Issue with DTLS for UDP

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

Issue with DTLS for UDP

Grace Priscilla Jero
Hi All,

We are currently facing an issue while initiating DTLS for UDP conenctions. Below is the backtrace for the coredump.

Program terminated with signal 11, Segmentation fault.

#0  0x00007fdf1825c760 in BIO_method_type () from /opt/OC/ins/external/lib/libcrypto.so.1.1

(gdb) bt

#0  0x00007fdf1825c760 in BIO_method_type () from /opt/OC/ins/external/lib/libcrypto.so.1.1

#1  0x00007fdf18260459 in BIO_dgram_is_sctp () from /opt/OC/ins/external/lib/libcrypto.so.1.1

#2  0x00007fdf1865da66 in state_machine () from /opt/OC/ins/external/lib/libssl.so.1.1

#3  0x00007fdf18653f63 in SSL_do_handshake () from /opt/OC/ins/external/lib/libssl.so.1.1

#4  0x00007fdf1a4a4f98 in FI_sip_dtls_accept (AP_server=0x2323b98) at sip_dtls_interface.c:435

#5  0x00007fdf1a5c8a83 in FI_check_scrutation_list (AI_nb=1) at sip_trp_polling.c:875

#6  0x00007fdf1a5c9c7a in FP_scrutation_thread (AP_param=0x0) at sip_trp_polling.c:1244

#7  0x00007fdf19605bb8 in _tbx_thr_start (params=<value optimized out>) at tbx_thr_unix_ovms.cxx:345

#8  0x00007fdf1c020b50 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0

#9  0x00007fdf1af5efbd in clone () from /lib/x86_64-linux-gnu/libc.so.6

#10 0x0000000000000000 in ?? ()


We are using SSL_accept to accept the connection for which we see the failure. Please let know if you have any thoughts. 


We are debugging to see why it crashes. The issue is seen only with DTLS over UDP.


Thanks,

Grace



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Issue with DTLS for UDP

Matt Caswell-2


On 24/10/17 11:25, Grace Priscilla Jero wrote:
> We are using SSL_accept to accept the connection for which we see the
> failure. Please let know if you have any thoughts.

Have you set the wbio correctly? Does SSL_get_wbio() return your wbio
object if you call it immediately before SSL_do_handshake()?

Matt

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Issue with DTLS for UDP

OpenSSL - User mailing list
In reply to this post by Grace Priscilla Jero

Can you build with debugging enabled?  IT might make things easier.  But note that BIO_method_type is a trivial function,

                return b->method->type;

which implies that a pointer got clobbered as being a likely cause.  Are you sure your code didn’t smash something?

#5  0x00007fdf1a5c8a83 in FI_check_scrutation_list (AI_nb=1) at sip_trp_polling.c:875

I have no idea what this does, but I love the name “scrutation” :)


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Issue with DTLS for UDP

Grace Priscilla Jero
In reply to this post by Matt Caswell-2
Thankyou for the responses.
We figured the issue. But now we are getting error -5 from "SSL_connect" and the errno is set to 22 which means invalid argument.
Is there a easy way to debug or get logs for SSL_connect.

Below is the sequence for the dtls udp connect that we are trying.
ssl = SSL_new(ctx)
bio = BIO_new_dgram(sock_id,BIO_NOCLOSE)
SSL_set_bio(ssl, bio, bio);
VI_res = SSL_connect(ssl)



Thanks,
Grace

On Tue, Oct 24, 2017 at 4:07 PM, Matt Caswell <[hidden email]> wrote:


On 24/10/17 11:25, Grace Priscilla Jero wrote:
> We are using SSL_accept to accept the connection for which we see the
> failure. Please let know if you have any thoughts.

Have you set the wbio correctly? Does SSL_get_wbio() return your wbio
object if you call it immediately before SSL_do_handshake()?

Matt

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Issue with DTLS for UDP

Matt Caswell-2


On 26/10/17 16:43, Grace Priscilla Jero wrote:

> Thankyou for the responses.
> We figured the issue. But now we are getting error -5 from "SSL_connect"
> and the errno is set to 22 which means invalid argument.
> Is there a easy way to debug or get logs for SSL_connect.
>
> Below is the sequence for the dtls udp connect that we are trying.
> ssl = SSL_new(ctx)
> bio = BIO_new_dgram(sock_id,BIO_NOCLOSE)
> SSL_set_bio(ssl, bio, bio);
> VI_res = SSL_connect(ssl)

Do you really mean SSL_connect() returns -5? Or do you mean that after a
negative return value from SSL_connect() you call SSL_get_error() and
that return 5 (SSL_ERROR_SYSCALL)?

If you really mean SSL_connect() returns -5 then you need to call
SSL_get_error() as a next step.

If you are getting SSL_ERROR_SYSCALL then my guess is that there is a
problem with sock_id. How do create it?

Matt


>
>
>
> Thanks,
> Grace
>
> On Tue, Oct 24, 2017 at 4:07 PM, Matt Caswell <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>
>
>     On 24/10/17 11:25, Grace Priscilla Jero wrote:
>     > We are using SSL_accept to accept the connection for which we see the
>     > failure. Please let know if you have any thoughts.
>
>     Have you set the wbio correctly? Does SSL_get_wbio() return your wbio
>     object if you call it immediately before SSL_do_handshake()?
>
>     Matt
>
>     --
>     openssl-users mailing list
>     To unsubscribe:
>     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>
>
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Issue with DTLS for UDP

Grace Priscilla Jero
Hi Matt,

SSL_get_error()  returns 5. 
It is the same socket using which the UDP connection is established.
Could you suggest some logging that can be done for OPENSSL.

