ibm-security-innovation / goldy Goto Github PK

Lightweight DTLS proxy

License: Apache License 2.0

Makefile 2.59% C 92.91% Shell 4.32% Dockerfile 0.18%

goldy's Introduction

Goldy

goldy is lightweight DTLS proxy which allows adding DTLS encryption (using mbed TLS) to UDP servers without modifying their code.

Build

To build goldy from source:

git clone https://github.com/ibm-security-innovation/goldy.git
cd goldy
make deps
make

Use make V=1 for a verbose build output and make DEBUG=1 to enable debug info (-g3).

Help

Usage: goldy [-hvd] [-g log_level] [-t seconds] -l listen_host:port
             -b backend_host:port -c cert_pem_file -k private_key_pem_file

Options:
  -h, --help                 this help
  -v, --version              show version and exit
  -d, --daemonize            run as a daemon
  -g, --log=LEVEL            log level DEBUG/INFO/ERROR
  -t, --timeout=SECONDS      Session timeout (seconds)
  -l, --listen=ADDR:PORT     listen for incoming DTLS on addr and UDP port
  -b, --backend=ADDR:PORT    proxy UDP traffic to addr and port
  -c, --cert=FILE            TLS certificate PEM filename
  -k, --key=FILE             TLS private key PEM filename

Tests

The following command compiles the test client and server and then runs the full-cycle test suite:

make test

Docker use

To build the Docker image:

docker build . -t goldy:latest

The Docker image has an entrypoint script which makes easy to pass the certificate and key, without requiring the use of a volume. To do so, run:

docker run -e LISTEN=:::5683 \
           -e BACKEND=<backend host:port> \
           -e KEY=<base64> \
           -e CERT=<base64> \
           -p 5683:5683 \
           <extra goldy arguments>

License

Goldy is distributed under the Apache License, version 2.0 .

Authors: Dov Murik, Shmulik Regev

Contributions are gladly welcome. Please see the requirement for Developer Certificate of Origin .

Dependencies & 3rd Party

mbedTLS is used as the underlying DTLS implementation.

libev is used as an event library. Its BSD 2 clause license is used.

Contribution

Contributions to the project are welcomed. It is required however to provide alongside the pull request one of the contribution forms (CLA) that are a part of the project. If the contributor is operating in his individual or personal capacity, then he/she is to use the individual CLA; if operating in his/her role at a company or entity, then he/she must use the corporate CLA.

goldy's People

Contributors

Stargazers

Watchers

goldy's Issues

Using goldy on both ends to create an end-to-end UDP tunnel

Is it possible to use goldy on both ends of a connection? For example I have a UDP application on host1 and a UDP application on host2, both listening on localhost 5000. I need to encrypt the packets being sent across the WAN. Can this be done like so: on host1 goldy -l host1:3000 -b 127.0.0.1:5000 and on host2 goldy -l host2:3000 -b 127.0.0.1:5000? My early experiments are failing and I'm wondering if I'm misunderstanding the proper usage.

Crashes with Windows (mingw/msys)

After failing with cygwin, I tried mingw. After a few trivial fixes ( https://github.com/mifritscher/goldy/tree/mingw-bringup ), it compiles - but crashes right after start:

800800 INFO  Goldy 0.2 starting up
.805800 DEBUG Binded UDP 0.0.0.0:11194
.806800 DEBUG Loaded server certificate file
.807800 DEBUG Loaded private key file
.811800 DEBUG Seeded random number generator
.811800 INFO  Proxy is ready, listening for connections on UDP 0.0.0.0:11194
.811800 INFO  main_loop - start
.811800 DEBUG start_listen_io - 116
./server.sh: Zeile 1:  2047 Segmentation fault      ./goldy -g DEBUG -l 0.0.0.0:11194 -b 127.0.0.1:1195 -c keys/individual_1_server.crt -k keys/individual_1_server.key

Ah short gdb session reveals:

Program received signal SIGSEGV, Segmentation fault.
0x0000000000447fcf in pri_adjust (loop=0x0, w=0x22f450) at ev.c:3895
3895      ev_set_priority (w, pri);
(gdb) bt
#0  0x0000000000447fcf in pri_adjust (loop=0x0, w=0x22f450) at ev.c:3895
#1  ev_start (active=1, w=0x22f450, loop=0x0) at ev.c:3901
#2  ev_io_start (loop=0x0, w=0x22f450) at ev.c:3932
#3  0x000000000040362a in start_listen_io (loop=0x0, w=0x22f450, gc=0x22f4c0)
    at goldy.c:832
#4  0x0000000000403b27 in main_loop (gc=0x22f4c0) at goldy.c:958
#5  0x0000000000403c0e in main (argc=11, argv=0x392a10) at goldy.c:984
(gdb) quit
A debugging session is active.

Does not work under Windows (Cygwin)

I'm using goldy-client as client (https://github.com/fortitudepub/goldy-client)

On Linux, both goldy and goldy-client do work. But unter Windows, goldy-client does work (connects to goldy on Linux just fine), but goldy under Windows does not work - tried goldy-client both under Linux and Windows.

Output of client:

2019-08-06 15:07:39.377352 INFO  Goldy 0.2 starting up
2019-08-06 15:07:39.377494 DEBUG Binded UDP 127.0.0.1:1193
2019-08-06 15:07:39.377597 DEBUG Loaded server cacert file
2019-08-06 15:07:39.377659 DEBUG Seeded random number generator
2019-08-06 15:07:39.377703 INFO  Proxy is ready, listening for connections on UDP 127.0.0.1:1193
2019-08-06 15:07:39.377747 INFO  main_loop - start
2019-08-06 15:07:39.377760 DEBUG start_listen_io - 3
2019-08-06 15:07:52.937361 DEBUG global_cb fds: 3,3 revents: 0x01 count: 0
2019-08-06 15:07:52.937500 DEBUG connect_to_new_client: connected on fd 6
2019-08-06 15:07:52.937593 INFO  (127.0.0.1:43106) Client connected
2019-08-06 15:07:52.937786 INFO  Created socket to backend UDP 172.25.30.225:11194
2019-08-06 15:07:52.937809 DEBUG global_cb - session_start - client_fd 6
2019-08-06 15:07:52.937824 DEBUG mbedtls_debug [2] ssl_tls.c:6335: => handshake

2019-08-06 15:07:52.937837 DEBUG mbedtls_debug [2] ssl_cli.c:3279: client state: 0

2019-08-06 15:07:52.937849 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:07:52.937859 DEBUG mbedtls_debug [2] ssl_tls.c:2428: <= flush output

2019-08-06 15:07:52.937870 DEBUG mbedtls_debug [2] ssl_cli.c:3279: client state: 1

2019-08-06 15:07:52.937880 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:07:52.937890 DEBUG mbedtls_debug [2] ssl_tls.c:2428: <= flush output

2019-08-06 15:07:52.937901 DEBUG mbedtls_debug [2] ssl_cli.c:0717: => write client hello

