DTLS multiple peer issue on shutdown

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

DTLS multiple peer issue on shutdown

Grace Priscilla Jero
Hi All,

We are having a issue during ssl_shutdown using multiple clients.

We have a 2 SSL associated with a socket via 2 BIO's for 2 peers on the server. When oen of the peer issues a ssl_shutdown, the alert is lost as the SSL_read or the SSL_peek operating during that time for the other peer does not return 0. Is there a way to resolve this issue?

Thanks,
Grace

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: DTLS multiple peer issue on shutdown

OpenSSL - User mailing list

Two SSL objects sharing the same socket?  That doesn’t work.  Or did you mean something else?

 


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: DTLS multiple peer issue on shutdown

Grace Priscilla Jero
Hi Rich,

We are using DTLS over UDP and are using different SSL(different peer) for the same server socket.
It is successfully able to receive the message from both peers without any issue with the different SSL. We have used the peer ports as the identifier for the peers.
But during shutdown we are facing issue as the alert is being issued is not processed at server as the SSL_peek or SSL_read does not return zero.

Thanks,
Grace

On Thu, Feb 1, 2018 at 6:43 PM, Salz, Rich via openssl-users <[hidden email]> wrote:

Two SSL objects sharing the same socket?  That doesn’t work.  Or did you mean something else?

 


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: DTLS multiple peer issue on shutdown

OpenSSL - User mailing list

Doesn’t shutdown close the socket?

 


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: DTLS multiple peer issue on shutdown

Grace Priscilla Jero
The shutdown does not close the socket. The peer close is not intimated to server when there are 2 peers to the server and the server is serving the other peer.

Thanks,
Grace
On Thu, Feb 1, 2018 at 9:05 PM, Salz, Rich <[hidden email]> wrote:

Doesn’t shutdown close the socket?

 



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: DTLS multiple peer issue on shutdown

OpenSSL - User mailing list

Sorry, then, I’ve exhausted my knowledge-base.  Hopefully others will have more.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: DTLS multiple peer issue on shutdown

Grace Priscilla Jero
Hi All,

Can someone assist from openssl on this issue.

To be more elaborate:

We are using SSL_peek followed by BIO_dgram_get_peer to get the peer port infomation.
When we pass incorrect ssl value to SSL_peek it gives the correct peer information while using  BIO_dgram_get_peer but any operation after this on SSL_peek always returns -1 with errno 11 set.
Even though the right SSL is given in the subsequent call.

Any help is appreciated.

Thanks,
Grace

On Fri, Feb 2, 2018 at 12:05 AM, Salz, Rich <[hidden email]> wrote:

Sorry, then, I’ve exhausted my knowledge-base.  Hopefully others will have more.



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users