Help running DTLSClientTest and DTLSServerTest

Discussion:

Alex Levin

2014-08-15 01:05:24 UTC

Hi, I am trying to run DTLSClientTest and DTLSServerTest. The first one has
this comment:
Please refer to GnuTLSSetup.txt or OpenSSLSetup.txt, and x509-*.pem files
in this package for
help configuring an external DTLS server.
The second one has this:
Please refer to GnuTLSSetup.txt or OpenSSLSetup.txt, and x509-*.pem files
in this package for
help configuring an external DTLS client.
I could not find GnuTLSSetup.txt or OpenSSLSetup.txt.
I went to
http://www.gnutls.org/manual/html_node/gnutls_002dserv-Invocation.html
and followed instructions to generate x509-*.pem files.
I set DEBUG = true in TlsTestConfig.
I started DTLSServerTest and then DTLSClientTest and got
Exception in thread "main" org.bouncycastle.crypto.tls.
TlsFatalAlert
at org.bouncycastle.crypto.tls.DTLSServerProtocol.accept(Unknown
Source)
at
org.bouncycastle.crypto.tls.test.DTLSServerTest.main(DTLSServerTest.java:54)
and in DTLSClientTest
Exception in thread "main" java.net.PortUnreachableException: ICMP Port
Unreachable
Started test server with nc -l -u -p 5556 and client nc -u 127.0.0.1 5556
and did not get any problem.
Any help to get DTLSClientTest and DTLSServerTest running will be greatly
appreciated.
Alex.

Peter Dettman

2014-08-15 02:59:26 UTC

Permalink

Hi Alex,
The setup .txt files were moved to core/docs and renamed to .html, and
the x509-*.pem files are in the package but under src/test/resources
now. I have just updated the javadoc accordingly.

If after referencing those the pain persists, then the simplest case to
begin solving will be BC DTLS client vs. GnuTLS or OpenSSL DTLS server
(configured as described in the setup files). Please post as much detail
as you can, including the platform you are on. Do you have other java
programs that can open ports successfully? Actually it may be even
simpler to begin with the TLS versions of the tests.

Regards,
Pete Dettman

Post by Alex Levin
Hi, I am trying to run DTLSClientTest and DTLSServerTest. The first
Please refer to GnuTLSSetup.txt or OpenSSLSetup.txt, and x509-*.pem
files in this package for
help configuring an external DTLS server.
Please refer to GnuTLSSetup.txt or OpenSSLSetup.txt, and x509-*.pem
files in this package for
help configuring an external DTLS client.
I could not find GnuTLSSetup.txt or OpenSSLSetup.txt.
I went to
http://www.gnutls.org/manual/html_node/gnutls_002dserv-Invocation.html
and followed instructions to generate x509-*.pem files.
I set DEBUG = true in TlsTestConfig.
I started DTLSServerTest and then DTLSClientTest and got
Exception in thread "main" org.bouncycastle.crypto.tls.
TlsFatalAlert
at
org.bouncycastle.crypto.tls.DTLSServerProtocol.accept(Unknown Source)
at
org.bouncycastle.crypto.tls.test.DTLSServerTest.main(DTLSServerTest.java:54)
and in DTLSClientTest
Exception in thread "main" java.net.PortUnreachableException: ICMP
Port Unreachable
Started test server with nc -l -u -p 5556 and client nc -u 127.0.0.1
5556 and did not get any problem.
Any help to get DTLSClientTest and DTLSServerTest running will be
greatly appreciated.
Alex.