2019-08-06 15:07:52.937932 DEBUG mbedtls_debug [2] ssl_tls.c:2701: => write record

2019-08-06 15:07:52.937961 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:07:52.937973 DEBUG mbedtls_debug [2] ssl_tls.c:2435: message length: 401, out_left: 401

2019-08-06 15:07:52.938040 DEBUG mbedtls_debug [2] ssl_tls.c:2441: ssl->f_send() returned 401 (-0xfffffe6f)

2019-08-06 15:07:52.938054 DEBUG mbedtls_debug [2] ssl_tls.c:2460: <= flush output

2019-08-06 15:07:52.938065 DEBUG mbedtls_debug [2] ssl_tls.c:2850: <= write record

2019-08-06 15:07:52.938076 DEBUG mbedtls_debug [2] ssl_cli.c:1049: <= write client hello

2019-08-06 15:07:52.938107 DEBUG mbedtls_debug [2] ssl_cli.c:3279: client state: 2

2019-08-06 15:07:52.938119 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:07:52.938129 DEBUG mbedtls_debug [2] ssl_tls.c:2428: <= flush output

2019-08-06 15:07:52.938140 DEBUG mbedtls_debug [2] ssl_cli.c:1410: => parse server hello

2019-08-06 15:07:52.938150 DEBUG mbedtls_debug [2] ssl_tls.c:3728: => read record

2019-08-06 15:07:52.938161 DEBUG mbedtls_debug [2] ssl_tls.c:2208: => fetch input

2019-08-06 15:07:52.938172 DEBUG mbedtls_debug [2] ssl_tls.c:2269: in_left: 0, nb_want: 13

2019-08-06 15:07:52.938196 DEBUG mbedtls_debug [2] ssl_tls.c:6345: <= handshake

2019-08-06 15:07:52.938210 DEBUG mbedtls handshake return SSL - Connection requires a read call
2019-08-06 15:07:52.968410 DEBUG mbedtls_debug [2] ssl_tls.c:6335: => handshake

2019-08-06 15:07:52.968470 DEBUG mbedtls_debug [2] ssl_cli.c:3279: client state: 2

2019-08-06 15:07:52.968480 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:07:52.968492 DEBUG mbedtls_debug [2] ssl_tls.c:2428: <= flush output

2019-08-06 15:07:52.968510 DEBUG mbedtls_debug [2] ssl_cli.c:1410: => parse server hello

2019-08-06 15:07:52.968522 DEBUG mbedtls_debug [2] ssl_tls.c:3728: => read record

2019-08-06 15:07:52.968531 DEBUG mbedtls_debug [2] ssl_tls.c:2208: => fetch input

2019-08-06 15:07:52.968543 DEBUG mbedtls_debug [2] ssl_tls.c:2269: in_left: 0, nb_want: 13

2019-08-06 15:07:52.968571 DEBUG mbedtls_debug [2] ssl_tls.c:2315: ssl->f_recv(_timeout)() returned 60 (-0xffffffc4)

2019-08-06 15:07:52.968581 DEBUG mbedtls_debug [2] ssl_tls.c:2403: <= fetch input

2019-08-06 15:07:52.968590 DEBUG mbedtls_debug [2] ssl_tls.c:2208: => fetch input

2019-08-06 15:07:52.968598 DEBUG mbedtls_debug [2] ssl_tls.c:2269: in_left: 60, nb_want: 60

2019-08-06 15:07:52.968605 DEBUG mbedtls_debug [2] ssl_tls.c:2276: <= fetch input

2019-08-06 15:07:52.968620 DEBUG mbedtls_debug [2] ssl_tls.c:3753: <= read record

2019-08-06 15:07:52.968629 DEBUG mbedtls_debug [2] ssl_cli.c:1449: received hello verify request

2019-08-06 15:07:52.968638 DEBUG mbedtls_debug [2] ssl_cli.c:1450: <= parse server hello

2019-08-06 15:07:52.968646 DEBUG mbedtls_debug [2] ssl_cli.c:1326: => parse hello verify request

2019-08-06 15:07:52.968658 DEBUG mbedtls_debug [2] ssl_cli.c:1385: <= parse hello verify request

2019-08-06 15:07:52.968667 DEBUG mbedtls_debug [2] ssl_cli.c:3279: client state: 1

2019-08-06 15:07:52.968675 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:07:52.968682 DEBUG mbedtls_debug [2] ssl_tls.c:2428: <= flush output

2019-08-06 15:07:52.968689 DEBUG mbedtls_debug [2] ssl_cli.c:0717: => write client hello

2019-08-06 15:07:52.968713 DEBUG mbedtls_debug [2] ssl_tls.c:2701: => write record

2019-08-06 15:07:52.968745 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:07:52.968762 DEBUG mbedtls_debug [2] ssl_tls.c:2435: message length: 433, out_left: 433

2019-08-06 15:07:52.968872 DEBUG mbedtls_debug [2] ssl_tls.c:2441: ssl->f_send() returned 433 (-0xfffffe4f)

2019-08-06 15:07:52.968889 DEBUG mbedtls_debug [2] ssl_tls.c:2460: <= flush output

2019-08-06 15:07:52.968905 DEBUG mbedtls_debug [2] ssl_tls.c:2850: <= write record

2019-08-06 15:07:52.968920 DEBUG mbedtls_debug [2] ssl_cli.c:1049: <= write client hello

2019-08-06 15:07:52.968940 DEBUG mbedtls_debug [2] ssl_cli.c:3279: client state: 2

2019-08-06 15:07:52.968956 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:07:52.968972 DEBUG mbedtls_debug [2] ssl_tls.c:2428: <= flush output

2019-08-06 15:07:52.968988 DEBUG mbedtls_debug [2] ssl_cli.c:1410: => parse server hello

2019-08-06 15:07:52.969003 DEBUG mbedtls_debug [2] ssl_tls.c:3728: => read record

2019-08-06 15:07:52.969018 DEBUG mbedtls_debug [2] ssl_tls.c:2208: => fetch input

2019-08-06 15:07:52.969035 DEBUG mbedtls_debug [2] ssl_tls.c:2269: in_left: 0, nb_want: 13

2019-08-06 15:07:52.969056 DEBUG mbedtls_debug [2] ssl_tls.c:6345: <= handshake

2019-08-06 15:07:52.969077 DEBUG mbedtls handshake return SSL - Connection requires a read call
2019-08-06 15:07:52.976433 DEBUG mbedtls_debug [2] ssl_tls.c:6335: => handshake

2019-08-06 15:07:52.976480 DEBUG mbedtls_debug [2] ssl_cli.c:3279: client state: 2

2019-08-06 15:07:52.976503 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:07:52.976519 DEBUG mbedtls_debug [2] ssl_tls.c:2428: <= flush output

2019-08-06 15:07:52.976533 DEBUG mbedtls_debug [2] ssl_cli.c:1410: => parse server hello