Thanks,
Grace


On Thu, Oct 26, 2017 at 9:23 PM, Matt Caswell <[hidden email]> wrote:


On 26/10/17 16:43, Grace Priscilla Jero wrote:
> Thankyou for the responses.
> We figured the issue. But now we are getting error -5 from "SSL_connect"
> and the errno is set to 22 which means invalid argument.
> Is there a easy way to debug or get logs for SSL_connect.
>
> Below is the sequence for the dtls udp connect that we are trying.
> ssl = SSL_new(ctx)
> bio = BIO_new_dgram(sock_id,BIO_NOCLOSE)
> SSL_set_bio(ssl, bio, bio);
> VI_res = SSL_connect(ssl)

Do you really mean SSL_connect() returns -5? Or do you mean that after a
negative return value from SSL_connect() you call SSL_get_error() and
that return 5 (SSL_ERROR_SYSCALL)?

If you really mean SSL_connect() returns -5 then you need to call
SSL_get_error() as a next step.

If you are getting SSL_ERROR_SYSCALL then my guess is that there is a
problem with sock_id. How do create it?

Matt


>
>
>
> Thanks,
> Grace
>
> On Tue, Oct 24, 2017 at 4:07 PM, Matt Caswell <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>
>
>     On 24/10/17 11:25, Grace Priscilla Jero wrote:
>     > We are using SSL_accept to accept the connection for which we see the
>     > failure. Please let know if you have any thoughts.
>
>     Have you set the wbio correctly? Does SSL_get_wbio() return your wbio
>     object if you call it immediately before SSL_do_handshake()?
>
>     Matt
>
>     --
>     openssl-users mailing list
>     To unsubscribe:
>     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>
>
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Issue with DTLS for UDP

Grace Priscilla Jero
Thankyou for the suggestions. After correcting few options the "ClientHello" goes successfully but we have failure in "DTLSv1_listen". There are'nt any cookies in the Client Hello request.
But DTLSv1_listen return error and the failure in see is in "SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_COOKIE_GEN_CALLBACK_FAILURE);"

We are using 1.1.0f version. Is there a way we can disable cookies?

Thanks,
Grace

On Fri, Oct 27, 2017 at 12:39 PM, Grace Priscilla Jero <[hidden email]> wrote:
Hi Matt,

SSL_get_error()  returns 5. 
It is the same socket using which the UDP connection is established.
Could you suggest some logging that can be done for OPENSSL.

Thanks,
Grace


On Thu, Oct 26, 2017 at 9:23 PM, Matt Caswell <[hidden email]> wrote:


On 26/10/17 16:43, Grace Priscilla Jero wrote:
> Thankyou for the responses.
> We figured the issue. But now we are getting error -5 from "SSL_connect"
> and the errno is set to 22 which means invalid argument.
> Is there a easy way to debug or get logs for SSL_connect.
>
> Below is the sequence for the dtls udp connect that we are trying.
> ssl = SSL_new(ctx)
> bio = BIO_new_dgram(sock_id,BIO_NOCLOSE)
> SSL_set_bio(ssl, bio, bio);
> VI_res = SSL_connect(ssl)

Do you really mean SSL_connect() returns -5? Or do you mean that after a
negative return value from SSL_connect() you call SSL_get_error() and
that return 5 (SSL_ERROR_SYSCALL)?

If you really mean SSL_connect() returns -5 then you need to call
SSL_get_error() as a next step.

If you are getting SSL_ERROR_SYSCALL then my guess is that there is a
problem with sock_id. How do create it?

Matt


>
>
>
> Thanks,
> Grace
>
> On Tue, Oct 24, 2017 at 4:07 PM, Matt Caswell <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>
>
>     On 24/10/17 11:25, Grace Priscilla Jero wrote:
>     > We are using SSL_accept to accept the connection for which we see the
>     > failure. Please let know if you have any thoughts.
>
>     Have you set the wbio correctly? Does SSL_get_wbio() return your wbio
>     object if you call it immediately before SSL_do_handshake()?
>
>     Matt
>
>     --
>     openssl-users mailing list
>     To unsubscribe:
>     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>
>
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Issue with DTLS for UDP

Matt Caswell-2


On 31/10/17 06:06, Grace Priscilla Jero wrote:
> Thankyou for the suggestions. After correcting few options the
> "ClientHello" goes successfully but we have failure in "DTLSv1_listen".
> There are'nt any cookies in the Client Hello request.
> But DTLSv1_listen return error and the failure in see is in
> "SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_COOKIE_GEN_CALLBACK_FAILURE);"

This is most likely because you haven't called
SSL_CTX_set_cookie_generate_cb() first.

> We are using 1.1.0f version. Is there a way we can disable cookies?

Well the whole *point* of calling DTLSv1_listen() is to generate those
cookies. If you don't want cookies, don't call it.