Alex Levin

2014-08-16 15:12:45 UTC

Permalink

Hi, Pete,
Thank you for your response.
I am on Windows 7. Java version is 1.7.0_60 64-bit.
I started openssl server and client with these commands:
openssl s_server -accept 5556 -mtu 1500 -debug -msg -state -dtls1 -CAfile
x509-ca.pem -cert x509-server.pem -key x509-server-key.pem -verify 0
openssl s_client -connect localhost:5556 -mtu 1500 -debug -msg -state
-dtls1 -CAfile x509-ca.pem -cert x509-client.pem -key x509-client-key.pem
-verify 0
I had to replace -dtls1_2 mentioned in OpenSSLSetup.html with -dtls1
(-dtls1_2 was not a valid option).
This worked: >>> DTLS 1.0 Handshake [length 0018], Finished.
I then stopped openssl server and client, started openssl server and ran
DTLSClientTest.
I got this error:
DTLS client raised alert (AlertLevel.2, AlertDescription.80)
Exception in thread "main" org.bouncycastle.crypto.tls.TlsFatalAlert
at
org.bouncycastle.crypto.tls.DTLSClientProtocol.connect(DTLSClientProtocol.java:75)
at
org.bouncycastle.crypto.tls.test.DTLSClientTest.openDTLSConnection(DTLSClientTest.java:78)
at
org.bouncycastle.crypto.tls.test.DTLSClientTest.createSession(DTLSClientTest.java:59)
at
org.bouncycastle.crypto.tls.test.DTLSClientTest.main(DTLSClientTest.java:31)
An exception was thrown in DTLSClientProtocol on line 75:
catch (RuntimeException e)
{
recordLayer.fail(AlertDescription.internal_error);
throw new TlsFatalAlert(AlertDescription.internal_error);
}
where e was NullPointerException.
Thanks for your help,
Alex.

On Thu, Aug 14, 2014 at 10:59 PM, Peter Dettman <

Post by Peter Dettman
Hi Alex,
The setup .txt files were moved to core/docs and renamed to .html, and the
x509-*.pem files are in the package but under src/test/resources now. I
have just updated the javadoc accordingly.
If after referencing those the pain persists, then the simplest case to
begin solving will be BC DTLS client vs. GnuTLS or OpenSSL DTLS server
(configured as described in the setup files). Please post as much detail as
you can, including the platform you are on. Do you have other java programs
that can open ports successfully? Actually it may be even simpler to begin
with the TLS versions of the tests.
Regards,
Pete Dettman
Hi, I am trying to run DTLSClientTest and DTLSServerTest. The first one
Please refer to GnuTLSSetup.txt or OpenSSLSetup.txt, and x509-*.pem files
in this package for
help configuring an external DTLS server.
Please refer to GnuTLSSetup.txt or OpenSSLSetup.txt, and x509-*.pem files
in this package for
help configuring an external DTLS client.
I could not find GnuTLSSetup.txt or OpenSSLSetup.txt.
I went to
http://www.gnutls.org/manual/html_node/gnutls_002dserv-Invocation.html
and followed instructions to generate x509-*.pem files.
I set DEBUG = true in TlsTestConfig.
I started DTLSServerTest and then DTLSClientTest and got
Exception in thread "main" org.bouncycastle.crypto.tls.
TlsFatalAlert
at org.bouncycastle.crypto.tls.DTLSServerProtocol.accept(Unknown
Source)
at
org.bouncycastle.crypto.tls.test.DTLSServerTest.main(DTLSServerTest.java:54)
and in DTLSClientTest
Exception in thread "main" java.net.PortUnreachableException: ICMP Port
Unreachable
Started test server with nc -l -u -p 5556 and client nc -u 127.0.0.1 5556
and did not get any problem.
Any help to get DTLSClientTest and DTLSServerTest running will be greatly
appreciated.
Alex.

Alex Levin

2014-08-16 18:22:23 UTC

Permalink

I fixed my problem after I copied x509-*.pem files into the
org.bouncycastle.crypto.tls.test package.
Alex.