2019-08-06 15:07:52.976549 DEBUG mbedtls_debug [2] ssl_tls.c:3728: => read record

2019-08-06 15:07:52.976565 DEBUG mbedtls_debug [2] ssl_tls.c:2208: => fetch input

2019-08-06 15:07:52.976580 DEBUG mbedtls_debug [2] ssl_tls.c:2269: in_left: 0, nb_want: 13

2019-08-06 15:07:52.976604 DEBUG mbedtls_debug [2] ssl_tls.c:2315: ssl->f_recv(_timeout)() returned 112 (-0xffffff90)

2019-08-06 15:07:52.976619 DEBUG mbedtls_debug [2] ssl_tls.c:2403: <= fetch input

2019-08-06 15:07:52.976634 DEBUG mbedtls_debug [2] ssl_tls.c:2208: => fetch input

2019-08-06 15:07:52.976648 DEBUG mbedtls_debug [2] ssl_tls.c:2269: in_left: 112, nb_want: 112

2019-08-06 15:07:52.976662 DEBUG mbedtls_debug [2] ssl_tls.c:2276: <= fetch input

2019-08-06 15:07:52.976687 DEBUG mbedtls_debug [2] ssl_tls.c:3753: <= read record

2019-08-06 15:07:52.976704 DEBUG mbedtls_debug [2] ssl_cli.c:1671: server hello, total extension length: 15

2019-08-06 15:07:52.976720 DEBUG mbedtls_debug [2] ssl_cli.c:1859: <= parse server hello

2019-08-06 15:07:52.976734 DEBUG mbedtls_debug [2] ssl_cli.c:3279: client state: 3

2019-08-06 15:07:52.976748 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:07:52.976762 DEBUG mbedtls_debug [2] ssl_tls.c:2428: <= flush output

2019-08-06 15:07:52.976776 DEBUG mbedtls_debug [2] ssl_tls.c:4223: => parse certificate

2019-08-06 15:07:52.976790 DEBUG mbedtls_debug [2] ssl_tls.c:3728: => read record

2019-08-06 15:07:52.976804 DEBUG mbedtls_debug [2] ssl_tls.c:2208: => fetch input

2019-08-06 15:07:52.976818 DEBUG mbedtls_debug [2] ssl_tls.c:2269: in_left: 0, nb_want: 13

2019-08-06 15:07:52.976840 DEBUG mbedtls_debug [2] ssl_tls.c:2315: ssl->f_recv(_timeout)() returned 1594 (-0xfffff9c6)

2019-08-06 15:07:52.976855 DEBUG mbedtls_debug [2] ssl_tls.c:2403: <= fetch input

2019-08-06 15:07:52.976869 DEBUG mbedtls_debug [2] ssl_tls.c:2208: => fetch input

2019-08-06 15:07:52.976884 DEBUG mbedtls_debug [2] ssl_tls.c:2269: in_left: 1594, nb_want: 1594

2019-08-06 15:07:52.976898 DEBUG mbedtls_debug [2] ssl_tls.c:2276: <= fetch input

2019-08-06 15:07:52.976933 DEBUG mbedtls_debug [2] ssl_tls.c:3753: <= read record

2019-08-06 15:07:52.976982 DEBUG mbedtls_debug [2] ssl_tls.c:4490: <= parse certificate

2019-08-06 15:07:52.976999 DEBUG mbedtls_debug [2] ssl_cli.c:3279: client state: 4

2019-08-06 15:07:52.977013 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:07:52.977027 DEBUG mbedtls_debug [2] ssl_tls.c:2428: <= flush output

2019-08-06 15:07:52.977041 DEBUG mbedtls_debug [2] ssl_cli.c:2198: => parse server key exchange

2019-08-06 15:07:52.977054 DEBUG mbedtls_debug [2] ssl_tls.c:3728: => read record

2019-08-06 15:07:52.977068 DEBUG mbedtls_debug [2] ssl_tls.c:2208: => fetch input

2019-08-06 15:07:52.977083 DEBUG mbedtls_debug [2] ssl_tls.c:2269: in_left: 0, nb_want: 13

2019-08-06 15:07:52.977104 DEBUG mbedtls_debug [2] ssl_tls.c:6345: <= handshake

2019-08-06 15:07:52.977121 DEBUG mbedtls handshake return SSL - Connection requires a read call
2019-08-06 15:07:53.000585 DEBUG mbedtls_debug [2] ssl_tls.c:6335: => handshake

2019-08-06 15:07:53.000662 DEBUG mbedtls_debug [2] ssl_cli.c:3279: client state: 4

2019-08-06 15:07:53.000730 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:07:53.000774 DEBUG mbedtls_debug [2] ssl_tls.c:2428: <= flush output

2019-08-06 15:07:53.000817 DEBUG mbedtls_debug [2] ssl_cli.c:2198: => parse server key exchange

2019-08-06 15:07:53.000841 DEBUG mbedtls_debug [2] ssl_tls.c:3728: => read record

2019-08-06 15:07:53.000861 DEBUG mbedtls_debug [2] ssl_tls.c:2208: => fetch input

2019-08-06 15:07:53.000882 DEBUG mbedtls_debug [2] ssl_tls.c:2269: in_left: 0, nb_want: 13

2019-08-06 15:07:53.000917 DEBUG mbedtls_debug [2] ssl_tls.c:2315: ssl->f_recv(_timeout)() returned 422 (-0xfffffe5a)

2019-08-06 15:07:53.000935 DEBUG mbedtls_debug [2] ssl_tls.c:2403: <= fetch input

2019-08-06 15:07:53.000951 DEBUG mbedtls_debug [2] ssl_tls.c:2208: => fetch input

2019-08-06 15:07:53.000966 DEBUG mbedtls_debug [2] ssl_tls.c:2269: in_left: 422, nb_want: 422

2019-08-06 15:07:53.000982 DEBUG mbedtls_debug [2] ssl_tls.c:2276: <= fetch input

2019-08-06 15:07:53.001006 DEBUG mbedtls_debug [2] ssl_tls.c:3753: <= read record

2019-08-06 15:07:53.001032 DEBUG mbedtls_debug [2] ssl_cli.c:1919: ECDH curve: secp521r1

2019-08-06 15:07:53.001050 DEBUG mbedtls_debug [2] ssl_cli.c:2141: Server used SignatureAlgorithm 1

2019-08-06 15:07:53.001067 DEBUG mbedtls_debug [2] ssl_cli.c:2142: Server used HashAlgorithm 6

2019-08-06 15:07:53.001460 DEBUG mbedtls_debug [2] ssl_cli.c:2516: <= parse server key exchange

2019-08-06 15:07:53.001491 DEBUG mbedtls_debug [2] ssl_cli.c:3279: client state: 5

2019-08-06 15:07:53.001510 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:07:53.001527 DEBUG mbedtls_debug [2] ssl_tls.c:2428: <= flush output