Matt

>
> Thanks,
> Grace
>
> On Fri, Oct 27, 2017 at 12:39 PM, Grace Priscilla Jero
> <[hidden email] <mailto:[hidden email]>> wrote:
>
>     Hi Matt,
>
>     SSL_get_error()  returns 5. 
>     It is the same socket using which the UDP connection is established.
>     Could you suggest some logging that can be done for OPENSSL.
>
>     Thanks,
>     Grace
>
>
>     On Thu, Oct 26, 2017 at 9:23 PM, Matt Caswell <[hidden email]
>     <mailto:[hidden email]>> wrote:
>
>
>
>         On 26/10/17 16:43, Grace Priscilla Jero wrote:
>         > Thankyou for the responses.
>         > We figured the issue. But now we are getting error -5 from "SSL_connect"
>         > and the errno is set to 22 which means invalid argument.
>         > Is there a easy way to debug or get logs for SSL_connect.
>         >
>         > Below is the sequence for the dtls udp connect that we are trying.
>         > ssl = SSL_new(ctx)
>         > bio = BIO_new_dgram(sock_id,BIO_NOCLOSE)
>         > SSL_set_bio(ssl, bio, bio);
>         > VI_res = SSL_connect(ssl)
>
>         Do you really mean SSL_connect() returns -5? Or do you mean that
>         after a
>         negative return value from SSL_connect() you call
>         SSL_get_error() and
>         that return 5 (SSL_ERROR_SYSCALL)?
>
>         If you really mean SSL_connect() returns -5 then you need to call
>         SSL_get_error() as a next step.
>
>         If you are getting SSL_ERROR_SYSCALL then my guess is that there
>         is a
>         problem with sock_id. How do create it?
>
>         Matt
>
>
>         >
>         >
>         >
>         > Thanks,
>         > Grace
>         >
>         > On Tue, Oct 24, 2017 at 4:07 PM, Matt Caswell <[hidden email] <mailto:[hidden email]>
>         > <mailto:[hidden email] <mailto:[hidden email]>>> wrote:
>         >
>         >
>         >
>         >     On 24/10/17 11:25, Grace Priscilla Jero wrote:
>         >     > We are using SSL_accept to accept the connection for which we see the
>         >     > failure. Please let know if you have any thoughts.
>         >
>         >     Have you set the wbio correctly? Does SSL_get_wbio() return your wbio
>         >     object if you call it immediately before SSL_do_handshake()?
>         >
>         >     Matt
>         >
>         >     --
>         >     openssl-users mailing list
>         >     To unsubscribe:
>         >     https://mta.openssl.org/mailman/listinfo/openssl-users
>         <https://mta.openssl.org/mailman/listinfo/openssl-users>
>         >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>         <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>         >
>         >
>         >
>         >
>         --
>         openssl-users mailing list
>         To unsubscribe:
>         https://mta.openssl.org/mailman/listinfo/openssl-users
>         <https://mta.openssl.org/mailman/listinfo/openssl-users>
>
>
>
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Issue with DTLS for UDP

Grace Priscilla Jero
Hi Matt,
yes, we have found that later and have add the call backs. But we never get the Client Hello with cookie. The Hello verify request is sent from the server.

Thanks for pointing out that listen was for cookies. Now without that providing the SSL_accept, it hangs. We are unable to figure out why it hangs. Only client hello is sent. Is there any way to spot what is going wrong.

Thanks,
Grace

On Tue, Oct 31, 2017 at 3:50 PM, Matt Caswell <[hidden email]> wrote:


On 31/10/17 06:06, Grace Priscilla Jero wrote:
> Thankyou for the suggestions. After correcting few options the
> "ClientHello" goes successfully but we have failure in "DTLSv1_listen".
> There are'nt any cookies in the Client Hello request.
> But DTLSv1_listen return error and the failure in see is in
> "SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_COOKIE_GEN_CALLBACK_FAILURE);"

This is most likely because you haven't called
SSL_CTX_set_cookie_generate_cb() first.

> We are using 1.1.0f version. Is there a way we can disable cookies?

Well the whole *point* of calling DTLSv1_listen() is to generate those
cookies. If you don't want cookies, don't call it.

Matt

>
> Thanks,
> Grace
>
> On Fri, Oct 27, 2017 at 12:39 PM, Grace Priscilla Jero
> <[hidden email] <mailto:[hidden email]>> wrote:
>
>     Hi Matt,
>
>     SSL_get_error()  returns 5. 
>     It is the same socket using which the UDP connection is established.
>     Could you suggest some logging that can be done for OPENSSL.
>
>     Thanks,
>     Grace
>
>
>     On Thu, Oct 26, 2017 at 9:23 PM, Matt Caswell <[hidden email]
>     <mailto:[hidden email]>> wrote:
>
>
>
>         On 26/10/17 16:43, Grace Priscilla Jero wrote:
>         > Thankyou for the responses.
>         > We figured the issue. But now we are getting error -5 from "SSL_connect"
>         > and the errno is set to 22 which means invalid argument.
>         > Is there a easy way to debug or get logs for SSL_connect.
>         >
>         > Below is the sequence for the dtls udp connect that we are trying.
>         > ssl = SSL_new(ctx)
>         > bio = BIO_new_dgram(sock_id,BIO_NOCLOSE)
>         > SSL_set_bio(ssl, bio, bio);
>         > VI_res = SSL_connect(ssl)
>
>         Do you really mean SSL_connect() returns -5? Or do you mean that
>         after a
>         negative return value from SSL_connect() you call
>         SSL_get_error() and
>         that return 5 (SSL_ERROR_SYSCALL)?
>
>         If you really mean SSL_connect() returns -5 then you need to call
>         SSL_get_error() as a next step.
>
>         If you are getting SSL_ERROR_SYSCALL then my guess is that there
>         is a
>         problem with sock_id. How do create it?
>
>         Matt
>
>
>         >
>         >
>         >
>         > Thanks,
>         > Grace
>         >
>         > On Tue, Oct 24, 2017 at 4:07 PM, Matt Caswell <[hidden email] <mailto:[hidden email]>
>         > <mailto:[hidden email] <mailto:[hidden email]>>> wrote:
>         >
>         >
>         >
>         >     On 24/10/17 11:25, Grace Priscilla Jero wrote:
>         >     > We are using SSL_accept to accept the connection for which we see the
>         >     > failure. Please let know if you have any thoughts.
>         >
>         >     Have you set the wbio correctly? Does SSL_get_wbio() return your wbio
>         >     object if you call it immediately before SSL_do_handshake()?
>         >
>         >     Matt
>         >
>         >     --
>         >     openssl-users mailing list
>         >     To unsubscribe:
>         >     https://mta.openssl.org/mailman/listinfo/openssl-users
>         <https://mta.openssl.org/mailman/listinfo/openssl-users>
>         >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>         <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>         >
>         >
>         >
>         >
>         --
>         openssl-users mailing list
>         To unsubscribe:
>         https://mta.openssl.org/mailman/listinfo/openssl-users
>         <https://mta.openssl.org/mailman/listinfo/openssl-users>
>
>
>
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Issue with DTLS for UDP

