X509VerifyResult Error when using PSK

[phste]

At first I want to say thank you, that you put the effort in to provide a library to support DTLS in Rust!
There is not much around except the direct usage of OpenSSL.

I want to connect to a (not controlled by me) DTLS Server which uses PSK, as I saw in your newest commit you added the possibility to use PSK so I tried to use your implementation.

Unfortunately, I'm always greeted by an error message about certificate validation by OpenSSL.

thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Failure(Ssl(Error { code: ErrorCode(5), cause: Some(Io(Os { code: 22, kind: InvalidInput, message: "Invalid argument" })) }, X509VerifyResult { code: 0, error: "ok" }))', src/main.rs:35:27

I'm a little bit puzzled by this error as I'm not providing a certificate. Moreover, I started Wireshark to track whether any UDP packet is send and none is send. So it shouldn't be a validation problem stemming from the server.

use std::{net::UdpSocket};

use std::net::{IpAddr, Ipv4Addr, SocketAddr};

use udp_dtls::{DtlsConnector, PskIdentity, ConnectorIdentity};
use udp_dtls::UdpChannel;


fn main() {

	let username = "11111111111111111111111111111111";
	let client_key = hex::decode("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA").unwrap();
	let identity = PskIdentity::new(username.as_bytes(), client_key.as_slice());

	let connector = DtlsConnector::builder()
		.danger_accept_invalid_certs(true)
		.danger_accept_invalid_hostnames(true)
		.use_sni(false)
		.add_cipher("PSK-AES128-GCM-SHA256")
                .build()
                .unwrap();


       let client = UdpSocket::bind("127.0.0.1:0").unwrap();
	let server_addr = SocketAddr::new(IpAddr::V4(Ipv4Addr::new(192, 168, 1, 40)), 2100);

        let client_channel = UdpChannel {
            socket: client,
            remote_addr: server_addr,
        };
        let mut dtls_client = connector.connect("192.168.1.40", client_channel).unwrap();
}

Hopefully, it is only a problem caused by myself.

[TimonPost]

Hi there, Openssl can be a pain, from which line is the unwrap error?

[phste]

This line let mut dtls_client = connector.connect("192.168.1.40", client_channel).unwrap(); is causing the unwrap error.
Thank you for your help!

[TimonPost]

This is your server address: let server_addr = SocketAddr::new(IpAddr::V4(Ipv4Addr::new(192, 168, 1, 40)), 2100);, however, I don't see any server code. Is this some other application?

If there are no handshake messages it is probably related to your connector configuration.

[phste]

Yes, exactly. Unfortunately it is another application. I'm trying to connect to Hue Entertainment which is running on Port 2100 on my Hue Bridge. I'm recording my traffic via Wireshark and I could not see any handshake messages, the client is not sending the HelloClient message as it does when i use the commandline openssl client.

[ashleysmithgpu]

Hi, I came across this issue as I am trying the same thing: using udp-dtls to connect to Phillips Hue lights. I found a fix to the problem mentioned here: you need to set your client address to 0.0.0.0. However I am having a different issue now, where connect will only work ~50% of the time, otherwise it will block indefinitely.
Edit:
One thing I notice that is different from curl is that curl sends two "Client hello" requests, one second apart. I can get the application to connect if I set:
client_socket.set_read_timeout(Some(std::time::Duration::new(1, 0)));