Mbed TLS is now part of TrustedFirmware.org.

dtls_server failure on OS X


May 17, 2017 12:47
David Smith

Hi, I'm trying to get the dtls examples running. I've been able to clone the git repo, compile and run the tests under Linux with no issues. When I do the same on OS X, the dtls server fails. It appears to be caused by an issue in mbedtls_net_accept.

In looking at the capture in wireshark, I see the following

Client -> Server: Client Hello (no cookie) Server -> Client: Hello Verify Request Client -> Server: Client Hello (with cookie) Client -> Server: Client Hello (with cookie)

Output from the applications is below. My initial thoughts are that this has something to do with the way the bind, accept and connect functions interact on the file descriptors.

David

Server Output:

davids-mbp:mbedtls davids$ ./programs/ssl/dtls_server

  . Loading the server cert. and key... ok
  . Bind on udp/*/4433 ... ok
  . Seeding the random number generator... ok
  . Setting up the DTLS data... ok
  . Waiting for a remote connection ... ok
  . Performing the DTLS handshake... hello verification requested
  . Waiting for a remote connection ... failed
  ! mbedtls_net_accept returned -74

Last error was: -74 - NET - Could not accept the incoming connection

Client Output:

davids-mbp:mbedtls davids$ ./programs/ssl/dtls_client

  . Seeding the random number generator... ok
  . Loading the CA root certificate ... ok (0 skipped)
  . Connecting to udp/localhost/4433... ok
  . Setting up the DTLS structure... ok
  . Performing the SSL/TLS handshake...
 failed
  ! mbedtls_ssl_handshake returned -0x4c

Last error was: -76 - NET - Reading information from the socket failed
 
May 18, 2017 11:12
Ron Eldor

Hi David,
The dtls_client and dtls_server are example applications that show how to implement servers and clients using dtls. In addition, the networking bio supplied with mbed TLS is a reference that tested and works with linux and windows OS. It is probable that it might not work with OS X. Please look at https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS regarding how to port mbed TLS to new platforms. You will need to supply your own bio callbacks, that will fit OS x, to mbedtls_ssl_set_bio.
Regards,
mbed TLS Team member
Ron