Hi, I'm using OpenSSL to create a VPN software based on the DTLS implementation of it. The source is available here: http://vpmn.googlecode.com/svn/trunk/src/
My application is currently using pthreads and I use a mutex for every SSL object, locking it before every SSL_* function call. There are a collection of threads for sending (tunsrv.c) and another collection of threads for receiving (udpsrv.c). And all openssl related code is in file udpsrvdtls.c I send an IP packet in a single SSL_write, trying to optimize the protocol, and assuming that it will arrive as I write, and always starting with an IP header. I use a BIO_dgram for openssl writes, and a BIO_pair for openssl reads, since the server share the same UDP port for different clients. The VPN application has no problems when low traffic, I tried by using pings. When trying to start TCP connection or high traffic, and at random time, the OpenSSL function SSL_read returns -1 with SSL_WANT_READ, and after this error there are no way to receive the data blocs as suppose to be. I suppose when I SSL_write a bloc of data the SSL_read should return the same bloc. So if a paquet is lost, there are only the offset applied in the flow of the lost packets from SSL_write. Reading the code of openssl I found that in the case of DTLS, that is datagram oriented, it should be like I said before. So doesn't seam to be a problem. I suppose that SSL_WANT_READ could be for a TLS renegotiation, but event in that case why I start to receive strange data. I can't find if there are an strange offset in data blocs or is really random data, but it seams that the length of the received data is the correct form the original blocs. So the SSL_write doesn't write entirely into a single record? It is at maximum 1500 bytes (MTU) and I disabled DF bit from UDP channel, so UDP packets are fragmented when are big enough. Thanks for your opinion. And supposing that there no solution: How can I know which offset is applied in the internal buffers when a strange phenom like that appears? Thanks for the replies. Pau PD: the software still beta, if there are some license issue related with OpenSSL license I have no problems in change it. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
