DTLS over UDP

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

DTLS over UDP

Nivedita
Hi All,

I am trying to establish  DTLS over UDP connection  by using DTLSv1_listen method .

I have followed the below steps -
1. Created  a server  socket  and using this socket created bio and ssl object.
      bio = BIO_new_dgram(VI_sock,BIO_NOCLOSE)) 
      SSL_set_bio(ssl,VP_bio,VP_bio);
 
2. Enable cookie exchange on SSL object.
     SSL_set_options(ssl, SSL_OP_COOKIE_EXCHANGE);

3. Then started listening using dtlsv1_listen  for the new client connections. Once dtlsv1_listen is successful and i got the peer address.

4. Once i got the peer address , i am creating one more socket 

5. With the new socket i tried to connect to peer address.

6. Then i am trying to do ssl_accept on the new socket by calling bio_set_fd.

 BIO_set_fd(SSL_get_rbio(ssl),VI_new_sock_id,BIO_NOCLOSE);
 BIO_ctrl(SSL_get_rbio(VP_ssl),BIO_CTRL_DGRAM_SET_CONNECTED, 0, &client_addr);    
 SSL_set_fd(ssl,VI_newsock_id);

  VI_res = SSL_accept(ssl);

But ssl_accept will always return error code 2 [ i.e want read or want write] 

But if i am doing ssl_accept without doing the step no 6 it it will be successful.

Could someone please let us know how to switch to newly created socket, so that it can start using newly created socket for further read and write operations and original server socket  will keep on listening for new connections.
   

Regards,
Nivedita


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: DTLS over UDP

Michael Richardson

Nivedita <[hidden email]> wrote:
    > I am trying to establish DTLS over UDP connection by using
    > DTLSv1_listen method .

    > I have followed the below steps - 1. Created a server socket and using
    > this socket created bio and ssl object.  bio =
    > BIO_new_dgram(VI_sock,BIO_NOCLOSE)) SSL_set_bio(ssl,VP_bio,VP_bio);

    > 2. Enable cookie exchange on SSL object.  SSL_set_options(ssl,
    > SSL_OP_COOKIE_EXCHANGE);

    > 3. Then started listening using dtlsv1_listen for the new client
    > connections.  Once dtlsv1_listen is successful and i got the peer
    > address.

okay.

    > 4. Once i got the peer address , i am creating one more socket
    > 5. With the new socket i tried to connect to peer address.

Do you mean, you call "SSL_connect()"?
Or do you mean you bind(2) and connect(2) the socket.

    > 6. Then i am trying to do ssl_accept on the new socket by calling
    > bio_set_fd.

    > BIO_set_fd(SSL_get_rbio(ssl),VI_new_sock_id,BIO_NOCLOSE);

    > BIO_ctrl(SSL_get_rbio(VP_ssl),BIO_CTRL_DGRAM_SET_CONNECTED, 0,
    > &client_addr);

    > SSL_set_fd(ssl,VI_newsock_id);

So, SSL_set_fd() will allocate a ne bio, which probably undoes the effect
of calling BIO_CRTL_DGRAM_SET_CONNECTED.  Since you have set the fd of
the existing BIO, I think you can omit that line.


    > VI_res = SSL_accept(ssl);

    > But ssl_accept will always return error code 2 [ i.e want read or want
    > write]

    > But if i am doing ssl_accept without doing the step no 6 it it will be
    > successful.

Yes.

    > Could someone please let us know how to switch to newly created socket,
    > so that it can start using newly created socket for further read and
    > write operations and original server socket will keep on listening for
    > new connections.

Do you expect additional connections on the existing socket?
I've been working on some new API to make this all easier.

Your method may fail if you have bound your "listen" to :: (0.0.0.0),
and you have multiple IPs.  In my case, I expect connections over IPv6 LL
addresses, and there are always multiple of those, and ifindex issues as well.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     [hidden email]  http://www.sandelman.ca/        |   ruby on rails    [


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

signature.asc (497 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Fwd: DTLS over UDP

Nivedita

Hi Michael,
  
   Please ignore the previous mail. By mistankely it got sent.
 I have provided my comments  below.