Post by Alex Levin
Hi, Pete,
Thank you for your response.
I am on Windows 7. Java version is 1.7.0_60 64-bit.
openssl s_server -accept 5556 -mtu 1500 -debug -msg -state -dtls1 -CAfile
x509-ca.pem -cert x509-server.pem -key x509-server-key.pem -verify 0
openssl s_client -connect localhost:5556 -mtu 1500 -debug -msg -state
-dtls1 -CAfile x509-ca.pem -cert x509-client.pem -key x509-client-key.pem
-verify 0
I had to replace -dtls1_2 mentioned in OpenSSLSetup.html with -dtls1
(-dtls1_2 was not a valid option).
This worked: >>> DTLS 1.0 Handshake [length 0018], Finished.
I then stopped openssl server and client, started openssl server and ran
DTLSClientTest.
DTLS client raised alert (AlertLevel.2, AlertDescription.80)
Exception in thread "main" org.bouncycastle.crypto.tls.TlsFatalAlert
at
org.bouncycastle.crypto.tls.DTLSClientProtocol.connect(DTLSClientProtocol.java:75)
at
org.bouncycastle.crypto.tls.test.DTLSClientTest.openDTLSConnection(DTLSClientTest.java:78)
at
org.bouncycastle.crypto.tls.test.DTLSClientTest.createSession(DTLSClientTest.java:59)
at
org.bouncycastle.crypto.tls.test.DTLSClientTest.main(DTLSClientTest.java:31)
catch (RuntimeException e)
{
recordLayer.fail(AlertDescription.internal_error);
throw new TlsFatalAlert(AlertDescription.internal_error);
}
where e was NullPointerException.
Thanks for your help,
Alex.
On Thu, Aug 14, 2014 at 10:59 PM, Peter Dettman <

Post by Peter Dettman
Hi Alex,
The setup .txt files were moved to core/docs and renamed to .html, and
the x509-*.pem files are in the package but under src/test/resources now. I
have just updated the javadoc accordingly.
If after referencing those the pain persists, then the simplest case to
begin solving will be BC DTLS client vs. GnuTLS or OpenSSL DTLS server
(configured as described in the setup files). Please post as much detail as
you can, including the platform you are on. Do you have other java programs
that can open ports successfully? Actually it may be even simpler to begin
with the TLS versions of the tests.
Regards,
Pete Dettman
Hi, I am trying to run DTLSClientTest and DTLSServerTest. The first one
Please refer to GnuTLSSetup.txt or OpenSSLSetup.txt, and x509-*.pem files
in this package for
help configuring an external DTLS server.
Please refer to GnuTLSSetup.txt or OpenSSLSetup.txt, and x509-*.pem files
in this package for
help configuring an external DTLS client.
I could not find GnuTLSSetup.txt or OpenSSLSetup.txt.
I went to
http://www.gnutls.org/manual/html_node/gnutls_002dserv-Invocation.html
and followed instructions to generate x509-*.pem files.
I set DEBUG = true in TlsTestConfig.
I started DTLSServerTest and then DTLSClientTest and got
Exception in thread "main" org.bouncycastle.crypto.tls.
TlsFatalAlert
at org.bouncycastle.crypto.tls.DTLSServerProtocol.accept(Unknown
Source)
at
org.bouncycastle.crypto.tls.test.DTLSServerTest.main(DTLSServerTest.java:54)
and in DTLSClientTest
Exception in thread "main" java.net.PortUnreachableException: ICMP Port
Unreachable
Started test server with nc -l -u -p 5556 and client nc -u 127.0.0.1 5556
and did not get any problem.
Any help to get DTLSClientTest and DTLSServerTest running will be greatly
appreciated.
Alex.

Alex Levin

2014-08-16 19:20:21 UTC

Permalink

I got openssl server and openssl client working using these commands
(Thanks, Peter):
openssl s_client -connect localhost:5556 -mtu 1500 -debug -msg -state
-dtls1 -CAfile x509-ca.pem -cert x509-client.pem -key x509-client-key.pem
-verify 0
openssl s_server -accept 5556 -mtu 1500 -debug -msg -state -dtls1 -CAfile
x509-ca.pem -cert x509-server.pem -key x509-server-key.pem -verify 0
I also got openssl server and DTLSClientTest working after I copied
x509-*.pem files into the org.bouncycastle.crypto.tls.test package.