2019-08-06 15:07:53.001545 DEBUG mbedtls_debug [2] ssl_cli.c:2556: => parse certificate request

2019-08-06 15:07:53.001563 DEBUG mbedtls_debug [2] ssl_tls.c:3728: => read record

2019-08-06 15:07:53.001579 DEBUG mbedtls_debug [2] ssl_tls.c:2208: => fetch input

2019-08-06 15:07:53.001597 DEBUG mbedtls_debug [2] ssl_tls.c:2269: in_left: 0, nb_want: 13

2019-08-06 15:07:53.001624 DEBUG mbedtls_debug [2] ssl_tls.c:2315: ssl->f_recv(_timeout)() returned 25 (-0xffffffe7)

2019-08-06 15:07:53.001643 DEBUG mbedtls_debug [2] ssl_tls.c:2403: <= fetch input

2019-08-06 15:07:53.001662 DEBUG mbedtls_debug [2] ssl_tls.c:2208: => fetch input

2019-08-06 15:07:53.001679 DEBUG mbedtls_debug [2] ssl_tls.c:2269: in_left: 25, nb_want: 25

2019-08-06 15:07:53.001696 DEBUG mbedtls_debug [2] ssl_tls.c:2276: <= fetch input

2019-08-06 15:07:53.001714 DEBUG mbedtls_debug [2] ssl_tls.c:3753: <= read record

2019-08-06 15:07:53.001730 DEBUG mbedtls_debug [2] ssl_cli.c:2674: <= parse certificate request

2019-08-06 15:07:53.001748 DEBUG mbedtls_debug [2] ssl_cli.c:3279: client state: 6

2019-08-06 15:07:53.001765 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:07:53.001783 DEBUG mbedtls_debug [2] ssl_tls.c:2428: <= flush output

2019-08-06 15:07:53.001801 DEBUG mbedtls_debug [2] ssl_cli.c:2689: => parse server hello done

2019-08-06 15:07:53.001823 DEBUG mbedtls_debug [2] ssl_cli.c:2721: <= parse server hello done

2019-08-06 15:07:53.001843 DEBUG mbedtls_debug [2] ssl_cli.c:3279: client state: 7

2019-08-06 15:07:53.001861 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:07:53.001878 DEBUG mbedtls_debug [2] ssl_tls.c:2428: <= flush output

2019-08-06 15:07:53.001895 DEBUG mbedtls_debug [2] ssl_tls.c:4107: => write certificate

2019-08-06 15:07:53.001912 DEBUG mbedtls_debug [2] ssl_tls.c:4124: <= skip write certificate

2019-08-06 15:07:53.001928 DEBUG mbedtls_debug [2] ssl_cli.c:3279: client state: 8

2019-08-06 15:07:53.001945 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:07:53.001962 DEBUG mbedtls_debug [2] ssl_tls.c:2428: <= flush output

2019-08-06 15:07:53.001980 DEBUG mbedtls_debug [2] ssl_cli.c:2732: => write client key exchange

2019-08-06 15:07:53.014365 DEBUG mbedtls_debug [2] ssl_tls.c:2701: => write record

2019-08-06 15:07:53.014392 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:07:53.014400 DEBUG mbedtls_debug [2] ssl_tls.c:2435: message length: 159, out_left: 159

2019-08-06 15:07:53.014444 DEBUG mbedtls_debug [2] ssl_tls.c:2441: ssl->f_send() returned 159 (-0xffffff61)

2019-08-06 15:07:53.014452 DEBUG mbedtls_debug [2] ssl_tls.c:2460: <= flush output

2019-08-06 15:07:53.014461 DEBUG mbedtls_debug [2] ssl_tls.c:2850: <= write record

2019-08-06 15:07:53.014470 DEBUG mbedtls_debug [2] ssl_cli.c:2977: <= write client key exchange

2019-08-06 15:07:53.014480 DEBUG mbedtls_debug [2] ssl_cli.c:3279: client state: 9

2019-08-06 15:07:53.014489 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:07:53.014498 DEBUG mbedtls_debug [2] ssl_tls.c:2428: <= flush output

2019-08-06 15:07:53.014506 DEBUG mbedtls_debug [2] ssl_cli.c:3026: => write certificate verify

2019-08-06 15:07:53.014515 DEBUG mbedtls_debug [2] ssl_tls.c:0501: => derive keys

2019-08-06 15:07:53.014525 DEBUG mbedtls_debug [2] ssl_tls.c:1067: => calc verify sha384

2019-08-06 15:07:53.014536 DEBUG mbedtls_debug [2] ssl_tls.c:1073: <= calc verify

2019-08-06 15:07:53.014609 DEBUG mbedtls_debug [2] ssl_tls.c:0957: <= derive keys

2019-08-06 15:07:53.014616 DEBUG mbedtls_debug [2] ssl_cli.c:3047: <= skip write certificate verify

2019-08-06 15:07:53.014635 DEBUG mbedtls_debug [2] ssl_cli.c:3279: client state: 10

2019-08-06 15:07:53.014643 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:07:53.014651 DEBUG mbedtls_debug [2] ssl_tls.c:2428: <= flush output

2019-08-06 15:07:53.014660 DEBUG mbedtls_debug [2] ssl_tls.c:4506: => write change cipher spec

2019-08-06 15:07:53.014668 DEBUG mbedtls_debug [2] ssl_tls.c:2701: => write record

2019-08-06 15:07:53.014677 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:07:53.014686 DEBUG mbedtls_debug [2] ssl_tls.c:2435: message length: 14, out_left: 14

2019-08-06 15:07:53.014706 DEBUG mbedtls_debug [2] ssl_tls.c:2441: ssl->f_send() returned 14 (-0xfffffff2)

2019-08-06 15:07:53.014714 DEBUG mbedtls_debug [2] ssl_tls.c:2460: <= flush output

2019-08-06 15:07:53.014723 DEBUG mbedtls_debug [2] ssl_tls.c:2850: <= write record

2019-08-06 15:07:53.014731 DEBUG mbedtls_debug [2] ssl_tls.c:4520: <= write change cipher spec

2019-08-06 15:07:53.014739 DEBUG mbedtls_debug [2] ssl_cli.c:3279: client state: 11

2019-08-06 15:07:53.014747 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:07:53.014755 DEBUG mbedtls_debug [2] ssl_tls.c:2428: <= flush output

2019-08-06 15:07:53.014763 DEBUG mbedtls_debug [2] ssl_tls.c:5031: => write finished

2019-08-06 15:07:53.014771 DEBUG mbedtls_debug [2] ssl_tls.c:4905: => calc  finished tls sha384

2019-08-06 15:07:53.014791 DEBUG mbedtls_debug [2] ssl_tls.c:4935: <= calc  finished

2019-08-06 15:07:53.014799 DEBUG mbedtls_debug [2] ssl_tls.c:2701: => write record

