Hi Michael, Please ignore the previous mail. By mistankely it got sent. I have provided my comments below.
Thanks in advance. Regards, Nivedita On Wed, Feb 14, 2018 at 10:22 AM, Nivedita <maddi.nived...@gmail.com> wrote: > Hi Michael, > > Thanks for the reply. > > I have mentioned the answers below. > > > On Wed, Feb 14, 2018 at 12:21 AM, Michael Richardson <m...@sandelman.ca> > wrote: > >> From: Michael Richardson <m...@sandelman.ca> >> To: openssl-users@openssl.org >> Subject: Re: [openssl-users] DTLS over UDP >> In-Reply-To: <CACS8YK320Z=e8wc7ybt6hc0jq7i6kzlmecfyl0so23aznns...@mail.gm >> ail.com> >> References: <CACS8YK320Z=e8wc7ybt6hc0jq7i6kzlmecfyl0so23aznns...@mail.gm >> ail.com> >> X-Mailer: MH-E 8.6; nmh 1.7-RC3; GNU Emacs 24.5.1 >> X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0 >> ;<'$9xN5Ub# >> z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k >> MIME-Version: 1.0 >> Content-Type: multipart/signed; boundary="=-=-="; >> micalg=pgp-sha256; protocol="application/pgp-signature" >> Date: Tue, 13 Feb 2018 13:51:10 -0500 >> Message-ID: <10616.1518547...@obiwan.sandelman.ca> >> >> --=-=-= >> Content-Type: text/plain >> >> >> Nivedita <maddi.nived...@gmail.com> wrote: >> > I am trying to establish DTLS over UDP connection by using >> > DTLSv1_listen method . >> >> > I have followed the below steps - 1. Created a server socket and >> using >> > this socket created bio and ssl object. bio = >> > BIO_new_dgram(VI_sock,BIO_NOCLOSE)) SSL_set_bio(ssl,VP_bio,VP_bio); >> >> > 2. Enable cookie exchange on SSL object. SSL_set_options(ssl, >> > SSL_OP_COOKIE_EXCHANGE); >> >> > 3. Then started listening using dtlsv1_listen for the new client >> > connections. Once dtlsv1_listen is successful and i got the peer >> > address. >> >> okay. >> > Nivedita- Here the ssl object is created on the server socket and same ssl is passed to dtlsv1_listen method. > > Nivedita- All the above mentioned steps i am doing on server side . On > the client side i have already initiated ssl_connect. > On the server side when i am listening using > dtlsv1_listen method - > > while ( VI_res= DTLSv1_listen(VP_ssl, &VS_client_addr) > <= 0); > Now i got the client_addr from dtlsv1_listen method. > > >> > 4. Once i got the client address , i am creating one new socket >> > 5. With the new socket i tried to connect to client address. >> >> Do you mean, you call "SSL_connect()"? >> Or do you mean you bind(2) and connect(2) the socket. >> > Nivedita- Once i got the client address from dtlsv1_listen, i am creating one more socket , tried to connect the client address, which i have got in dtlsv1_listen method Vi_res= connect(new sockid, client_addr, sizeof (client addr)); > >> > 6. Then i am trying to do ssl_accept on the new socket by calling >> > bio_set_fd. >> >> > BIO_set_fd(SSL_get_rbio(ssl),VI_new_sock_id,BIO_NOCLOSE); >> >> > BIO_ctrl(SSL_get_rbio(VP_ssl),BIO_CTRL_DGRAM_SET_CONNECTED, 0, >> > &client_addr); >> >> > SSL_set_fd(ssl,VI_newsock_id); >> >> So, SSL_set_fd() will allocate a ne bio, which probably undoes the effect >> of calling BIO_CRTL_DGRAM_SET_CONNECTED. Since you have set the fd of >> the existing BIO, I think you can omit that line. >> >> Nivedita - I have removed SSL_set _fd and tried by doing BIO_set_fd and Bio_ctrl, but still ssl_accept always returns -1 and with error code of 2. VI_res = BIO_set_fd(SSL_get_rbio(VP_ ssl),VI_new_sock_id,BIO_NOCLOSE); VI_res = BIO_ctrl(SSL_get_rbio(VP_ssl),BIO_CTRL_DGRAM_SET_CONNECTED, 0, &client_addr); SSL_set_accept_state(VP_ssl); VI_res = SSL_accept(ssl); This ssl object is the same one which we have passed in dtlsv1_listen method. Actually i am trying to do the ssl_accept on the different socket for every client, even though dtlsv1_listen happens on server socket. Could you please let me know if it is possible. > > VI_res = SSL_accept(ssl); >> >> > But ssl_accept will always return error code 2 [ i.e want read or >> want >> > write] >> >> > But if i am doing ssl_accept without doing the step no 6 it it will >> be >> > successful. >> >> Yes. >> >> > Could someone please let us know how to switch to newly created >> socket, >> > so that it can start using newly created socket for further read and >> > write operations and original server socket will keep on listening >> for >> > new connections. >> >> Do you expect additional connections on the existing socket? >> I've been working on some new API to make this all easier. >> >> Nivedita - Yes, we have multiple peers which try to connect to same server,so in that case i need different sockets for listening operations and one for read/write operations [one for client] Your method may fail if you have bound your "listen" to :: (0.0.0.0), >> and you have multiple IPs. In my case, I expect connections over IPv6 LL >> addresses, and there are always multiple of those, and ifindex issues as >> well. >> >> -- >> ] Never tell me the odds! | ipv6 mesh >> networks [ >> ] Michael Richardson, Sandelman Software Works | network >> architect [ >> ] m...@sandelman.ca http://www.sandelman.ca/ | ruby on >> rails [ >> >> >> --=-=-= >> Content-Type: application/pgp-signature; name="signature.asc" >> >> -----BEGIN PGP SIGNATURE----- >> >> iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAlqDM54ACgkQgItw+93Q >> 3WW8Lgf7BwdHZbo22nUphMoVOgBek6qciLPJsa7ggwx6y/pP6kvQX/3bMn4fCx8t >> 1H/LaTX2xgw8Incz/8RL4kkhfziDYUQJ5oe4cd4b4KIQuTLRLVELFw5RbNX4hmvx >> tGd+KK2LMshcw/0+d/pAVtJpUdriHxKtMa3OQ7Tc+Lnqm338FRIhhqxi9/7IljW+ >> KA+vYcsCcLIpnlHfB5JfKR0N9S2ga7cUPCi4u/PRAZqTXuet4IPqxJLDVuNwCH8/ >> sbh/yYhFGSPOQG/c0ZaE1TDkcwYeE/lpcofkRdi+FNgBlUtZd9XGag5BW/lA3Rd7 >> IOCLfEDZENxWk2ki+PhDFwam5QO/Vw== >> =v5TB >> -----END PGP SIGNATURE----- >> --=-=-=-- >> > > >
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users