This is a discussion on DTLS + PSK anomaly - Openssl ; Hello all, while playing with DTLS and PSK in HEAD, I ran into this problem: $ ./openssl s_server -dtls1 -nocert -psk deadbeef Using default temp DH parameters Using default temp ECDH parameters ACCEPT then: $ ./openssl s_client -dtls1 -psk deadbeef ...
Hello all, while playing with DTLS and PSK in HEAD, I ran into this
problem:
$ ./openssl s_server -dtls1 -nocert -psk deadbeef
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
then:
$ ./openssl s_client -dtls1 -psk deadbeef
which causes the following in s_server:
ERROR
12767:error:140B6044:SSL routines:SSL_GET_SERVER_SEND_CERT:
internal error:ssl_lib.c:1992:
12767:error:14109044:SSL routinesTLS1_SEND_SERVER_CERTIFICATE:
internal error:d1_srvr.c:1117:
shutting down SSL
CONNECTION CLOSED
ACCEPT
while s_client gets stuck in "writing client hello A" state.
It seems that s_server does not honour the -nocert argument, trying
anyway to
retrieve and send its certificate; curiously enough, the SSL state
machine - as
a side effect - goes out of sync.
Note that this does not happen when -dtls1 is omitted.
t.