2019-08-06 15:07:53.014809 DEBUG mbedtls_debug [2] ssl_tls.c:1258: => encrypt buf

2019-08-06 15:07:53.014819 DEBUG mbedtls_debug [2] ssl_tls.c:1560: <= encrypt buf

2019-08-06 15:07:53.014827 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:07:53.014836 DEBUG mbedtls_debug [2] ssl_tls.c:2435: message length: 61, out_left: 61

2019-08-06 15:07:53.014855 DEBUG mbedtls_debug [2] ssl_tls.c:2441: ssl->f_send() returned 61 (-0xffffffc3)

2019-08-06 15:07:53.014862 DEBUG mbedtls_debug [2] ssl_tls.c:2460: <= flush output

2019-08-06 15:07:53.014870 DEBUG mbedtls_debug [2] ssl_tls.c:2850: <= write record

2019-08-06 15:07:53.014879 DEBUG mbedtls_debug [2] ssl_tls.c:5140: <= write finished

2019-08-06 15:07:53.014887 DEBUG mbedtls_debug [2] ssl_cli.c:3279: client state: 12

2019-08-06 15:07:53.014895 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:07:53.014903 DEBUG mbedtls_debug [2] ssl_tls.c:2428: <= flush output

2019-08-06 15:07:53.014912 DEBUG mbedtls_debug [2] ssl_tls.c:4529: => parse change cipher spec

2019-08-06 15:07:53.014920 DEBUG mbedtls_debug [2] ssl_tls.c:3728: => read record

2019-08-06 15:07:53.014928 DEBUG mbedtls_debug [2] ssl_tls.c:2208: => fetch input

2019-08-06 15:07:53.014936 DEBUG mbedtls_debug [2] ssl_tls.c:2269: in_left: 0, nb_want: 13

2019-08-06 15:07:53.014950 DEBUG mbedtls_debug [2] ssl_tls.c:6345: <= handshake

2019-08-06 15:07:53.014958 DEBUG mbedtls handshake return SSL - Connection requires a read call
2019-08-06 15:08:26.232762 DEBUG global_cb fds: 3,3 revents: 0x01 count: 1
2019-08-06 15:08:26.232989 DEBUG connect_to_new_client: connected on fd 8
2019-08-06 15:08:26.233031 DEBUG session_free - sc=f51bfa80
2019-08-06 15:08:26.233154 DEBUG mbedtls_debug [2] ssl_tls.c:7055: => free

2019-08-06 15:08:26.233324 DEBUG mbedtls_debug [2] ssl_tls.c:7120: <= free

2019-08-06 15:08:26.233366 INFO  (127.0.0.1:43106) Session closed
2019-08-06 15:08:26.233448 INFO  (127.0.0.1:41531) Client connected
2019-08-06 15:08:26.233549 INFO  Created socket to backend UDP 172.25.30.225:11194
2019-08-06 15:08:26.233588 DEBUG global_cb - session_start - client_fd 8
2019-08-06 15:08:26.233624 DEBUG mbedtls_debug [2] ssl_tls.c:6335: => handshake

2019-08-06 15:08:26.233653 DEBUG mbedtls_debug [2] ssl_cli.c:3279: client state: 0

2019-08-06 15:08:26.233682 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:08:26.233708 DEBUG mbedtls_debug [2] ssl_tls.c:2428: <= flush output

2019-08-06 15:08:26.233736 DEBUG mbedtls_debug [2] ssl_cli.c:3279: client state: 1

2019-08-06 15:08:26.233763 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:08:26.233792 DEBUG mbedtls_debug [2] ssl_tls.c:2428: <= flush output

2019-08-06 15:08:26.233821 DEBUG mbedtls_debug [2] ssl_cli.c:0717: => write client hello

2019-08-06 15:08:26.233901 DEBUG mbedtls_debug [2] ssl_tls.c:2701: => write record

2019-08-06 15:08:26.233978 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:08:26.234013 DEBUG mbedtls_debug [2] ssl_tls.c:2435: message length: 401, out_left: 401

2019-08-06 15:08:26.234266 DEBUG mbedtls_debug [2] ssl_tls.c:2441: ssl->f_send() returned 401 (-0xfffffe6f)

2019-08-06 15:08:26.234307 DEBUG mbedtls_debug [2] ssl_tls.c:2460: <= flush output

2019-08-06 15:08:26.234335 DEBUG mbedtls_debug [2] ssl_tls.c:2850: <= write record

2019-08-06 15:08:26.234366 DEBUG mbedtls_debug [2] ssl_cli.c:1049: <= write client hello

2019-08-06 15:08:26.234396 DEBUG mbedtls_debug [2] ssl_cli.c:3279: client state: 2

2019-08-06 15:08:26.234424 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:08:26.234451 DEBUG mbedtls_debug [2] ssl_tls.c:2428: <= flush output

2019-08-06 15:08:26.234477 DEBUG mbedtls_debug [2] ssl_cli.c:1410: => parse server hello

2019-08-06 15:08:26.234506 DEBUG mbedtls_debug [2] ssl_tls.c:3728: => read record

2019-08-06 15:08:26.234535 DEBUG mbedtls_debug [2] ssl_tls.c:2208: => fetch input

2019-08-06 15:08:26.234565 DEBUG mbedtls_debug [2] ssl_tls.c:2269: in_left: 0, nb_want: 13

2019-08-06 15:08:26.234613 DEBUG mbedtls_debug [2] ssl_tls.c:6345: <= handshake

2019-08-06 15:08:26.234652 DEBUG mbedtls handshake return SSL - Connection requires a read call
2019-08-06 15:08:26.238718 DEBUG mbedtls_debug [2] ssl_tls.c:6335: => handshake

2019-08-06 15:08:26.238751 DEBUG mbedtls_debug [2] ssl_cli.c:3279: client state: 2

2019-08-06 15:08:26.238763 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:08:26.238774 DEBUG mbedtls_debug [2] ssl_tls.c:2428: <= flush output

2019-08-06 15:08:26.238784 DEBUG mbedtls_debug [2] ssl_cli.c:1410: => parse server hello

2019-08-06 15:08:26.238793 DEBUG mbedtls_debug [2] ssl_tls.c:3728: => read record

2019-08-06 15:08:26.238803 DEBUG mbedtls_debug [2] ssl_tls.c:2208: => fetch input

2019-08-06 15:08:26.238812 DEBUG mbedtls_debug [2] ssl_tls.c:2269: in_left: 0, nb_want: 13

2019-08-06 15:08:26.238830 DEBUG mbedtls_debug [2] ssl_tls.c:2315: ssl->f_recv(_timeout)() returned 60 (-0xffffffc4)

2019-08-06 15:08:26.238842 DEBUG mbedtls_debug [2] ssl_tls.c:2403: <= fetch input

2019-08-06 15:08:26.238853 DEBUG mbedtls_debug [2] ssl_tls.c:2208: => fetch input

