Hi All, Below is our scenario on DTLS.
We have multiple connections to the same server. We have mapped one fd to the ssl in the server to receive all connections. Whenever a connect is initiated from any client we need to know if it is already connected client or a new client. We are doing this by - creating bio/ssl each time a polling happens on the server fd - fetching the peer using BIO_dgram_get_peer after ssl_accept - Comparing it to the internally maintained list of peer - If it is a new peer we continue with handshake but if it is old peer we do the ssl_read. The problem is that there are 2 bio/ssl that gets created for the same fd(when there are 2 clients) and the peer end up writing to latest of them and we don't get the message on the intended ssl. Hence we are checking for a way to detach and remove the ssl/bio that gets created in already connected cases. Any help is appreciated. Any APIs available to close up the 2nd ssl associated with the fd. ssl_clear and ssl_free does not work. Thanks, Grace On Thu, Jan 11, 2018 at 6:30 PM, Michael Richardson <m...@sandelman.ca> wrote: > > Grace Priscilla Jero <grace.prisci...@gmail.com> wrote: > > We are having a scenario wherein we are having 2 BIOs for DTLS > > attached to the same fd. Each BIO has a different SSL associated with > > it. The messages are getting written to different BIO each time and > we > > are trying to resolve it. > > > Is there a API or any way to detach one of the BIO/SSL from the fd > for > > DTLS? > > No. How did you get into that situation in the first place? > My belief is that the DTLS API is suitable for (Secure)RTP only, and not > for > CoAP-type usage. (or other DTLS server end-point usage) > > According to some source code comments, you should have called connect() on > the socket after the first connection was received, and then (or > previously... there are race conditions either way), opened a new > socket. > > I ran into this, and I wound up creating a new API, which is in a pull > request: > https://github.com/openssl/openssl/pull/5024 > https://github.com/mcr/openssl/tree/dtls-listen-refactor > > Sadly, the new test case I wrote is not running consistently, which I'm > still > debugging. > > -- > ] Never tell me the odds! | ipv6 mesh > networks [ > ] Michael Richardson, Sandelman Software Works | network > architect [ > ] m...@sandelman.ca http://www.sandelman.ca/ | ruby on > rails [ > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > >
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
