[racket-users] ports->ssl-ports issues, plus DTLS question

[David Storrs]

We are trying to use TLS (or, more specifically, DTLS) over UDP.  In order
to do this we create an input-port?/output-port? pair via make-pipe and
then run the pair through ports->ssl-ports.  The handshake this causes is
failing and therefore the whole process hangs and the ports don't get
converted.  We have a couple questions:

1) Does the Racket openssl library (i.e. (require openssl)) implement DTLS?

2) What might be causing the failure?  (Hopefully) minimal code is below;
we have been banging our heads on it and could use some advice.


; Pseudo code, simplified from live code and not tested

(define server-ctx (ssl-make-server-context 'tls12))
(ssl-load-certificate-chain!      server-ctx pem)
(ssl-load-private-key!            server-ctx pem)
(ssl-server-context-enable-ecdhe! server-ctx 'secp521r1)

(define client-ctx (ssl-make-client-context 'tls12))
(ssl-set-ciphers! client-ctx "ECDHE-RSA-AES128-SHA256")

(define rx-in-ch  (make-async-channel))
(define sock (udp-open-socket))
(udp-bind! sock ...)

(define-values (rx-in1 rx-out1) (make-pipe size))
(define-values (tx-in1 tx-out1) (make-pipe size))

(define-values (rx-in tx-out)
   (ports->ssl-ports rx-in1 tx-out1
                    #:mode               'accept
                    #:context            server-ctx
                    #:close-original?    #t
                    #:shutdown-on-close? #t))

; the 'connect version is elided for brevity



;;;  Rx
; sync on the UDP socket.  When data is received, async-channel-put it onto
rx-in-ch.
; sync on rx-in-ch.  When data is received, write it onto rx-out port from
make-pipe
; sync on rx-in port from make-pipe.  When data is received it will be
processed by a handler function

;;; Tx
; the handler function writes to tx-out
; sync on tx-in.  When data is received, a handler will udp-send-to onto
the UDP socket

-- 
You received this message because you are subscribed to the Google Groups 
"Racket Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to racket-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/racket-users/CAE8gKocmTjS6s9WD_LfiOD4cMPNg4MwXybKR%3DhjYETg%3D7z2m1g%40mail.gmail.com.