Hi Yogesh, I have had a look at your modifications. There are some minor mistakes, but I was also able to find a bug in OpenSSL, for which patch #2555 is submitted.
I have made some small changes to your code, but haven't revised everything. Most important is the timer handling, which does not work the way you did it. Check the SSL_connect() part of the client, I have changed that to make use of DTLSv1_get_timeout() and DTLSv1_handle_timeout() correctly. Best regards Robin On Jul 6, 2011, at 1:10 AM, Yogesh Chopra wrote: > Hi Robin, > I am using DTLSv1_listen() and calling it repeatedly the > difference (I believe) is I am using non-blocking sockets. Please > find attached the sample program from sctp.fh-muenster.de modified for > non-blocking sockets using select that demonstrates this problem. > > You can compile the program using: > > gcc dtls_udp_echo.c -o server -I openssl-1.0.0d/include -l pthread -l > dl openssl-1.0.0d/libssl.a openssl-1.0.0d//libcrypto.a > > and to run this use instructions below: > > On the server: > > ./server -s -L 10.10.100.116 -p 6666 -V > > On the client > > ./server -r 10.10.100.116 -L 0.0.0.0 -p 6666 -v -l 1400 -n 10 > > > Thanks, > -Yogi > > > > On Sat, Jul 2, 2011 at 2:05 AM, Robin Seggelmann > <seggelm...@fh-muenster.de> wrote: >> Hi Yogesh, >> >> On 01.07.2011, at 00:59, Yogesh Chopra wrote: >> >>> The setup is same as before (where traffic from server is blocked to >>> client). The Server responds only once with a HELLO_VERIFY response >>> for a HELLO request and then never sends a HELLO_VERIFY response for >>> subsequent CLIENT HELLO messages >>> >>> CLIENT SERVER >>> HELLO ---> >>> HELLO_VERIFY (For >>> First request) >>> >>> Post first request >>> >>> HELLO ---> >>> There is no response from >>> SERVER >> >> I tried to reproduce this behavior, but my DTLS programs (available on >> sctp.fh-muenster.de) behave as expected. The server responds to every >> ClientHello with a HelloVerifyRequest, which will be dropped due to a >> firewall policy. The client keeps repeating until I remove the fw policy, >> after which the handshake will be completed immediately. >> >> It is possible that your application does not handle this correctly? Are you >> using DTLSv1_listen() and call it again and again until it returns 1? That >> may not be the case, because the second ClientHello as a response to a >> HelloVerifyRequest is necessary for this call to return successfully, before >> you can create a new socket for the new connection and complete the >> handshake for it. Please have a look at the programs on our website. >> >> Maybe you can provide an excerpt of your code which handles incoming >> connections. >> >> Best regards >> Robin >> >> >> >> >> >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> Development Mailing List openssl-dev@openssl.org >> Automated List Manager majord...@openssl.org >> > <dtls_udp_echo.c>
dtls_udp_echo.c
Description: Binary data
