DTLS non-blocking mode support?? - Openssl

This is a discussion on DTLS non-blocking mode support?? - Openssl ; Hi, I have a program which is using DTLS blocking mode. And it works fine. But I need to change it to non-blocking mode to port it to my platform. Can openssl DTLS support this? I have tried to change ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: DTLS non-blocking mode support??

  1. DTLS non-blocking mode support??

    Hi,

    I have a program which is using DTLS blocking mode. And it works fine.
    But I need to change it to non-blocking mode to port it to my
    platform.

    Can openssl DTLS support this?

    I have tried to change the underlying sock to non-blocking mode. When
    the SSL_connect is called, I can see using ethereal that the first
    hello message were send out a lot of times. Is this normal behaviour?
    or something wrong? When I only change the client to non-blocking, I
    can connect to the server.

    If I change both server and client to non-blocking, the server can
    finish the handshake, but the client can not.

    The one I am using is 0.9.8.a with the DTLS patch. But I have tried
    the 0.9.8h, the result looks similar.

    Thanks!

    Yong
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  2. Re: DTLS non-blocking mode support??

    I tried to get non-blocking DTLS working a while ago, but in order to
    get a connection to work, I had to comment out the retransmission of
    commands as described in the patch below.

    Unfortunately, this breaks retransmission, so it's not really suitable
    for distribution. But it at least gives a clue as to where to start
    making fixes.

    I tried asking the original author of DTLS support about this, but I
    didn't get a response.

    The patches below also include the ones that were needed to fix DTLS
    support up to 0.9.8e. Hopefully those are part of 0.9.8h, and if they
    are, then only the chunk that replaces "return
    dtls1_retransmit_buffered_messages(s)" with "return -1".

    __joe

    diff -r openssl-clean-0.9.8e/ssl/d1_both.c openssl-0.9.8e/ssl/d1_both.c
    728,735c728,735
    < overlap = (s->init_num - DTLS1_HM_HEADER_LENGTH) - frag_off;
    <
    < /* retain the header for the first fragment */
    < if ( s->init_num > DTLS1_HM_HEADER_LENGTH)
    < {
    < memmove(&(s->init_buf->data[s->init_num]),
    < &(s->init_buf->data[s->init_num + DTLS1_HM_HEADER_LENGTH
    + overlap]),
    < frag_len - overlap);
    ---
    > if ( s->init_num > DTLS1_HM_HEADER_LENGTH)
    > {
    > s->init_num -= DTLS1_HM_HEADER_LENGTH;
    > overlap = (s->init_num - DTLS1_HM_HEADER_LENGTH) - frag_off;
    >
    > memmove(&(s->init_buf->data[s->init_num]),
    > &(s->init_buf->data[s->init_num + DTLS1_HM_HEADER_LENGTH +

    overlap]),
    > frag_len - overlap);

    737,740c737,743
    < s->init_num += frag_len - overlap;
    < }
    < else
    < s->init_num += frag_len;
    ---
    > s->init_num += frag_len - overlap;
    > }
    > else
    > {
    > overlap = 0;
    > s->init_num += frag_len;
    > }

    974,975c977,987
    <
    < return dtls1_retransmit_buffered_messages(s) ;
    ---
    > /*
    > In non-blocking mode, this retransmit gets spammed, which freaks

    out the server. Changing
    > to always reporting the timeout fixes that case when no packets are

    going to be lost, but
    > I hesitate to claim it fixed, since it means that retransmits are

    busted.
    >
    > What should happen is that the timeout and retransmits are somehow

    application-managed
    > in non-blocking modes, but I'm not sure where to start poking at

    that. ask nagendra?
    > */
    > return -1;
    > // int ret = dtls1_retransmit_buffered_messages(s) ;
    > // return ret;

    diff -r openssl-clean-0.9.8e/ssl/d1_pkt.c openssl-0.9.8e/ssl/d1_pkt.c
    577a578
    > rr->length = 0;

    590a592
    > rr->length = 0;

    597a600
    > rr->length = 0;

    diff -r openssl-clean-0.9.8e/ssl/d1_srvr.c openssl-0.9.8e/ssl/d1_srvr.c
    1012c1012,1013
    <
    ---
    > unsigned int msg_len;
    >

    1088c1089,1091
    < /* XDTLS: set message header ? */
    ---
    > msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
    > dtls1_set_message_header(s, s->init_buf->data,
    > SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len);


    On Jun 16, 2008, at 18.41, Yong Zhang wrote:

    > Hi,
    >
    > I have a program which is using DTLS blocking mode. And it works fine.
    > But I need to change it to non-blocking mode to port it to my
    > platform.
    >
    > Can openssl DTLS support this?
    >
    > I have tried to change the underlying sock to non-blocking mode. When
    > the SSL_connect is called, I can see using ethereal that the first
    > hello message were send out a lot of times. Is this normal behaviour?
    > or something wrong? When I only change the client to non-blocking, I
    > can connect to the server.
    >
    > If I change both server and client to non-blocking, the server can
    > finish the handshake, but the client can not.
    >
    > The one I am using is 0.9.8.a with the DTLS patch. But I have tried
    > the 0.9.8h, the result looks similar.
    >
    > Thanks!
    >
    > Yong
    > __________________________________________________ ____________________
    > OpenSSL Project http://www.openssl.org
    > User Support Mailing List openssl-users@openssl.org
    > Automated List Manager majordomo@openssl.org

    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


+ Reply to Thread