2019-08-06 15:08:26.238864 DEBUG mbedtls_debug [2] ssl_tls.c:2269: in_left: 60, nb_want: 60

2019-08-06 15:08:26.238875 DEBUG mbedtls_debug [2] ssl_tls.c:2276: <= fetch input

2019-08-06 15:08:26.238889 DEBUG mbedtls_debug [2] ssl_tls.c:3753: <= read record

2019-08-06 15:08:26.238900 DEBUG mbedtls_debug [2] ssl_cli.c:1449: received hello verify request

2019-08-06 15:08:26.238912 DEBUG mbedtls_debug [2] ssl_cli.c:1450: <= parse server hello

2019-08-06 15:08:26.238923 DEBUG mbedtls_debug [2] ssl_cli.c:1326: => parse hello verify request

2019-08-06 15:08:26.238937 DEBUG mbedtls_debug [2] ssl_cli.c:1385: <= parse hello verify request

2019-08-06 15:08:26.238949 DEBUG mbedtls_debug [2] ssl_cli.c:3279: client state: 1

2019-08-06 15:08:26.238961 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:08:26.238972 DEBUG mbedtls_debug [2] ssl_tls.c:2428: <= flush output

2019-08-06 15:08:26.238984 DEBUG mbedtls_debug [2] ssl_cli.c:0717: => write client hello

2019-08-06 15:08:26.239014 DEBUG mbedtls_debug [2] ssl_tls.c:2701: => write record

2019-08-06 15:08:26.239047 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:08:26.239060 DEBUG mbedtls_debug [2] ssl_tls.c:2435: message length: 433, out_left: 433

2019-08-06 15:08:26.239112 DEBUG mbedtls_debug [2] ssl_tls.c:2441: ssl->f_send() returned 433 (-0xfffffe4f)

2019-08-06 15:08:26.239125 DEBUG mbedtls_debug [2] ssl_tls.c:2460: <= flush output

2019-08-06 15:08:26.239134 DEBUG mbedtls_debug [2] ssl_tls.c:2850: <= write record

2019-08-06 15:08:26.239144 DEBUG mbedtls_debug [2] ssl_cli.c:1049: <= write client hello

2019-08-06 15:08:26.239156 DEBUG mbedtls_debug [2] ssl_cli.c:3279: client state: 2

2019-08-06 15:08:26.239166 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:08:26.239177 DEBUG mbedtls_debug [2] ssl_tls.c:2428: <= flush output

2019-08-06 15:08:26.239189 DEBUG mbedtls_debug [2] ssl_cli.c:1410: => parse server hello

2019-08-06 15:08:26.239199 DEBUG mbedtls_debug [2] ssl_tls.c:3728: => read record

2019-08-06 15:08:26.239211 DEBUG mbedtls_debug [2] ssl_tls.c:2208: => fetch input

2019-08-06 15:08:26.239223 DEBUG mbedtls_debug [2] ssl_tls.c:2269: in_left: 0, nb_want: 13

2019-08-06 15:08:26.239239 DEBUG mbedtls_debug [2] ssl_tls.c:6345: <= handshake

2019-08-06 15:08:26.239254 DEBUG mbedtls handshake return SSL - Connection requires a read call
2019-08-06 15:08:26.247057 DEBUG mbedtls_debug [2] ssl_tls.c:6335: => handshake

2019-08-06 15:08:26.247094 DEBUG mbedtls_debug [2] ssl_cli.c:3279: client state: 2

2019-08-06 15:08:26.247113 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:08:26.247123 DEBUG mbedtls_debug [2] ssl_tls.c:2428: <= flush output

2019-08-06 15:08:26.247133 DEBUG mbedtls_debug [2] ssl_cli.c:1410: => parse server hello

2019-08-06 15:08:26.247142 DEBUG mbedtls_debug [2] ssl_tls.c:3728: => read record

2019-08-06 15:08:26.247152 DEBUG mbedtls_debug [2] ssl_tls.c:2208: => fetch input

2019-08-06 15:08:26.247161 DEBUG mbedtls_debug [2] ssl_tls.c:2269: in_left: 0, nb_want: 13

2019-08-06 15:08:26.247178 DEBUG mbedtls_debug [2] ssl_tls.c:2315: ssl->f_recv(_timeout)() returned 112 (-0xffffff90)

2019-08-06 15:08:26.247190 DEBUG mbedtls_debug [2] ssl_tls.c:2403: <= fetch input

2019-08-06 15:08:26.247202 DEBUG mbedtls_debug [2] ssl_tls.c:2208: => fetch input

2019-08-06 15:08:26.247212 DEBUG mbedtls_debug [2] ssl_tls.c:2269: in_left: 112, nb_want: 112

2019-08-06 15:08:26.247221 DEBUG mbedtls_debug [2] ssl_tls.c:2276: <= fetch input

2019-08-06 15:08:26.247238 DEBUG mbedtls_debug [2] ssl_tls.c:3753: <= read record

2019-08-06 15:08:26.247250 DEBUG mbedtls_debug [2] ssl_cli.c:1671: server hello, total extension length: 15

2019-08-06 15:08:26.247260 DEBUG mbedtls_debug [2] ssl_cli.c:1859: <= parse server hello

2019-08-06 15:08:26.247270 DEBUG mbedtls_debug [2] ssl_cli.c:3279: client state: 3

2019-08-06 15:08:26.247279 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:08:26.247288 DEBUG mbedtls_debug [2] ssl_tls.c:2428: <= flush output

2019-08-06 15:08:26.247297 DEBUG mbedtls_debug [2] ssl_tls.c:4223: => parse certificate

2019-08-06 15:08:26.247307 DEBUG mbedtls_debug [2] ssl_tls.c:3728: => read record

2019-08-06 15:08:26.247316 DEBUG mbedtls_debug [2] ssl_tls.c:2208: => fetch input

2019-08-06 15:08:26.247325 DEBUG mbedtls_debug [2] ssl_tls.c:2269: in_left: 0, nb_want: 13

2019-08-06 15:08:26.247340 DEBUG mbedtls_debug [2] ssl_tls.c:2315: ssl->f_recv(_timeout)() returned 1594 (-0xfffff9c6)

2019-08-06 15:08:26.247350 DEBUG mbedtls_debug [2] ssl_tls.c:2403: <= fetch input

2019-08-06 15:08:26.247359 DEBUG mbedtls_debug [2] ssl_tls.c:2208: => fetch input

2019-08-06 15:08:26.247369 DEBUG mbedtls_debug [2] ssl_tls.c:2269: in_left: 1594, nb_want: 1594

2019-08-06 15:08:26.247379 DEBUG mbedtls_debug [2] ssl_tls.c:2276: <= fetch input

2019-08-06 15:08:26.247401 DEBUG mbedtls_debug [2] ssl_tls.c:3753: <= read record

2019-08-06 15:08:26.247427 DEBUG mbedtls_debug [2] ssl_tls.c:4490: <= parse certificate