Thanks in advance.
Regards,
Nivedita

On Wed, Feb 14, 2018 at 10:22 AM, Nivedita <[hidden email]> wrote:
Hi Michael,

Thanks for the reply.

I have mentioned the answers below. 

     

On Wed, Feb 14, 2018 at 12:21 AM, Michael Richardson <[hidden email]> wrote:
From: Michael Richardson <[hidden email]>
To: [hidden email]
Subject: Re: [openssl-users] DTLS over UDP
In-Reply-To: <CACS8YK320Z=[hidden email]>
References: <CACS8YK320Z=[hidden email]>
X-Mailer: MH-E 8.6; nmh 1.7-RC3; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0;<'$9xN5Ub#
 z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
        micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Tue, 13 Feb 2018 13:51:10 -0500
Message-ID: <[hidden email]>

--=-=-=
Content-Type: text/plain


Nivedita <[hidden email]> wrote:
    > I am trying to establish DTLS over UDP connection by using
    > DTLSv1_listen method .

    > I have followed the below steps - 1. Created a server socket and using
    > this socket created bio and ssl object.  bio =
    > BIO_new_dgram(VI_sock,BIO_NOCLOSE)) SSL_set_bio(ssl,VP_bio,VP_bio);

    > 2. Enable cookie exchange on SSL object.  SSL_set_options(ssl,
    > SSL_OP_COOKIE_EXCHANGE);

    > 3. Then started listening using dtlsv1_listen for the new client
    > connections.  Once dtlsv1_listen is successful and i got the peer
    > address.

okay.
       Nivedita- Here the ssl object is created on the server socket  and same ssl is passed to dtlsv1_listen method. 

   Nivedita-  All the above mentioned steps i am doing on server side . On the client side i have already initiated ssl_connect. 
                  On the server side when i am listening using dtlsv1_listen method  -
                        
                  while ( VI_res= DTLSv1_listen(VP_ssl, &VS_client_addr) <= 0);
               Now i got the client_addr from dtlsv1_listen method. 
  
    > 4. Once i got the client address , i am creating one new socket
    > 5. With the new socket i tried to connect to client address.

Do you mean, you call "SSL_connect()"?
Or do you mean you bind(2) and connect(2) the socket.

          Nivedita- Once i got the client address from dtlsv1_listen, i am creating one more socket , tried to connect the client address, which i have got in dtlsv1_listen method

               Vi_res=  connect(new sockid, client_addr, sizeof (client addr));
              

    > 6. Then i am trying to do ssl_accept on the new socket by calling
    > bio_set_fd.

    > BIO_set_fd(SSL_get_rbio(ssl),VI_new_sock_id,BIO_NOCLOSE);

    > BIO_ctrl(SSL_get_rbio(VP_ssl),BIO_CTRL_DGRAM_SET_CONNECTED, 0,
    > &client_addr);

    > SSL_set_fd(ssl,VI_newsock_id);

So, SSL_set_fd() will allocate a ne bio, which probably undoes the effect
of calling BIO_CRTL_DGRAM_SET_CONNECTED.  Since you have set the fd of
the existing BIO, I think you can omit that line.

        Nivedita - I have removed SSL_set _fd and tried by doing BIO_set_fd and Bio_ctrl, but still ssl_accept always returns -1 and with error code of 2.

                         VI_res = BIO_set_fd(SSL_get_rbio(VP_ssl),VI_new_sock_id,BIO_NOCLOSE);
                         VI_res = BIO_ctrl(SSL_get_rbio(VP_ssl),BIO_CTRL_DGRAM_SET_CONNECTED, 0, &client_addr);    
          
                         SSL_set_accept_state(VP_ssl);         
                        VI_res = SSL_accept(ssl);

       This ssl object is the same one which we have passed in dtlsv1_listen method. Actually i am trying to do the ssl_accept on the different socket for every client, even though 
      dtlsv1_listen happens on server socket. Could you please let me know if it is possible.

