have my server:
int rcdh_startTlsServer(void)
{
int ret = 1, err = 0;
SOCKET hSock = 0,client_fd = 0;
SSL *ssl;
BIO *bio;
struct timeval timeout;
struct sockaddr_in client_addr,server_addr;
memset(&server_addr, 0, sizeof(struct sockaddr_storage));
memset(&client_addr, 0, sizeof(struct sockaddr_storage));
/* Open an UDP listening socket for this server*/
server_addr.sin_family = AF_INET;
server_addr.sin_addr.s_addr = htonl(INADDR_ANY);
server_addr.sin_port = htons(PEDH_PORT);
hSock = socket(AF_INET, SOCK_DGRAM, 0);
if (hSock < 0) {
printf("socket error\n");
}
bind(hSock, (const struct sockaddr *) &server_addr,
sizeof(struct sockaddr_in));
/* Create BIO */
bio = BIO_new_dgram(hSock, BIO_NOCLOSE);
/* Set and activate timeouts */
timeout.tv_sec = 1;
timeout.tv_usec = 0;
BIO_ctrl(bio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
/* Create a new SSL structure for this connection*/
ssl = SSL_new(sslctxBob);
if (ssl == NULL) {
printf( "Server: Error setting up SSL\n");
ret = 0;
}
SSL_set_bio(ssl, bio, bio);
printf("Server: Waiting for incoming connection...\n");
while ((ret = DTLSv1_listen(ssl, &client_addr)) <= 0)
{
if (ret <0)
{
err = SSL_get_error(ssl,ret);
printf("Server: SSL_accept ret=%d, error %d:\"%s\"
\n",ret,err,strerror(err)); //***
if (err == 2)
{
//do something about SSL_ERROR_WANT_READ
}
}
}
printf("Server: ret=%d. received connection attempt from
%x:%d.\n",ret,client_addr.sin_addr.s_addr,client_addr.sin_port);
}
It never gets to the last printf() and the output from *** is :
Server: SSL_accept ret=-1, error 2:"No such file or directory"
repeated about every second...
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
<mailto:openssl-users@openssl.org>
Automated List Manager majord...@openssl.org
<mailto:majord...@openssl.org>