Matt Caswell-2


On 31/10/17 10:40, Grace Priscilla Jero wrote:
> Hi Matt,
> yes, we have found that later and have add the call backs. But we never
> get the Client Hello with cookie. The Hello verify request is sent from
> the server.
>
> Thanks for pointing out that listen was for cookies. Now without that
> providing the SSL_accept, it hangs. We are unable to figure out why it
> hangs. Only client hello is sent. Is there any way to spot what is going
> wrong.

I suggest you use Wireshark to take a look what is happening on the wire.

Matt


>
> Thanks,
> Grace
>
> On Tue, Oct 31, 2017 at 3:50 PM, Matt Caswell <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>
>
>     On 31/10/17 06:06, Grace Priscilla Jero wrote:
>     > Thankyou for the suggestions. After correcting few options the
>     > "ClientHello" goes successfully but we have failure in "DTLSv1_listen".
>     > There are'nt any cookies in the Client Hello request.
>     > But DTLSv1_listen return error and the failure in see is in
>     > "SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_COOKIE_GEN_CALLBACK_FAILURE);"
>
>     This is most likely because you haven't called
>     SSL_CTX_set_cookie_generate_cb() first.
>
>     > We are using 1.1.0f version. Is there a way we can disable cookies?
>
>     Well the whole *point* of calling DTLSv1_listen() is to generate those
>     cookies. If you don't want cookies, don't call it.
>
>     Matt
>
>     >
>     > Thanks,
>     > Grace
>     >
>     > On Fri, Oct 27, 2017 at 12:39 PM, Grace Priscilla Jero
>     > <[hidden email] <mailto:[hidden email]>
>     <mailto:[hidden email]
>     <mailto:[hidden email]>>> wrote:
>     >
>     >     Hi Matt,
>     >
>     >     SSL_get_error()  returns 5. 
>     >     It is the same socket using which the UDP connection is established.
>     >     Could you suggest some logging that can be done for OPENSSL.
>     >
>     >     Thanks,
>     >     Grace
>     >
>     >
>     >     On Thu, Oct 26, 2017 at 9:23 PM, Matt Caswell <[hidden email] <mailto:[hidden email]>
>     >     <mailto:[hidden email] <mailto:[hidden email]>>> wrote:
>     >
>     >
>     >
>     >         On 26/10/17 16:43, Grace Priscilla Jero wrote:
>     >         > Thankyou for the responses.
>     >         > We figured the issue. But now we are getting error -5
>     from "SSL_connect"
>     >         > and the errno is set to 22 which means invalid argument.
>     >         > Is there a easy way to debug or get logs for SSL_connect.
>     >         >
>     >         > Below is the sequence for the dtls udp connect that we
>     are trying.
>     >         > ssl = SSL_new(ctx)
>     >         > bio = BIO_new_dgram(sock_id,BIO_NOCLOSE)
>     >         > SSL_set_bio(ssl, bio, bio);
>     >         > VI_res = SSL_connect(ssl)
>     >
>     >         Do you really mean SSL_connect() returns -5? Or do you
>     mean that
>     >         after a
>     >         negative return value from SSL_connect() you call
>     >         SSL_get_error() and
>     >         that return 5 (SSL_ERROR_SYSCALL)?
>     >
>     >         If you really mean SSL_connect() returns -5 then you need
>     to call
>     >         SSL_get_error() as a next step.
>     >
>     >         If you are getting SSL_ERROR_SYSCALL then my guess is that
>     there
>     >         is a
>     >         problem with sock_id. How do create it?
>     >
>     >         Matt
>     >
>     >
>     >         >
>     >         >
>     >         >
>     >         > Thanks,
>     >         > Grace
>     >         >
>     >         > On Tue, Oct 24, 2017 at 4:07 PM, Matt Caswell
>     <[hidden email] <mailto:[hidden email]> <mailto:[hidden email]
>     <mailto:[hidden email]>>
>     >         > <mailto:[hidden email] <mailto:[hidden email]>
>     <mailto:[hidden email] <mailto:[hidden email]>>>> wrote:
>     >         >
>     >         >
>     >         >
>     >         >     On 24/10/17 11:25, Grace Priscilla Jero wrote:
>     >         >     > We are using SSL_accept to accept the connection
>     for which we see the
>     >         >     > failure. Please let know if you have any thoughts.
>     >         >
>     >         >     Have you set the wbio correctly? Does SSL_get_wbio()
>     return your wbio
>     >         >     object if you call it immediately before
>     SSL_do_handshake()?
>     >         >
>     >         >     Matt
>     >         >
>     >         >     --
>     >         >     openssl-users mailing list
>     >         >     To unsubscribe:
>     >         >   
>      https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >         <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >         >   
>      <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >         <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>>
>     >         >
>     >         >
>     >         >
>     >         >
>     >         --
>     >         openssl-users mailing list
>     >         To unsubscribe:
>     >         https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >         <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >
>     >
>     >
>     >
>     >
>     --
>     openssl-users mailing list
>     To unsubscribe:
>     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>
>
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Issue with DTLS for UDP