Now I am trying to get openssl client and DTLSServerTest working.
I am getting Socket is closed exception (openssl client is still running):

java -cp .;..\lib\bcprov-debug-jdk15on-151.jar
org.bouncycastle.crypto.tls.test.DTLSServerTest
Accepting connection from 192.168.1.5:5556
Received client certificate chain of length 2
fingerprint:SHA-256
F5:DD:37:DF:9B:E7:DA:87:7C:6C:D6:61:5A:61:18:AE:B3:6A:A3
:3A:B4:5B:33:53:05:4A:7B:FC:B9:D5:A7:DA (CN=BouncyCastle Test Client)
fingerprint:SHA-256
F2:B0:0A:FB:DC:2F:36:FF:60:52:AC:26:C8:E6:1A:89:92:77:9B
:F4:1C:9D:A0:4C:25:58:3D:35:A5:C1:DC:C0 (CN=BouncyCastle TLS Test CA)
DTLS server received alert (AlertLevel.1, AlertDescription.0)
DTLS server raised alert (AlertLevel.1, AlertDescription.0)
Exception in thread "main" java.net.SocketException: Socket is closed
at java.net.DatagramSocket.setSoTimeout(DatagramSocket.java:862)
at
org.bouncycastle.crypto.tls.UDPTransport.receive(UDPTransport.java:47
)
at
org.bouncycastle.crypto.tls.DTLSRecordLayer.receiveRecord(DTLSRecordL
ayer.java:460)
at
org.bouncycastle.crypto.tls.DTLSRecordLayer.receive(DTLSRecordLayer.j
ava:148)
at
org.bouncycastle.crypto.tls.DTLSTransport.receive(DTLSTransport.java:
32)
at
org.bouncycastle.crypto.tls.test.DTLSServerTest.main(DTLSServerTest.j
ava:62)

I am wondering if there is anything I need to do differently to avoid this
error.

Thanks,
Alex.

On Thu, Aug 14, 2014 at 10:59 PM, Peter Dettman <

Alex Levin

2014-08-17 00:13:38 UTC

Permalink

I got DTLSClientTest and openssl server working.
I see Hello World! on the openssl server console.

I am trying now to run DTLSClientTest and DTLSServerTest.
The total number of lines on the DTLSServerTest console is 363,
and the output looks like this in the end:
(+2036ms) Received 39 byte datagram:
15 FE FD 00 01 00 00 00-00 00 01 00 1A 00 01 00
00 00 00 00 01 56 95 CB-DA D7 0D 50 C3 9E 0B 3B
C3 73 B6 74 E6 D9 09
DTLS server received alert (AlertLevel.1, AlertDescription.0)
DTLS server raised alert (AlertLevel.1, AlertDescription.0)
(+2043ms) Sending 39 byte datagram:
15 FE FD 00 01 00 00 00-00 00 01 00 1A 00 01 00
00 00 00 00 01 7B 81 4C-C9 DC FF AC 9B 89 C2 89
8B 55 97 8F 2C FE C2

On the other hand, the number of lines on the openssl console is 947 and
the output ends with "Hello World!"
DTLSServerTest never prints "Hello World!". It seems it stops prematurely.
Thank you for your help.
Alex.

Alex Levin

2014-08-19 00:44:44 UTC

Permalink

If I comment out this line in DTLSServerTest
transport = new LoggingDatagramTransport(transport, System.out),