 
    > VI_res = SSL_accept(ssl);

    > But ssl_accept will always return error code 2 [ i.e want read or want
    > write]

    > But if i am doing ssl_accept without doing the step no 6 it it will be
    > successful.

Yes.

    > Could someone please let us know how to switch to newly created socket,
    > so that it can start using newly created socket for further read and
    > write operations and original server socket will keep on listening for
    > new connections.

Do you expect additional connections on the existing socket?
I've been working on some new API to make this all easier.

       Nivedita - Yes, we have multiple peers which try to connect to same server,so in that case i need different sockets for listening operations and one for read/write operations [one for client]

Your method may fail if you have bound your "listen" to :: (0.0.0.0),
and you have multiple IPs.  In my case, I expect connections over IPv6 LL
addresses, and there are always multiple of those, and ifindex issues as well.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     [hidden email]  http://www.sandelman.ca/        |   ruby on rails    [


--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAlqDM54ACgkQgItw+93Q
3WW8Lgf7BwdHZbo22nUphMoVOgBek6qciLPJsa7ggwx6y/pP6kvQX/3bMn4fCx8t
1H/LaTX2xgw8Incz/8RL4kkhfziDYUQJ5oe4cd4b4KIQuTLRLVELFw5RbNX4hmvx
tGd+KK2LMshcw/0+d/pAVtJpUdriHxKtMa3OQ7Tc+Lnqm338FRIhhqxi9/7IljW+
KA+vYcsCcLIpnlHfB5JfKR0N9S2ga7cUPCi4u/PRAZqTXuet4IPqxJLDVuNwCH8/
sbh/yYhFGSPOQG/c0ZaE1TDkcwYeE/lpcofkRdi+FNgBlUtZd9XGag5BW/lA3Rd7
IOCLfEDZENxWk2ki+PhDFwam5QO/Vw==
=v5TB
-----END PGP SIGNATURE-----
--=-=-=--





--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: DTLS over UDP

Nivedita
In reply to this post by Michael Richardson
Hi Michael,

Please find the response inline.

Regards,
Nivedita

On Wed, Feb 14, 2018 at 10:55 PM, Michael Richardson <[hidden email]> wrote:

Nivedita <[hidden email]> wrote:
    > Hi Michael,

    > Thanks for the reply.

    > I have mentioned the answers below.

>okay. I saw only one comment.  Maybe you could use standard usenet quoting?
>Tell me a bit more about what you are working on?
>I'm trying to make CoAP+DTLS work with the ruby-on-rails "David" CoAP server.
 
 Nivedita - We  are using c and Socket programming to establish dtls over udp for sip communication.
 
    > Nivedita <[hidden email]> wrote:
    >> I am trying to establish DTLS over UDP connection by using
    >> DTLSv1_listen method .

    >> I have followed the below steps - 1. Created a server socket and using
    >> this socket created bio and ssl object. bio =
    >> BIO_new_dgram(VI_sock,BIO_NOCLOSE)) SSL_set_bio(ssl,VP_bio,VP_bio);

    >> 2. Enable cookie exchange on SSL object. SSL_set_options(ssl,
    >> SSL_OP_COOKIE_EXCHANGE);

    >> 3. Then started listening using dtlsv1_listen for the new client
    >> connections. Once dtlsv1_listen is successful and i got the peer
    >> address.

    mcr> okay.


    > Nivedita- All the above mentioned steps i am doing on server side . On the
    > client side i have already initiated ssl_connect.
    > On the server side when i am listening using dtlsv1_listen method -

    >> 4. Once i got the peer address , i am creating one more socket
    >> 5. With the new socket i tried to connect to peer address.

 >  mcr> Do you mean, you call "SSL_connect()"?
 >  mcr> Or do you mean you bind(2) and connect(2) the socket.
    >You didn't answer this.
    >You imply you might have tried "SSL_connect()" on the server side.  
     