Grace Priscilla Jero
Matt,
Here is more info on the process backtrace where it is stuck.

cat /proc/15602/stack
[<ffffffff812ab64d>] inet_csk_accept+0xc1/0x1f0
[<ffffffff812cc3b5>] inet_accept+0x28/0xf5
[<ffffffff81267362>] sys_accept4+0x11b/0x1b8
[<ffffffff8126740a>] sys_accept+0xb/0xd
[<ffffffff81312152>] system_call_fastpath+0x16/0x1b
[<ffffffffffffffff>] 0xffffffffffffffff

Thanks,
Grace

On Tue, Oct 31, 2017 at 4:22 PM, Grace Priscilla Jero <[hidden email]> wrote:
Please find attached the pcap. It only has Client Hello.
While debugging SSL_accept, I see it stuck in s->method->ssl_read_bytes

Thanks,
Grace


On Tue, Oct 31, 2017 at 4:16 PM, Matt Caswell <[hidden email]> wrote:


On 31/10/17 10:40, Grace Priscilla Jero wrote:
> Hi Matt,
> yes, we have found that later and have add the call backs. But we never
> get the Client Hello with cookie. The Hello verify request is sent from
> the server.
>
> Thanks for pointing out that listen was for cookies. Now without that
> providing the SSL_accept, it hangs. We are unable to figure out why it
> hangs. Only client hello is sent. Is there any way to spot what is going
> wrong.

I suggest you use Wireshark to take a look what is happening on the wire.

Matt


>
> Thanks,
> Grace
>
> On Tue, Oct 31, 2017 at 3:50 PM, Matt Caswell <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>
>
>     On 31/10/17 06:06, Grace Priscilla Jero wrote:
>     > Thankyou for the suggestions. After correcting few options the
>     > "ClientHello" goes successfully but we have failure in "DTLSv1_listen".
>     > There are'nt any cookies in the Client Hello request.
>     > But DTLSv1_listen return error and the failure in see is in
>     > "SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_COOKIE_GEN_CALLBACK_FAILURE);"
>
>     This is most likely because you haven't called
>     SSL_CTX_set_cookie_generate_cb() first.
>
>     > We are using 1.1.0f version. Is there a way we can disable cookies?
>
>     Well the whole *point* of calling DTLSv1_listen() is to generate those
>     cookies. If you don't want cookies, don't call it.
>
>     Matt
>
>     >
>     > Thanks,
>     > Grace
>     >
>     > On Fri, Oct 27, 2017 at 12:39 PM, Grace Priscilla Jero
>     > <[hidden email] <mailto:[hidden email]>
>     <mailto:[hidden email]
>     <mailto:[hidden email]>>> wrote:
>     >
>     >     Hi Matt,
>     >
>     >     SSL_get_error()  returns 5. 
>     >     It is the same socket using which the UDP connection is established.
>     >     Could you suggest some logging that can be done for OPENSSL.
>     >
>     >     Thanks,
>     >     Grace
>     >
>     >
>     >     On Thu, Oct 26, 2017 at 9:23 PM, Matt Caswell <[hidden email] <mailto:[hidden email]>
>     >     <mailto:[hidden email] <mailto:[hidden email]>>> wrote:
>     >
>     >
>     >
>     >         On 26/10/17 16:43, Grace Priscilla Jero wrote:
>     >         > Thankyou for the responses.
>     >         > We figured the issue. But now we are getting error -5
>     from "SSL_connect"
>     >         > and the errno is set to 22 which means invalid argument.
>     >         > Is there a easy way to debug or get logs for SSL_connect.
>     >         >
>     >         > Below is the sequence for the dtls udp connect that we
>     are trying.
>     >         > ssl = SSL_new(ctx)
>     >         > bio = BIO_new_dgram(sock_id,BIO_NOCLOSE)
>     >         > SSL_set_bio(ssl, bio, bio);
>     >         > VI_res = SSL_connect(ssl)
>     >
>     >         Do you really mean SSL_connect() returns -5? Or do you
>     mean that
>     >         after a
>     >         negative return value from SSL_connect() you call
>     >         SSL_get_error() and
>     >         that return 5 (SSL_ERROR_SYSCALL)?
>     >
>     >         If you really mean SSL_connect() returns -5 then you need
>     to call
>     >         SSL_get_error() as a next step.
>     >
>     >         If you are getting SSL_ERROR_SYSCALL then my guess is that
>     there
>     >         is a
>     >         problem with sock_id. How do create it?
>     >
>     >         Matt
>     >
>     >
>     >         >
>     >         >
>     >         >
>     >         > Thanks,
>     >         > Grace
>     >         >
>     >         > On Tue, Oct 24, 2017 at 4:07 PM, Matt Caswell
>     <[hidden email] <mailto:[hidden email]> <mailto:[hidden email]
>     <mailto:[hidden email]>>
>     >         > <mailto:[hidden email] <mailto:[hidden email]>
>     <mailto:[hidden email] <mailto:[hidden email]>>>> wrote:
>     >         >
>     >         >
>     >         >
>     >         >     On 24/10/17 11:25, Grace Priscilla Jero wrote:
>     >         >     > We are using SSL_accept to accept the connection
>     for which we see the
>     >         >     > failure. Please let know if you have any thoughts.
>     >         >
>     >         >     Have you set the wbio correctly? Does SSL_get_wbio()
>     return your wbio
>     >         >     object if you call it immediately before
>     SSL_do_handshake()?
>     >         >
>     >         >     Matt
>     >         >
>     >         >     --
>     >         >     openssl-users mailing list
>     >         >     To unsubscribe:
>     >         >   
>      https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >         <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >         >   
>      <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >         <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>>
>     >         >
>     >         >
>     >         >
>     >         >
>     >         --
>     >         openssl-users mailing list
>     >         To unsubscribe:
>     >         https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >         <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >
>     >
>     >
>     >
>     >
>     --
>     openssl-users mailing list
>     To unsubscribe:
>     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>
>
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Issue with DTLS for UDP

