otp icon indicating copy to clipboard operation
otp copied to clipboard

Published 20 hours ago verified publisher icon erlang

ERL-1073: cb_info callback for "open" when using dtls doesn't have expected options

Open OTP-Maintainer opened this issue 5 years ago • 4 comments

Original reporter: virtualairwaves Affected version: OTP-19.1.1 Component: ssl Migrated from: https://bugs.erlang.org/browse/ERL-1073

I'm trying to use the dtls protocol, with my own callback because I need to run it over a udp "socket" I've already established. (This is because I need to switch between processing "ICE/Stun,  then DTLS, then SRTP over the same UDP port)

{noformat}
   Opts = [
        {active, true},       
        {verify, verify_none},
        {protocol, dtls},
        {versions, ['dtlsv1.2']},
        {certfile, "dtls-cert.pem"},
        {keyfile,  "dtls-key.pem"},
        {cb_info, {dtls_cb, dtls_data, dtls_closed, dtls_error}}
    ],
    {ok, CSock} = ssl:connect(Host, Port, Opts),

{noformat}

when the "open" call in my dtls_cb module gets called I see these options

{noformat}
    dtls_cb:open(0, [{active,false},{mode,binary},{active,false},{mode,binary}])
{noformat}

Note the the options are repeated twice, and they have nothing to do with the options that were passed to the ssl:connect statement

OTP-Maintainer avatar Oct 23 '19 16:10 OTP-Maintainer

ingela said:

Humm ... it is a bit unnecessary that options are repeated (But will not make a difference).  However these are the internal values
of the tansport socket. Some options needs to be emulated as for example active.  In a DTLS server also the connection is emulated.
I think what you want to do should probably  should be handled by the dtls_packet_multiplexor  process used to emulate the connection. It will probably need some new API to support it.

OTP-Maintainer avatar Nov 04 '19 11:11 OTP-Maintainer

virtualairwaves said:

Thanks. I gave up using this. I was hoping that I could use the data callback to get the data out and send it over the UDP port I had open so I can switch protocols but it just didn't work.

There's another issue that the HELLO I was getting for DTLS was not DTLSv1.2 despite my specifying it in the options. (I'm going to confirm this and file another bug report).

Since the support just isn't here yet, I went ahead and wrote my own NIF based on the Cisco DTLS/srtp library. I'm not sure anyone has gotten DTLSv1.2 to work using the libraries in Erlang.

OTP-Maintainer avatar Nov 04 '19 16:11 OTP-Maintainer

ingela said:

Yes please file another bug report. I think that it is probably not a lot of work to make an API for what you want, the problem is that currently Ericsson does not have DTLS  as high priority so we need Open Source feedback and PRs to develop DTLS further at the moment.

OTP-Maintainer avatar Nov 05 '19 07:11 OTP-Maintainer

I think the duplicate options will go away with https://github.com/IngelaAndin/otp/pull/new/ingela/ssl/GH-4585. The feature request is still not prioritized. A PR is always welcome.

IngelaAndin avatar Mar 16 '21 11:03 IngelaAndin

There are no longer any duplicated options, so I will close this. I know that DTLS is used and we will fixes bug if they are reported.

IngelaAndin avatar May 24 '23 12:05 IngelaAndin