2019-08-06 15:08:26.247439 DEBUG mbedtls_debug [2] ssl_cli.c:3279: client state: 4

2019-08-06 15:08:26.247447 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:08:26.247457 DEBUG mbedtls_debug [2] ssl_tls.c:2428: <= flush output

2019-08-06 15:08:26.247466 DEBUG mbedtls_debug [2] ssl_cli.c:2198: => parse server key exchange

2019-08-06 15:08:26.247475 DEBUG mbedtls_debug [2] ssl_tls.c:3728: => read record

2019-08-06 15:08:26.247485 DEBUG mbedtls_debug [2] ssl_tls.c:2208: => fetch input

2019-08-06 15:08:26.247495 DEBUG mbedtls_debug [2] ssl_tls.c:2269: in_left: 0, nb_want: 13

2019-08-06 15:08:26.247509 DEBUG mbedtls_debug [2] ssl_tls.c:6345: <= handshake

2019-08-06 15:08:26.247521 DEBUG mbedtls handshake return SSL - Connection requires a read call
2019-08-06 15:08:26.265289 DEBUG mbedtls_debug [2] ssl_tls.c:6335: => handshake

2019-08-06 15:08:26.265330 DEBUG mbedtls_debug [2] ssl_cli.c:3279: client state: 4

2019-08-06 15:08:26.265344 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:08:26.265354 DEBUG mbedtls_debug [2] ssl_tls.c:2428: <= flush output

2019-08-06 15:08:26.265363 DEBUG mbedtls_debug [2] ssl_cli.c:2198: => parse server key exchange

2019-08-06 15:08:26.265373 DEBUG mbedtls_debug [2] ssl_tls.c:3728: => read record

2019-08-06 15:08:26.265382 DEBUG mbedtls_debug [2] ssl_tls.c:2208: => fetch input

2019-08-06 15:08:26.265391 DEBUG mbedtls_debug [2] ssl_tls.c:2269: in_left: 0, nb_want: 13

2019-08-06 15:08:26.265410 DEBUG mbedtls_debug [2] ssl_tls.c:2315: ssl->f_recv(_timeout)() returned 422 (-0xfffffe5a)

2019-08-06 15:08:26.265419 DEBUG mbedtls_debug [2] ssl_tls.c:2403: <= fetch input

2019-08-06 15:08:26.265428 DEBUG mbedtls_debug [2] ssl_tls.c:2208: => fetch input

2019-08-06 15:08:26.265437 DEBUG mbedtls_debug [2] ssl_tls.c:2269: in_left: 422, nb_want: 422

2019-08-06 15:08:26.265446 DEBUG mbedtls_debug [2] ssl_tls.c:2276: <= fetch input

2019-08-06 15:08:26.265460 DEBUG mbedtls_debug [2] ssl_tls.c:3753: <= read record

2019-08-06 15:08:26.265474 DEBUG mbedtls_debug [2] ssl_cli.c:1919: ECDH curve: secp521r1

2019-08-06 15:08:26.265483 DEBUG mbedtls_debug [2] ssl_cli.c:2141: Server used SignatureAlgorithm 1

2019-08-06 15:08:26.265492 DEBUG mbedtls_debug [2] ssl_cli.c:2142: Server used HashAlgorithm 6

2019-08-06 15:08:26.265659 DEBUG mbedtls_debug [2] ssl_cli.c:2516: <= parse server key exchange

2019-08-06 15:08:26.265669 DEBUG mbedtls_debug [2] ssl_cli.c:3279: client state: 5

2019-08-06 15:08:26.265679 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:08:26.265688 DEBUG mbedtls_debug [2] ssl_tls.c:2428: <= flush output

2019-08-06 15:08:26.265697 DEBUG mbedtls_debug [2] ssl_cli.c:2556: => parse certificate request

2019-08-06 15:08:26.265706 DEBUG mbedtls_debug [2] ssl_tls.c:3728: => read record

2019-08-06 15:08:26.265715 DEBUG mbedtls_debug [2] ssl_tls.c:2208: => fetch input

2019-08-06 15:08:26.265724 DEBUG mbedtls_debug [2] ssl_tls.c:2269: in_left: 0, nb_want: 13

2019-08-06 15:08:26.265737 DEBUG mbedtls_debug [2] ssl_tls.c:2315: ssl->f_recv(_timeout)() returned 25 (-0xffffffe7)

2019-08-06 15:08:26.265745 DEBUG mbedtls_debug [2] ssl_tls.c:2403: <= fetch input

2019-08-06 15:08:26.265754 DEBUG mbedtls_debug [2] ssl_tls.c:2208: => fetch input

2019-08-06 15:08:26.265763 DEBUG mbedtls_debug [2] ssl_tls.c:2269: in_left: 25, nb_want: 25

2019-08-06 15:08:26.265771 DEBUG mbedtls_debug [2] ssl_tls.c:2276: <= fetch input

2019-08-06 15:08:26.265782 DEBUG mbedtls_debug [2] ssl_tls.c:3753: <= read record

2019-08-06 15:08:26.265791 DEBUG mbedtls_debug [2] ssl_cli.c:2674: <= parse certificate request

2019-08-06 15:08:26.265800 DEBUG mbedtls_debug [2] ssl_cli.c:3279: client state: 6

2019-08-06 15:08:26.265809 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:08:26.265818 DEBUG mbedtls_debug [2] ssl_tls.c:2428: <= flush output

2019-08-06 15:08:26.265828 DEBUG mbedtls_debug [2] ssl_cli.c:2689: => parse server hello done

2019-08-06 15:08:26.265839 DEBUG mbedtls_debug [2] ssl_cli.c:2721: <= parse server hello done

2019-08-06 15:08:26.265848 DEBUG mbedtls_debug [2] ssl_cli.c:3279: client state: 7

2019-08-06 15:08:26.265857 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:08:26.265865 DEBUG mbedtls_debug [2] ssl_tls.c:2428: <= flush output

2019-08-06 15:08:26.265874 DEBUG mbedtls_debug [2] ssl_tls.c:4107: => write certificate

2019-08-06 15:08:26.265883 DEBUG mbedtls_debug [2] ssl_tls.c:4124: <= skip write certificate

2019-08-06 15:08:26.265892 DEBUG mbedtls_debug [2] ssl_cli.c:3279: client state: 8

2019-08-06 15:08:26.265901 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:08:26.265909 DEBUG mbedtls_debug [2] ssl_tls.c:2428: <= flush output

2019-08-06 15:08:26.265919 DEBUG mbedtls_debug [2] ssl_cli.c:2732: => write client key exchange

2019-08-06 15:08:26.280887 DEBUG mbedtls_debug [2] ssl_tls.c:2701: => write record

2019-08-06 15:08:26.280923 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:08:26.280937 DEBUG mbedtls_debug [2] ssl_tls.c:2435: message length: 159, out_left: 159