Grace Priscilla Jero
Matt,
If you have any way to enable some kind of logging it will be useful to find what is the issue.
Why do we get error 2 for ssl_accept. We have seen this for connect but not sure why we get it for accept.

Thanks,
Grace

On 31-Oct-2017 6:56 PM, "Grace Priscilla Jero" <[hidden email]> wrote:
Matt,
Here is more info on the process backtrace where it is stuck.

cat /proc/15602/stack
[<ffffffff812ab64d>] inet_csk_accept+0xc1/0x1f0
[<ffffffff812cc3b5>] inet_accept+0x28/0xf5
[<ffffffff81267362>] sys_accept4+0x11b/0x1b8
[<ffffffff8126740a>] sys_accept+0xb/0xd
[<ffffffff81312152>] system_call_fastpath+0x16/0x1b
[<ffffffffffffffff>] 0xffffffffffffffff

Thanks,
Grace

On Tue, Oct 31, 2017 at 4:22 PM, Grace Priscilla Jero <[hidden email]> wrote:
Please find attached the pcap. It only has Client Hello.
While debugging SSL_accept, I see it stuck in s->method->ssl_read_bytes

Thanks,
Grace


On Tue, Oct 31, 2017 at 4:16 PM, Matt Caswell <[hidden email]> wrote:


On 31/10/17 10:40, Grace Priscilla Jero wrote:
> Hi Matt,
> yes, we have found that later and have add the call backs. But we never
> get the Client Hello with cookie. The Hello verify request is sent from
> the server.
>
> Thanks for pointing out that listen was for cookies. Now without that
> providing the SSL_accept, it hangs. We are unable to figure out why it
> hangs. Only client hello is sent. Is there any way to spot what is going
> wrong.

I suggest you use Wireshark to take a look what is happening on the wire.

Matt


>
> Thanks,
> Grace
>
> On Tue, Oct 31, 2017 at 3:50 PM, Matt Caswell <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>
>
>     On 31/10/17 06:06, Grace Priscilla Jero wrote:
>     > Thankyou for the suggestions. After correcting few options the
>     > "ClientHello" goes successfully but we have failure in "DTLSv1_listen".
>     > There are'nt any cookies in the Client Hello request.
>     > But DTLSv1_listen return error and the failure in see is in
>     > "SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_COOKIE_GEN_CALLBACK_FAILURE);"
>
>     This is most likely because you haven't called
>     SSL_CTX_set_cookie_generate_cb() first.
>
>     > We are using 1.1.0f version. Is there a way we can disable cookies?
>
>     Well the whole *point* of calling DTLSv1_listen() is to generate those
>     cookies. If you don't want cookies, don't call it.
>
>     Matt
>
>     >
>     > Thanks,
>     > Grace
>     >
>     > On Fri, Oct 27, 2017 at 12:39 PM, Grace Priscilla Jero
>     > <[hidden email] <mailto:[hidden email]>
>     <mailto:[hidden email]
>     <mailto:[hidden email]>>> wrote:
>     >
>     >     Hi Matt,
>     >
>     >     SSL_get_error()  returns 5. 
>     >     It is the same socket using which the UDP connection is established.
>     >     Could you suggest some logging that can be done for OPENSSL.
>     >
>     >     Thanks,
>     >     Grace
>     >
>     >
>     >     On Thu, Oct 26, 2017 at 9:23 PM, Matt Caswell <[hidden email] <mailto:[hidden email]>
>     >     <mailto:[hidden email] <mailto:[hidden email]>>> wrote:
>     >
>     >
>     >
>     >         On 26/10/17 16:43, Grace Priscilla Jero wrote:
>     >         > Thankyou for the responses.
>     >         > We figured the issue. But now we are getting error -5
>     from "SSL_connect"
>     >         > and the errno is set to 22 which means invalid argument.
>     >         > Is there a easy way to debug or get logs for SSL_connect.
>     >         >
>     >         > Below is the sequence for the dtls udp connect that we
>     are trying.
>     >         > ssl = SSL_new(ctx)
>     >         > bio = BIO_new_dgram(sock_id,BIO_NOCLOSE)
>     >         > SSL_set_bio(ssl, bio, bio);
>     >         > VI_res = SSL_connect(ssl)
>     >
>     >         Do you really mean SSL_connect() returns -5? Or do you
>     mean that
>     >         after a
>     >         negative return value from SSL_connect() you call
>     >         SSL_get_error() and
>     >         that return 5 (SSL_ERROR_SYSCALL)?
>     >
>     >         If you really mean SSL_connect() returns -5 then you need
>     to call
>     >         SSL_get_error() as a next step.
>     >
>     >         If you are getting SSL_ERROR_SYSCALL then my guess is that
>     there
>     >         is a
>     >         problem with sock_id. How do create it?
>     >
>     >         Matt
>     >
>     >
>     >         >
>     >         >
>     >         >
>     >         > Thanks,
>     >         > Grace
>     >         >
>     >         > On Tue, Oct 24, 2017 at 4:07 PM, Matt Caswell
>     <[hidden email] <mailto:[hidden email]> <mailto:[hidden email]
>     <mailto:[hidden email]>>
>     >         > <mailto:[hidden email] <mailto:[hidden email]>
>     <mailto:[hidden email] <mailto:[hidden email]>>>> wrote:
>     >         >
>     >         >
>     >         >
>     >         >     On 24/10/17 11:25, Grace Priscilla Jero wrote:
>     >         >     > We are using SSL_accept to accept the connection
>     for which we see the
>     >         >     > failure. Please let know if you have any thoughts.
>     >         >
>     >         >     Have you set the wbio correctly? Does SSL_get_wbio()
>     return your wbio
>     >         >     object if you call it immediately before
>     SSL_do_handshake()?
>     >         >
>     >         >     Matt
>     >         >
>     >         >     --
>     >         >     openssl-users mailing list
>     >         >     To unsubscribe:
>     >         >   
>      https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >         <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >         >   
>      <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >         <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>>
>     >         >
>     >         >
>     >         >
>     >         >
>     >         --
>     >         openssl-users mailing list
>     >         To unsubscribe:
>     >         https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>     >         <https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>     >
>     >
>     >
>     >
>     >
>     --
>     openssl-users mailing list
>     To unsubscribe:
>     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>
>
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Issue with DTLS for UDP

