search

TimonPost / udp-dtls

DTLS abstraction ontop of UDP
MIT License
15 stars 4 forks source link

X509VerifyResult Error when using PSK #4

Open phste opened 4 years ago

phste commented 4 years ago

At first I want to say thank you, that you put the effort in to provide a library to support DTLS in Rust! There is not much around except the direct usage of OpenSSL.

I want to connect to a (not controlled by me) DTLS Server which uses PSK, as I saw in your newest commit you added the possibility to use PSK so I tried to use your implementation.

Unfortunately, I'm always greeted by an error message about certificate validation by OpenSSL.

thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Failure(Ssl(Error { code: ErrorCode(5), cause: Some(Io(Os { code: 22, kind: InvalidInput, message: "Invalid argument" })) }, X509VerifyResult { code: 0, error: "ok" }))', src/main.rs:35:27

I'm a little bit puzzled by this error as I'm not providing a certificate. Moreover, I started Wireshark to track whether any UDP packet is send and none is send. So it shouldn't be a validation problem stemming from the server.

use std::{net::UdpSocket};

use std::net::{IpAddr, Ipv4Addr, SocketAddr};

use udp_dtls::{DtlsConnector, PskIdentity, ConnectorIdentity};
use udp_dtls::UdpChannel;

fn main() {

    let username = "11111111111111111111111111111111";
    let client_key = hex::decode("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA").unwrap();
    let identity = PskIdentity::new(username.as_bytes(), client_key.as_slice());

    let connector = DtlsConnector::builder()
        .danger_accept_invalid_certs(true)
        .danger_accept_invalid_hostnames(true)
        .use_sni(false)
        .add_cipher("PSK-AES128-GCM-SHA256")
                .build()
                .unwrap();

       let client = UdpSocket::bind("127.0.0.1:0").unwrap();
    let server_addr = SocketAddr::new(IpAddr::V4(Ipv4Addr::new(192, 168, 1, 40)), 2100);

        let client_channel = UdpChannel {
            socket: client,
            remote_addr: server_addr,
        };
        let mut dtls_client = connector.connect("192.168.1.40", client_channel).unwrap();
}

Hopefully, it is only a problem caused by myself.

TimonPost commented 4 years ago

Hi there, Openssl can be a pain, from which line is the unwrap error?

phste commented 4 years ago

This line let mut dtls_client = connector.connect("192.168.1.40", client_channel).unwrap(); is causing the unwrap error. Thank you for your help!

TimonPost commented 4 years ago

This is your server address: let server_addr = SocketAddr::new(IpAddr::V4(Ipv4Addr::new(192, 168, 1, 40)), 2100);, however, I don't see any server code. Is this some other application?

If there are no handshake messages it is probably related to your connector configuration.

phste commented 4 years ago

Yes, exactly. Unfortunately it is another application. I'm trying to connect to Hue Entertainment which is running on Port 2100 on my Hue Bridge. I'm recording my traffic via Wireshark and I could not see any handshake messages, the client is not sending the HelloClient message as it does when i use the commandline openssl client.

ashleysmithgpu commented 3 years ago

Hi, I came across this issue as I am trying the same thing: using udp-dtls to connect to Phillips Hue lights. I found a fix to the problem mentioned here: you need to set your client address to 0.0.0.0. However I am having a different issue now, where connect will only work ~50% of the time, otherwise it will block indefinitely. Edit: One thing I notice that is different from curl is that curl sends two "Client hello" requests, one second apart. I can get the application to connect if I set: client_socket.set_read_timeout(Some(std::time::Duration::new(1, 0)));