the SocketException is thrown:
java -cp .;..\lib\bcprov-debug-jdk15on-151.jar
org.bouncycastle.crypto.tls.test.DTLSServerTest
Accepting connection from 192.168.1.5:5556
Received client certificate chain of length 2
fingerprint:SHA-256
F5:DD:37:DF:9B:E7:DA:87:7C:6C:D6:61:5A:61:18:AE:B3:6A:A3
:3A:B4:5B:33:53:05:4A:7B:FC:B9:D5:A7:DA (CN=BouncyCastle Test Client)
fingerprint:SHA-256
F2:B0:0A:FB:DC:2F:36:FF:60:52:AC:26:C8:E6:1A:89:92:77:9B
:F4:1C:9D:A0:4C:25:58:3D:35:A5:C1:DC:C0 (CN=BouncyCastle TLS Test CA)
DTLS server received alert (AlertLevel.1, AlertDescription.0)
DTLS server raised alert (AlertLevel.1, AlertDescription.0)
Exception in thread "main" java.net.SocketException: Socket is closed
at java.net.DatagramSocket.setSoTimeout(DatagramSocket.java:862)
at
org.bouncycastle.crypto.tls.UDPTransport.receive(UDPTransport.java:47
)
at
org.bouncycastle.crypto.tls.DTLSRecordLayer.receiveRecord(DTLSRecordL
ayer.java:460)
at
org.bouncycastle.crypto.tls.DTLSRecordLayer.receive(DTLSRecordLayer.j
ava:148)
at
org.bouncycastle.crypto.tls.DTLSTransport.receive(DTLSTransport.java:
32)
at
org.bouncycastle.crypto.tls.test.DTLSServerTest.main(DTLSServerTest.j
ava:62)

Is this a known issue?
Thanks,
Alex.

Post by Alex Levin
I got DTLSClientTest and openssl server working.
I see Hello World! on the openssl server console.
I am trying now to run DTLSClientTest and DTLSServerTest.
The total number of lines on the DTLSServerTest console is 363,
15 FE FD 00 01 00 00 00-00 00 01 00 1A 00 01 00
00 00 00 00 01 56 95 CB-DA D7 0D 50 C3 9E 0B 3B
C3 73 B6 74 E6 D9 09
DTLS server received alert (AlertLevel.1, AlertDescription.0)
DTLS server raised alert (AlertLevel.1, AlertDescription.0)
15 FE FD 00 01 00 00 00-00 00 01 00 1A 00 01 00
00 00 00 00 01 7B 81 4C-C9 DC FF AC 9B 89 C2 89
8B 55 97 8F 2C FE C2
On the other hand, the number of lines on the openssl console is 947 and
the output ends with "Hello World!"
DTLSServerTest never prints "Hello World!". It seems it stops prematurely.
Thank you for your help.
Alex.

Alex Levin

2014-08-19 02:09:47 UTC

Permalink

I solved the issue by commenting out socket.close() in UDPTransport for now.
The outputs of DTLSServerTest and openssl s_server are now identical.
Alex.

Post by Alex Levin
If I comment out this line in DTLSServerTest
transport = new LoggingDatagramTransport(transport, System.out),
java -cp .;..\lib\bcprov-debug-jdk15on-151.jar
org.bouncycastle.crypto.tls.test.DTLSServerTest
Accepting connection from 192.168.1.5:5556
Received client certificate chain of length 2
fingerprint:SHA-256
F5:DD:37:DF:9B:E7:DA:87:7C:6C:D6:61:5A:61:18:AE:B3:6A:A3
:3A:B4:5B:33:53:05:4A:7B:FC:B9:D5:A7:DA (CN=BouncyCastle Test Client)
fingerprint:SHA-256
F2:B0:0A:FB:DC:2F:36:FF:60:52:AC:26:C8:E6:1A:89:92:77:9B
:F4:1C:9D:A0:4C:25:58:3D:35:A5:C1:DC:C0 (CN=BouncyCastle TLS Test CA)
DTLS server received alert (AlertLevel.1, AlertDescription.0)
DTLS server raised alert (AlertLevel.1, AlertDescription.0)
Exception in thread "main" java.net.SocketException: Socket is closed
at java.net.DatagramSocket.setSoTimeout(DatagramSocket.java:862)
at
org.bouncycastle.crypto.tls.UDPTransport.receive(UDPTransport.java:47
)
at
org.bouncycastle.crypto.tls.DTLSRecordLayer.receiveRecord(DTLSRecordL
ayer.java:460)
at
org.bouncycastle.crypto.tls.DTLSRecordLayer.receive(DTLSRecordLayer.j
ava:148)
at
32)
at
org.bouncycastle.crypto.tls.test.DTLSServerTest.main(DTLSServerTest.j
ava:62)
Is this a known issue?
Thanks,
Alex.