Closed ratelwork closed 10 months ago
I’ll have a look. It’d certainly be a good idea to add such a test to the test suite anyway.
In short, you need to set the certificate chain to the configuration https://github.com/Synss/python-mbedtls/blob/master/tests/test_tls.py#L403-L409 I'm a bit short on time these days. I'll still try to provide a complete example in the next few days.
In short, you need to set the certificate chain to the configuration https://github.com/Synss/python-mbedtls/blob/master/tests/test_tls.py#L403-L409 I'm a bit short on time these days. I'll still try to provide a complete example in the next few days.
Thanks, it will be really useful. I did try it as in the example but unfortunaly it did not work in my case.
I've tried it here again and, whereas TLS works as expected, DTLS hangs. I need to debug that.
https://github.com/Synss/python-mbedtls/commit/88b4a3b38ab3130a7ce5b8c9ec501ef50137cd77 adds a sans-io example.
sorry,I run the test_tls and it still failed.
CI is green. The tests do pass. What did you do exactly that fails? You should probably open another issue for this anyway with the error message and so on.
Cannot import MaxFragmentLength from mbedtls.tls
C:\Program Files\Python39\lib\site-packages_pytest\assertion\rewrite.py:172: in exec_module
exec(co, module.dict)
test_tls.py:40: in
from mbedtls.tls import ( ClientContext, DTLSConfiguration, DTLSVersion, HandshakeStep, HelloVerifyRequest, MaxFragmentLength, NextProtocol, Purpose, ServerContext, TLSConfiguration, TLSRecordHeader, TLSSession, TLSVersion, TLSWrappedBuffer, TLSWrappedSocket, TrustStore, WantReadError, WantWriteError, ciphers_available, )
I want to know the version of your tls.py module
@superbiao654 Please stop hijacking this issue with a different problem and open your own with a full repro and following the provided template.
@Synss Thank you for providing the server.py example. Using it I was able to implement a PSK based DTLS server. Without the example in _make_dtls_connection()
it would be hard to figure out the correct sequence of accepts and handshakes.
@hwmaier yes, indeed! Would you mind sending a pull request with your changes on 'server.py'?
Sorry my comment was probably misleading. I did not have to change anything in your code. Your example code is working well for me and I used it as a template for my own server implementation. I only added my comment here to express that in my opinion the recent release has a good and working example others should be able to follow.
That's fair as well. Thank you for confirming that there is no problem with the library and that the examples are good enough.
Can you please provide an example of DTLS echo server and simple DTLS client.
Provided in the bootom of this message code for some reason do not work anymore. I got an error:
Here are not-so-short but tested examples of a DTLS server and a DTLS client that work on my machine. The code is probably not that great but this is what I have used to implement DTLS.
Listening on "0.0.0.0" for the server is important. It will not work if you only listen on "127.0.0.1" for example. This is because DTLS
accept()
steals the first client socket to handshake and communicate with the client. The server thenbind()
s another socket for the next client.This is also what happens in
net_socket.c
from upstream libmbedtls and I do not know of a better way to handle handshake over UDP...Originally posted by @Synss in https://github.com/Synss/python-mbedtls/issues/20#issuecomment-480888266