  Nivedita - SSL_connect is already issued on client side , because of which it triggered the server and dtlsv1_listen was successful and i got the peer address from dtlsv1_listen.
               Then once i  got the client address from the dtlsv1_listen method, i am creating one more socket  and trying to connect to this client  address.
         
                Vi_res=  connect(new sockid, client_addr, sizeof (client addr));
           I am able to connect to client address which i got in dtlsv1_listen method using new socket id.  and i want to do the ssl_accept on the new socket id  by issuing bio_set_fd and bio_ctrl.
          But ssl_accept fails with error code 2.
              
                BIO_set_fd(SSL_get_rbio(ssl),VI_new_sock_id,BIO_NOCLOSE);

     BIO_ctrl(SSL_get_rbio(VP_ssl),BIO_CTRL_DGRAM_SET_CONNECTED, 0, &client_addr)
            ssl_accept (VP_ssl)
     I would like to mention that VP_ssl is created using server socket id, but we are trying to do ssl_accept on newly created socket id  which is connected to peer address[got from dtlsv1_listen method) , so that we can use this socket for further read-write operations and server socket for listening operations.


    >> 6. Then i am trying to do ssl_accept on the new socket by calling
    >> bio_set_fd.

    >> BIO_set_fd(SSL_get_rbio(ssl),VI_new_sock_id,BIO_NOCLOSE);

    >> BIO_ctrl(SSL_get_rbio(VP_ssl),BIO_CTRL_DGRAM_SET_CONNECTED, 0,
    >> &client_addr);

    >> SSL_set_fd(ssl,VI_newsock_id);

    mcr> So, SSL_set_fd() will allocate a ne bio, which probably undoes the effect
    mcr> of calling BIO_CRTL_DGRAM_SET_CONNECTED. Since you have set the fd of
    mcr> the existing BIO, I think you can omit that line.

Please omit the SSL_set_fd(), since you've already done it.

I have a pull request at:
    https://github.com/openssl/openssl/pull/5024

which I am reworking to suit the OpenSSL team.
I am solving the same problem that you have encountered.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     [hidden email]  http://www.sandelman.ca/        |   ruby on rails    [



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: DTLS over UDP

Michael Richardson

Nivedita <[hidden email]> wrote:
    >> Nivedita <[hidden email]> wrote:
   
    >>> I am trying to establish DTLS over UDP connection by using
    >>> DTLSv1_listen method .
   
    >>> I have followed the below steps - 1. Created a server socket
    >>> and using
    >>> this socket created bio and ssl object. bio =
    >>> BIO_new_dgram(VI_sock,BIO_NOCLOSE)) SSL_set_bio
    >>> (ssl,VP_bio,VP_bio);
   
    >>> 2. Enable cookie exchange on SSL object. SSL_set_options(ssl,
    >>> SSL_OP_COOKIE_EXCHANGE);
   
    >>> 3. Then started listening using dtlsv1_listen for the new
    >>> client
    >>> connections. Once dtlsv1_listen is successful and i got the
    >>> peer
    >>> address.
   
    mcr> okay.

   
    >> Nivedita- All the above mentioned steps i am doing on server
    >> side . On the
    >> client side i have already initiated ssl_connect.
    >> On the server side when i am listening using dtlsv1_listen
    >> method -
   
    >>> 4. Once i got the peer address , i am creating one more socket
    >>> 5. With the new socket i tried to connect to peer address.
   
    > Then once i got the client address from the dtlsv1_listen method,
    > i am creating one more socket and trying to connect to this client
    > address.

I think that I see what is wrong with your flow... you haven't taken the
packet off the original socket, so SSL_accept is still looking for it.

