Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: No connection binding with the connection-id-extension #6365

Closed
Conradowatz opened this issue May 2, 2023 · 3 comments
Closed

[Bug]: No connection binding with the connection-id-extension #6365

Conradowatz opened this issue May 2, 2023 · 3 comments
Assignees
@julek-wolfssl
Labels
bug

Comments

@Conradowatz
Copy link

Contact Details

[email protected]

Version

5.5.0

Description

WolfSSL partially supports the connection identifier extension (https://www.rfc-editor.org/rfc/rfc9146.html).
However, the extension is currently not usable as intended, as a a connection endpoint cannot be recognized purely by connection id. Currently wolfSSL identifies connecting peers purely by their adress and port.
The goal of the extension would be to enable an endpoint to change its ip adress and or port whithout the need of a new handshake.

Reproduction steps

In user_settings.h, enable DTLS and the extension:

#define WOLFSSL_DTLS
#define WOLFSSL_DTLS_CID
  1. Connect to the wolfSSL example server using DTLS and with connection id enabled (--cid XX) and do a handshake
  2. On the client: reopen your udp connection to change source port
  3. try sending messages to the server again
  4. the wolfSSL server will report a unknown peer and discard the messages

Relevant log output

wolfSSL Entering EmbedReceiveFrom()
wolfSSL Entering wolfSSL_dtls_get_using_nonblock
    Ignored packet from invalid peer
wolfSSL error occurred, error = -323
@Conradowatz Conradowatz added the bug label May 2, 2023
@dgarske dgarske assigned dgarske, julek-wolfssl and rizlik and unassigned dgarske May 2, 2023
@rizlik
Copy link
Contributor

rizlik commented May 8, 2023

Hey @Conradowatz,

Thanks for reaching out.
Yes, you are right, Connection ID support is partial, you can find more detail in the PR that added the support #5453 .

Complete support is in the feature request stage at this point.
The current status may still be useful if the other endpoint is the one that wants to differentiate using the ConnectionID.

Thanks,
Marco

@trainman419
Copy link

I'm interested in this support as well. Has there been any progress on this?

@rizlik rizlik assigned julek-wolfssl and unassigned rizlik Oct 24, 2024
@julek-wolfssl
Copy link
Member

Hi @trainman419 @Conradowatz
we recently added API to better support CIDs. Please see the API added in #8224. For example to parse the CID you can use wolfSSL_dtls_cid_parse. See the example in wolfSSL/wolfssl-examples#472 how to use these new API.
Juliusz

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@julek-wolfssl julek-wolfssl

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@trainman419 @dgarske @rizlik @Conradowatz @julek-wolfssl