On Sep 8, 2009, at 8:26 PM, Robin Seggelmann via RT wrote: > > Am 08.09.2009 um 19:59 schrieb Stephen Henson via RT: > >>> [[email protected] - Tue Sep 08 18:31:29 2009]: >>> >>> That's just a simple example. If you use blocking sockets, it >>> doesn't >>> return until a ClientHello with a valid cookie has been received >>> (returns 1) or an error occurred (returns 0). If you use non- >>> blocking >>> sockets, it always returns 0 on EAGAIN, so you can use select() to >>> only call it when there's data to process and it will return as soon >>> as there is nothing left. >>> >> >> Is there some reason you only return 0, 1 from the ctrl? I'm >> wondering >> why you can't just return the return value of SSL_accept() (is <= 0) >> for >> consistency with similar calls. > > Well, I was thinking of just making a difference between valid > ClientHello received and everything else. Just returning the return > value of SSL_accept() would be ok in case it's <= 0. Otherwise it > returns 2 to differentiate the premature handshake routine exit > because of listen from the regular handshake ending. So, also for > consitency, the listen call should not return 2 but 1 then. However, > when using listen the handhsake routine should never exit with 1, > indicating a successful handshake. I'll submit an updated version of > the patch tomorrow.
Here's an updated version of the patch:
--- ssl/d1_lib.c 12 Aug 2009 17:30:36 -0000 1.16
+++ ssl/d1_lib.c 3 Sep 2009 09:59:22 -0000
@@ -203,6 +203,9 @@
case DTLS_CTRL_HANDLE_TIMEOUT:
ret = dtls1_handle_timeout(s);
break;
+ case DTLS_CTRL_LISTEN:
+ ret = dtls1_listen(s, parg);
+ break;
default:
ret = ssl3_ctrl(s, cmd, larg, parg);
@@ -364,3 +367,17 @@
gettimeofday(t, NULL);
#endif
}
+
+int dtls1_listen(SSL *s, struct sockaddr *client)
+ {
+ int ret;
+
+ SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
+ s->d1->listen = 1;
+
+ ret = SSL_accept(s);
+ if (ret <= 0) return ret;
+
+ BIO_dgram_get_peer(SSL_get_rbio(s), client);
+ return 1;
+ }
--- ssl/d1_srvr.c 5 Jun 2009 14:59:26 -0000 1.25
+++ ssl/d1_srvr.c 3 Sep 2009 09:59:22 -0000
@@ -279,6 +279,15 @@
s->state = SSL3_ST_SW_SRVR_HELLO_A;
s->init_num=0;
+
+ /* If we're just listening, stop here */
+ if (s->d1->listen && s->state ==
SSL3_ST_SW_SRVR_HELLO_A)
+ {
+ ret = 2;
+ s->d1->listen = 0;
+ goto end;
+ }
+
break;
case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
--- ssl/dtls1.h 17 Jun 2009 11:37:44 -0000 1.21
+++ ssl/dtls1.h 3 Sep 2009 09:59:22 -0000
@@ -212,6 +212,9 @@
*/
record_pqueue buffered_app_data;
+ /* Is set when listening for new connections with dtls1_listen() */
+ unsigned int listen;
+
unsigned int mtu; /* max DTLS packet size */
struct hm_header_st w_msg_hdr;
--- ssl/ssl.h 26 Aug 2009 11:51:57 -0000 1.231
+++ ssl/ssl.h 3 Sep 2009 09:59:22 -0000
@@ -1398,11 +1398,14 @@
#define DTLS_CTRL_GET_TIMEOUT 73
#define DTLS_CTRL_HANDLE_TIMEOUT 74
+#define DTLS_CTRL_LISTEN 75
#define DTLSv1_get_timeout(ssl, arg) \
SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
#define DTLSv1_handle_timeout(ssl) \
SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL)
+#define DTLSv1_listen(ssl, peer) \
+ SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer)
#define SSL_session_reused(ssl) \
SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
dtls-listen.patch
Description: Binary data