Matt Caswell-2
In reply to this post by Grace Priscilla Jero
I did not get the pcap file? Perhaps it got blocked due to message size.
Try sending it direct to me.

Matt

On 31/10/17 13:26, Grace Priscilla Jero wrote:

> Matt,
> Here is more info on the process backtrace where it is stuck.
>
> cat /proc/15602/stack
> [<ffffffff812ab64d>] inet_csk_accept+0xc1/0x1f0
> [<ffffffff812cc3b5>] inet_accept+0x28/0xf5
> [<ffffffff81267362>] sys_accept4+0x11b/0x1b8
> [<ffffffff8126740a>] sys_accept+0xb/0xd
> [<ffffffff81312152>] system_call_fastpath+0x16/0x1b
> [<ffffffffffffffff>] 0xffffffffffffffff
>
> Thanks,
> Grace
>
> On Tue, Oct 31, 2017 at 4:22 PM, Grace Priscilla Jero
> <[hidden email] <mailto:[hidden email]>> wrote:
>
>     Please find attached the pcap. It only has Client Hello.
>     While debugging SSL_accept, I see it stuck in s->method->ssl_read_bytes
>
>     Thanks,
>     Grace
>
>
>     On Tue, Oct 31, 2017 at 4:16 PM, Matt Caswell <[hidden email]
>     <mailto:[hidden email]>> wrote:
>
>
>
>         On 31/10/17 10:40, Grace Priscilla Jero wrote:
>         > Hi Matt,
>         > yes, we have found that later and have add the call backs. But we never
>         > get the Client Hello with cookie. The Hello verify request is sent from
>         > the server.
>         >
>         > Thanks for pointing out that listen was for cookies. Now without that
>         > providing the SSL_accept, it hangs. We are unable to figure out why it
>         > hangs. Only client hello is sent. Is there any way to spot what is going
>         > wrong.
>
>         I suggest you use Wireshark to take a look what is happening on
>         the wire.
>
>         Matt
>
>
>         >
>         > Thanks,
>         > Grace
>         >
>         > On Tue, Oct 31, 2017 at 3:50 PM, Matt Caswell <[hidden email] <mailto:[hidden email]>
>         > <mailto:[hidden email] <mailto:[hidden email]>>> wrote:
>         >
>         >
>         >
>         >     On 31/10/17 06:06, Grace Priscilla Jero wrote:
>         >     > Thankyou for the suggestions. After correcting few options the
>         >     > "ClientHello" goes successfully but we have failure in "DTLSv1_listen".
>         >     > There are'nt any cookies in the Client Hello request.
>         >     > But DTLSv1_listen return error and the failure in see is in
>         >     > "SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_COOKIE_GEN_CALLBACK_FAILURE);"
>         >
>         >     This is most likely because you haven't called
>         >     SSL_CTX_set_cookie_generate_cb() first.
>         >
>         >     > We are using 1.1.0f version. Is there a way we can disable cookies?
>         >
>         >     Well the whole *point* of calling DTLSv1_listen() is to generate those
>         >     cookies. If you don't want cookies, don't call it.
>         >
>         >     Matt
>         >
>         >     >
>         >     > Thanks,
>         >     > Grace
>         >     >
>         >     > On Fri, Oct 27, 2017 at 12:39 PM, Grace Priscilla Jero
>         >     > <[hidden email] <mailto:[hidden email]>
>         <mailto:[hidden email]
>         <mailto:[hidden email]>>
>         >     <mailto:[hidden email]
>         <mailto:[hidden email]>
>         >     <mailto:[hidden email] <mailto:[hidden email]>>>>
>         wrote:
>         >     >
>         >     >     Hi Matt,
>         >     >
>         >     >     SSL_get_error()  returns 5. 
>         >     >     It is the same socket using which the UDP connection is established.
>         >     >     Could you suggest some logging that can be done for OPENSSL.
>         >     >
>         >     >     Thanks,
>         >     >     Grace
>         >     >
>         >     >
>         >     >     On Thu, Oct 26, 2017 at 9:23 PM, Matt Caswell <[hidden email] <mailto:[hidden email]>
>         <mailto:[hidden email] <mailto:[hidden email]>>
>         >     >     <mailto:[hidden email] <mailto:[hidden email]>
>         <mailto:[hidden email] <mailto:[hidden email]>>>> wrote:
>         >     >
>         >     >
>         >     >
>         >     >         On 26/10/17 16:43, Grace Priscilla Jero wrote:
>         >     >         > Thankyou for the responses.
>         >     >         > We figured the issue. But now we are getting
>         error -5
>         >     from "SSL_connect"
>         >     >         > and the errno is set to 22 which means invalid
>         argument.
>         >     >         > Is there a easy way to debug or get logs for
>         SSL_connect.
>         >     >         >
>         >     >         > Below is the sequence for the dtls udp connect
>         that we
>         >     are trying.
>         >     >         > ssl = SSL_new(ctx)
>         >     >         > bio = BIO_new_dgram(sock_id,BIO_NOCLOSE)
>         >     >         > SSL_set_bio(ssl, bio, bio);
>         >     >         > VI_res = SSL_connect(ssl)
>         >     >
>         >     >         Do you really mean SSL_connect() returns -5? Or
>         do you
>         >     mean that
>         >     >         after a