The flow is supposed to be:
    1) client sends ClientHello
   
    2) DTLSv1_listen() sees it, and sends a HelloVerifyRequest
       (I assume you have filled in the cookie callbacks. I think that
       perhaps there should be good cryptographic defaults available in
       the library.  Maybe there are, and I'm ignorant of them)
       
    3) Client sends ClientHello w/cookie.
       DTLSv1_listen() then sees that and tweaks the SSL* to indicate that
       the cookie has been accepted.  Note that the packet is *LEFT*
       on the incoming socket so that SSL_accept() can process it.
       This is one the places where the DTLSv1_listen() API is rather
       hard to use in my opinion.

    4) You make up new sockets, etc.
    5) But, you need to call SSL_accept() once with the **old socket** to
       process packet that listen() left on it, and then you can switch the
       FD over!  Of course, you probably want to make sure that SSL_accept()
       sends the reply correctly.

What I do in my proposed DTLSv1_accept() API is that I move the data
From the incoming socket to the new BIO's incoming queue:
https://github.com/mcr/openssl/blob/dtls-listen-refactor/ssl/d1_lib.c#L964

    /* At this point, there is a real ClientHello in serv->init_buf */
    memcpy(rb->buf, serv->init_buf->data, serv->init_num);
    rb->offset = 0;
    rb->left   = serv->init_num;

and then remove the packet from the incoming socket.  The situation is
then returned like this so that the new sockets can be setup, but the
incoming SSL_accept() BIO is stuffed with the correct (cookie-full)
ClientHello, and replies will go to the right place with the right source
address.  I hope to get these patches accepted for the March 11 freeze,
but you might not want to depend upon it.


--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     [hidden email]  http://www.sandelman.ca/        |   ruby on rails    [
       

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

signature.asc (497 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: DTLS over UDP

Nivedita
Hi Michael,

Would you please let me  know whether this  new release of openssl-1.1.1-pre3  supports DTLS over udp for SIP protocol using dtlsv1_accept method.

Regards,
Nivedita

On Wed, Feb 21, 2018 at 11:54 AM, Nivedita <[hidden email]> wrote:
Hi Michael,

Please find the response inline and also i have attached the pcap for your reference.

ip.src ==22.33.40.20 is the search criteria for pcap dump.
Regards,
Nivedita

On Tue, Feb 20, 2018 at 12:13 AM, Michael Richardson <[hidden email]> wrote:

Nivedita <[hidden email]> wrote:
    >> Nivedita <[hidden email]> wrote:

    >>> I am trying to establish DTLS over UDP connection by using
    >>> DTLSv1_listen method .

    >>> I have followed the below steps - 1. Created a server socket
    >>> and using
    >>> this socket created bio and ssl object. bio =
    >>> BIO_new_dgram(VI_sock,BIO_NOCLOSE)) SSL_set_bio
    >>> (ssl,VP_bio,VP_bio);

    >>> 2. Enable cookie exchange on SSL object. SSL_set_options(ssl,
    >>> SSL_OP_COOKIE_EXCHANGE);

    >>> 3. Then started listening using dtlsv1_listen for the new
    >>> client
    >>> connections. Once dtlsv1_listen is successful and i got the
    >>> peer
    >>> address.

    mcr> okay.


    >> Nivedita- All the above mentioned steps i am doing on server
    >> side . On the
    >> client side i have already initiated ssl_connect.
    >> On the server side when i am listening using dtlsv1_listen
    >> method -

    >>> 4. Once i got the peer address , i am creating one more socket
    >>> 5. With the new socket i tried to connect to peer address.

   >> Then once i got the client address from the dtlsv1_listen method,
    >> i am creating one more socket and trying to connect to this client
     >> address.

>I think that I see what is wrong with your flow... you haven't taken the
>packet off the original socket, so SSL_accept is still looking for it.

>The flow is supposed to be:
   >  1) client sends ClientHello
   Nivedita-  Client is sending the client hello.    
 
     >2) DTLSv1_listen() sees it, and sends a HelloVerifyRequest
       > (I assume you have filled in the cookie callbacks. I think that
       > perhaps there should be good cryptographic defaults available in
        >the library.  Maybe there are, and I'm ignorant of them)

       Nivedita-  Yes, I have attached all the cookies  and server is responding with hello verify request. 
 
