Hi Matt, Yes I raised github case for the same issue. I also tried running this call flow with the latest SNAPSHOT code (openssl-SNAP-20170419) and handshake is successful with the latest SNAPSHOT code which is not an official release.
I checked the github repo history and observer that during commits on (11 th Jan) as a part of "Move state machine knowledge out of the record layer". "renegotiate" bit that is set to "2" in function "tls_post_process_client_hello" has been removed. May be that is causing the call flow to be successful in the latest SNAPSHOT release. I am assuming commits that are done on 11th Jan or later are not part of release openssl 01.01.00e Thanks, Mahesh G S On Wed, Apr 19, 2017 at 6:56 PM, Matt Caswell <m...@openssl.org> wrote: > For those following this discussion Mahesh has created a github issue > with much more detail (at least I am assuming this is the same issue): > > https://github.com/openssl/openssl/issues/3251 > > Matt > > > On 18/04/17 21:17, Michael Tuexen wrote: > >> On 13. Apr 2017, at 11:11, mahesh gs <mahesh...@gmail.com> wrote: > >> > >> Hi, > >> > >> We are running SCTP connections with DTLS enabled in our application. > We have adapted openssl version (openssl-1.1.0e) to achieve the same. > >> > >> We have generated the self signed root and node certificates for > testing. We have a strange problem with the incomplete DTLS handshake if we > run the DTLS client and DTLS server is different systems.If we run the DTLS > client and server in same system handshake is successful, handshake is not > successful if run client and server in different VM's. > >> > >> This strange problem happens only for SCTP/DTLS connection. With the > same set of certificates TCP/TLS connection is successful and we are able > to exchange the application data. > >> > >> I am attaching the code bits for SSL_accept and SSL_connect and also > the wireshark trace of unsuccessful handshake. Please assist me to debug > this problem. > >> > >> SSL_accept returns SSL_ERROR_WANT_READ(2) infinite times but > SSL_connect is called 4 or 5 times and select system call timeout. > > Which OS are you using? With a test program I could reproduce > SSL_accept() returning SSL_ERROR_WANT_READ under FreeBSD, > > but not under Linux. Haven't figured out what the problem is. So if you > are using FreeBSD we might experience the same problem... > > > > Best regards > > Michael > >> > >> Thanks, > >> Mahesh G S > >> > >> > >> <testcode.txt><proxy.cap>-- > >> openssl-users mailing list > >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
