search

sdamm / asio_dtls

A DTLS implementation using the ASIO library
51 stars 11 forks source link

DTLS client before server up #11

Open VPBalaRama opened 4 years ago

VPBalaRama commented 4 years ago

Hi All,

I'm into a scenario, where the DTLS client starts and tries handshake before the server comes up. In this handshake fails, I used a timer to call handshake API after the timer expiry. As client tries handshake before the server up, earlier client hello is missed and after timer expiry, it is not starting from the "client hello". Due to this handshake is failing.

Below the flow diagram 3920-06-29 12:27:21.168000] [19936] FRMWRK DtlsClient::doDtlsHandshake called DEBUG: [3920-06-29 12:27:21.168000] [19936] FRMWRK BaseSslContext::sslInfoCallback(): SSL_connect: before/connect initialization DEBUG: [3920-06-29 12:27:21.168000] [19936] FRMWRK BaseSslContext::sslInfoCallback(): SSL_connect: SSLv3 write client hello A DEBUG: [3920-06-29 12:27:21.168000] [19936] FRMWRK BaseSslContext::sslInfoCallback(): SSL_connect: ERROR: SSLv3 read server hello A (-1) DEBUG: [3920-06-29 12:27:21.168000] [19936] FRMWRK BaseSslContext::sslInfoCallback(): SSL_connect: ERROR: SSLv3 read server hello A (-1) DEBUG: [3920-06-29 12:27:21.168000] [19936] FRMWRK DtlsClient::Handshak failed with error message 10054 retrying..

after timer expiry of 500msec, by the time DTLS server running called async_handshake, but it is not starting with "client hello" [3920-06-29 12:27:21.668000] [19936] FRMWRK DtlsClient::doDtlsHandshake called DEBUG: [3920-06-29 12:27:21.668000] [19936] FRMWRK BaseSslContext::sslInfoCallback(): SSL_connect: ERROR: SSLv3 read server hello A (-1)

How to handle a scenario like this. is there any way to reset the socket before calling the async_handshake once again

sdamm commented 4 years ago

I haven't tested it, but you should be able to reset using the following: SSL_clear(mysocket.native_handle());

From the openssl Documentation this sounds like the right thing, but from my understanding this should not be needed. As I understand the DTLS standard the handshake should be done in a "reliable transmission" i.e. there should be an automated retransmit if a packet is lost. So I would expect openssl to retransmit the Client Hello. I haven't looked into why this does not happen and haven't tried to reproduce it yet, so this might be a temporary/unnecessary workaround.