Hi, Great to see DTLS is here. However, I can't seem to find any documentation about how to use it. The s_client app seems to have DTLS capability, but it uses a dgram BIO and not a memory BIO.
What I'm doing currently is reading all data out of my outbound memory BIO anytime I write plaintext with SSL_write(). Since DTLS is supposed to work with single packets, I assume the entire content of the memory BIO is a single packet ready for transmission via UDP. This assumption seems to be correct for the most part: if I create two packets, and send just one of them, then the packet sent is received properly. However, there are some problems: 1) If I send the first-created packet followed by the second, it works fine (I receive the first, then the second). However, if I send the second-created followed by the first, then I receive the second packet and then some garbage data. I'm guessing this is a bug in openssl, but perhaps I'm doing something wrong. 2) With a memory BIO, it is unclear where the packet boundaries are during a handshake. Is it possible that openssl might have two packets waiting for me after a single call to SSL_do_handshake() ? 3) As I understand it, the handshake requires extra logic on my part, to handle any retransmissions. So how do I perform this job? How do I know when a packet failed to transmit? How do I know which packets to resend? Does openssl give them to me again when I do a BIO_read or am I supposed to keep track of them? How do I know when to perform resends? Nagendra's PDF refers to a DTLS1_get_timeout() function, but this does not exist in openssl. This process really needs to be explained somewhere. If there are any other hints or things I should be aware of, please share. Thanks, -Justin ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