 >   3) Client sends ClientHello w/cookie.
 >    DTLSv1_listen() then sees that and tweaks the SSL* to indicate that
 >     the cookie has been accepted.  Note that the packet is *LEFT*
 >      on the incoming socket so that SSL_accept() can process it.
  >     This is one the places where the DTLSv1_listen() API is rather
  >      hard to use in my opinion.
   Nivedita-     Now after Hello verify request is done, client sends the client hello with cookie.
                      Now i have done SSL_accept on the same server socket.[ means the same socket on which dtlsv1_listen was triggered] 

>    4) You make up new sockets, etc.
      Nivedita-         After ssl_accept is done , i have created one more socket, and tried to connect to client addr and set the bio on the new socket.   
     
               VI_sock_id = socket(client_addr.ss_family,SOCK_DGRAM,0);
 
               VI_status = connect(VI_sock_id, (struct sockaddr *)&client_addr,  sizeof(struct sockaddr_storage));
 
 
>  5) But, you need to call SSL_accept() once with the **old socket** to
>      process packet that listen() left on it, and then you can switch the
>       FD over!  Of course, you probably want to make sure that SSL_accept()
>      sends the reply correctly.

    Nivedita-   As suggested i have done the ssl_accept on the same socket on which dtlsv1_listen was triggered. 
                    After ssl_accept i am trying to change the fd , so that the incoming data  should come to new fd , instead of old one.  But still traffic is coming on old fd[dtlsv1 fd]

                   VI_res = SSL_accept(VP_ssl);
                   VI_res = BIO_set_fd(SSL_get_rbio(VP_ssl),VI_sock_id,BIO_NOCLOSE);
                   VI_res = BIO_ctrl(SSL_get_rbio(VP_ssl),BIO_CTRL_DGRAM_SET_CONNECTED, 0, &client_addr);    
   
      Please let me know your inputs i, so that traffic has to move from old fd to new fd.
       
What I do in my proposed DTLSv1_accept() API is that I move the data
From the incoming socket to the new BIO's incoming queue:
https://github.com/mcr/openssl/blob/dtls-listen-refactor/ssl/d1_lib.c#L964

    /* At this point, there is a real ClientHello in serv->init_buf */
    memcpy(rb->buf, serv->init_buf->data, serv->init_num);
    rb->offset = 0;
    rb->left   = serv->init_num;

and then remove the packet from the incoming socket.  The situation is
then returned like this so that the new sockets can be setup, but the
incoming SSL_accept() BIO is stuffed with the correct (cookie-full)
ClientHello, and replies will go to the right place with the right source
address.  I hope to get these patches accepted for the March 11 freeze,
but you might not want to depend upon it.


--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     [hidden email]  http://www.sandelman.ca/        |   ruby on rails    [


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users




--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: DTLS over UDP

Nivedita
Hi Michael,

 We are working on SIP , and i am looking for dtlsv1_accept method so that when multiple clients want to connect to single server, dtls should open a separate port for each client instance, when running over udp.

Regards,
Nivedita


On Wed, Mar 21, 2018 at 11:04 PM, Michael Richardson <[hidden email]> wrote:

Nivedita <[hidden email]> wrote:
    > Would you please let me  know whether this  new release of
    > openssl-1.1.1-pre3  supports DTLS over udp for SIP protocol using
    > dtlsv1_accept method.

No.  I will be rebasing very soon.
(I'm a contributor like you)

Even the basic BIO patches that I was working on were not yet accepted, as I
guess I need to validate that it compiles on VMS.
I hope to get an accout soon that I can use to verify things.

BTW: Are you speaking about *SIP* or *RTP?  My impression is that the
     existing API was designed specifically for SRTP.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     [hidden email]  http://www.sandelman.ca/        |   ruby on rails    [



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users