>         >     >         negative return value from SSL_connect() you call
>         >     >         SSL_get_error() and
>         >     >         that return 5 (SSL_ERROR_SYSCALL)?
>         >     >
>         >     >         If you really mean SSL_connect() returns -5 then
>         you need
>         >     to call
>         >     >         SSL_get_error() as a next step.
>         >     >
>         >     >         If you are getting SSL_ERROR_SYSCALL then my
>         guess is that
>         >     there
>         >     >         is a
>         >     >         problem with sock_id. How do create it?
>         >     >
>         >     >         Matt
>         >     >
>         >     >
>         >     >         >
>         >     >         >
>         >     >         >
>         >     >         > Thanks,
>         >     >         > Grace
>         >     >         >
>         >     >         > On Tue, Oct 24, 2017 at 4:07 PM, Matt Caswell
>         >     <[hidden email] <mailto:[hidden email]>
>         <mailto:[hidden email] <mailto:[hidden email]>>
>         <mailto:[hidden email] <mailto:[hidden email]>
>         >     <mailto:[hidden email] <mailto:[hidden email]>>>
>         >     >         > <mailto:[hidden email]
>         <mailto:[hidden email]> <mailto:[hidden email]
>         <mailto:[hidden email]>>
>         >     <mailto:[hidden email] <mailto:[hidden email]>
>         <mailto:[hidden email] <mailto:[hidden email]>>>>> wrote:
>         >     >         >
>         >     >         >
>         >     >         >
>         >     >         >     On 24/10/17 11:25, Grace Priscilla Jero wrote:
>         >     >         >     > We are using SSL_accept to accept the
>         connection
>         >     for which we see the
>         >     >         >     > failure. Please let know if you have any
>         thoughts.
>         >     >         >
>         >     >         >     Have you set the wbio correctly? Does
>         SSL_get_wbio()
>         >     return your wbio
>         >     >         >     object if you call it immediately before
>         >     SSL_do_handshake()?
>         >     >         >
>         >     >         >     Matt
>         >     >         >
>         >     >         >     --
>         >     >         >     openssl-users mailing list
>         >     >         >     To unsubscribe:
>         >     >         >   
>         >      https://mta.openssl.org/mailman/listinfo/openssl-users
>         <https://mta.openssl.org/mailman/listinfo/openssl-users>
>         >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>         <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>         >     >       
>          <https://mta.openssl.org/mailman/listinfo/openssl-users
>         <https://mta.openssl.org/mailman/listinfo/openssl-users>
>         >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>         <https://mta.openssl.org/mailman/listinfo/openssl-users>>>
>         >     >         >   
>         >      <https://mta.openssl.org/mailman/listinfo/openssl-users
>         <https://mta.openssl.org/mailman/listinfo/openssl-users>
>         >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>         <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>         >     >       
>          <https://mta.openssl.org/mailman/listinfo/openssl-users
>         <https://mta.openssl.org/mailman/listinfo/openssl-users>
>         >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>         <https://mta.openssl.org/mailman/listinfo/openssl-users>>>>
>         >     >         >
>         >     >         >
>         >     >         >
>         >     >         >
>         >     >         --
>         >     >         openssl-users mailing list
>         >     >         To unsubscribe:
>         >     >       
>          https://mta.openssl.org/mailman/listinfo/openssl-users
>         <https://mta.openssl.org/mailman/listinfo/openssl-users>
>         >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>         <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>         >     >       
>          <https://mta.openssl.org/mailman/listinfo/openssl-users
>         <https://mta.openssl.org/mailman/listinfo/openssl-users>
>         >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>         <https://mta.openssl.org/mailman/listinfo/openssl-users>>>
>         >     >
>         >     >
>         >     >
>         >     >
>         >     >
>         >     --
>         >     openssl-users mailing list
>         >     To unsubscribe:
>         >     https://mta.openssl.org/mailman/listinfo/openssl-users
>         <https://mta.openssl.org/mailman/listinfo/openssl-users>
>         >     <https://mta.openssl.org/mailman/listinfo/openssl-users
>         <https://mta.openssl.org/mailman/listinfo/openssl-users>>
>         >
>         >
>         >
>         >
>         --
>         openssl-users mailing list
>         To unsubscribe:
>         https://mta.openssl.org/mailman/listinfo/openssl-users
>         <https://mta.openssl.org/mailman/listinfo/openssl-users>
>
>
>
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users