The example is helpful, but it isn't clear to me when/how the DTLS
session is established. In the _read function it appears that the
session may be setup either during BIO_dgram_set_peer or SSL_set_bio.
Furthermore, it seems that the DTLS clienthello datagram is now sitting
in the memory buffer. This implies that the function must block until
the peer times out and resends the clienthello. It also seems to
stipulate that the next datagram must be the lost clienthello and not a
datagram from another dtls session. Is this correct?
Thanks,
Jeremy
Marek Marcola wrote:
Hello,
Interesting,
Two more questions.
1. Which callback should be used to perform a specific action after a
DTLS session is setup. SSL_CTX_set_verify looks like a possibility. Is
it called again when the the DTLS session is renegotiated?
If you want to write your own verification function - yes.
On renegotiation callback function is called again unless
SSL_VERIFY_CLIENT_ONCE is set - then when renegotiation occurs no client
verification is performed.
2. Can you offer any suggestions about how to de-multiplex multiple DTLS
sessions terminating on the same UDP port?
In DTLS there is no support for "appications" using the same IP port
(like, for example, in RDP - reliable data protocol which offers
reliable data transfer over datagram protocol).
But there are some solutions:
- if you write your own client/server application you may do session
management like tftp does - when tftp client connects to tftpd
daemon some socket/port>1024 is allocated for this client on server
side and next data exchange between server and this client
is carried on this socket - one client - one socket
(ease to implement).
- you may use some BIO_*_mem()/BIO_*_dgram() chaining, very good
example you may find in Resiprocate project at:
http://scm.sipfoundry.org/viewsvn/resiprocate/main/resip/stack/
in files DtlsTransport.cxx, DtlsTransport.hxx.
Best regards,
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