2019-08-06 15:08:26.280984 DEBUG mbedtls_debug [2] ssl_tls.c:2441: ssl->f_send() returned 159 (-0xffffff61)

2019-08-06 15:08:26.280995 DEBUG mbedtls_debug [2] ssl_tls.c:2460: <= flush output

2019-08-06 15:08:26.281003 DEBUG mbedtls_debug [2] ssl_tls.c:2850: <= write record

2019-08-06 15:08:26.281012 DEBUG mbedtls_debug [2] ssl_cli.c:2977: <= write client key exchange

2019-08-06 15:08:26.281020 DEBUG mbedtls_debug [2] ssl_cli.c:3279: client state: 9

2019-08-06 15:08:26.281028 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:08:26.281036 DEBUG mbedtls_debug [2] ssl_tls.c:2428: <= flush output

2019-08-06 15:08:26.281044 DEBUG mbedtls_debug [2] ssl_cli.c:3026: => write certificate verify

2019-08-06 15:08:26.281051 DEBUG mbedtls_debug [2] ssl_tls.c:0501: => derive keys

2019-08-06 15:08:26.281060 DEBUG mbedtls_debug [2] ssl_tls.c:1067: => calc verify sha384

2019-08-06 15:08:26.281069 DEBUG mbedtls_debug [2] ssl_tls.c:1073: <= calc verify

2019-08-06 15:08:26.281147 DEBUG mbedtls_debug [2] ssl_tls.c:0957: <= derive keys

2019-08-06 15:08:26.281155 DEBUG mbedtls_debug [2] ssl_cli.c:3047: <= skip write certificate verify

2019-08-06 15:08:26.281174 DEBUG mbedtls_debug [2] ssl_cli.c:3279: client state: 10

2019-08-06 15:08:26.281181 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:08:26.281188 DEBUG mbedtls_debug [2] ssl_tls.c:2428: <= flush output

2019-08-06 15:08:26.281196 DEBUG mbedtls_debug [2] ssl_tls.c:4506: => write change cipher spec

2019-08-06 15:08:26.281206 DEBUG mbedtls_debug [2] ssl_tls.c:2701: => write record

2019-08-06 15:08:26.281213 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:08:26.281221 DEBUG mbedtls_debug [2] ssl_tls.c:2435: message length: 14, out_left: 14

2019-08-06 15:08:26.281245 DEBUG mbedtls_debug [2] ssl_tls.c:2441: ssl->f_send() returned 14 (-0xfffffff2)

2019-08-06 15:08:26.281252 DEBUG mbedtls_debug [2] ssl_tls.c:2460: <= flush output

2019-08-06 15:08:26.281260 DEBUG mbedtls_debug [2] ssl_tls.c:2850: <= write record

2019-08-06 15:08:26.281268 DEBUG mbedtls_debug [2] ssl_tls.c:4520: <= write change cipher spec

2019-08-06 15:08:26.281275 DEBUG mbedtls_debug [2] ssl_cli.c:3279: client state: 11

2019-08-06 15:08:26.281282 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:08:26.281290 DEBUG mbedtls_debug [2] ssl_tls.c:2428: <= flush output

2019-08-06 15:08:26.281298 DEBUG mbedtls_debug [2] ssl_tls.c:5031: => write finished

2019-08-06 15:08:26.281305 DEBUG mbedtls_debug [2] ssl_tls.c:4905: => calc  finished tls sha384

2019-08-06 15:08:26.281325 DEBUG mbedtls_debug [2] ssl_tls.c:4935: <= calc  finished

2019-08-06 15:08:26.281333 DEBUG mbedtls_debug [2] ssl_tls.c:2701: => write record

2019-08-06 15:08:26.281342 DEBUG mbedtls_debug [2] ssl_tls.c:1258: => encrypt buf

2019-08-06 15:08:26.281351 DEBUG mbedtls_debug [2] ssl_tls.c:1560: <= encrypt buf

2019-08-06 15:08:26.281358 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:08:26.281366 DEBUG mbedtls_debug [2] ssl_tls.c:2435: message length: 61, out_left: 61

2019-08-06 15:08:26.281384 DEBUG mbedtls_debug [2] ssl_tls.c:2441: ssl->f_send() returned 61 (-0xffffffc3)

2019-08-06 15:08:26.281391 DEBUG mbedtls_debug [2] ssl_tls.c:2460: <= flush output

2019-08-06 15:08:26.281400 DEBUG mbedtls_debug [2] ssl_tls.c:2850: <= write record

2019-08-06 15:08:26.281408 DEBUG mbedtls_debug [2] ssl_tls.c:5140: <= write finished

2019-08-06 15:08:26.281415 DEBUG mbedtls_debug [2] ssl_cli.c:3279: client state: 12

2019-08-06 15:08:26.281422 DEBUG mbedtls_debug [2] ssl_tls.c:2416: => flush output

2019-08-06 15:08:26.281429 DEBUG mbedtls_debug [2] ssl_tls.c:2428: <= flush output

2019-08-06 15:08:26.281437 DEBUG mbedtls_debug [2] ssl_tls.c:4529: => parse change cipher spec

2019-08-06 15:08:26.281444 DEBUG mbedtls_debug [2] ssl_tls.c:3728: => read record

2019-08-06 15:08:26.281452 DEBUG mbedtls_debug [2] ssl_tls.c:2208: => fetch input

2019-08-06 15:08:26.281461 DEBUG mbedtls_debug [2] ssl_tls.c:2269: in_left: 0, nb_want: 13

2019-08-06 15:08:26.281474 DEBUG mbedtls_debug [2] ssl_tls.c:6345: <= handshake

2019-08-06 15:08:26.281482 DEBUG mbedtls handshake return SSL - Connection requires a read call
2019-08-06 15:09:26.265656 DEBUG session_inactivity_timer_handler - sc=f51cb720 timeout: now=1565096966.266 - last_activity=1565096906.265 (duration=60.000) > timeout=60
2019-08-06 15:09:26.265720 INFO  (127.0.0.1:41531) Session timeout
2019-08-06 15:09:26.265736 DEBUG session_free - sc=f51cb720
2019-08-06 15:09:26.265793 DEBUG mbedtls_debug [2] ssl_tls.c:7055: => free

2019-08-06 15:09:26.265874 DEBUG mbedtls_debug [2] ssl_tls.c:7120: <= free

2019-08-06 15:09:26.265890 INFO  (127.0.0.1:41531) Session closed

Output of server:

2019-08-06 15:07:32.033800 INFO  Goldy 0.2 starting up
2019-08-06 15:07:32.037800 DEBUG Binded UDP 0.0.0.0:11194
2019-08-06 15:07:32.037800 DEBUG Loaded server certificate file
2019-08-06 15:07:32.039800 DEBUG Loaded private key file
2019-08-06 15:07:32.039800 DEBUG Seeded random number generator
2019-08-06 15:07:32.039800 INFO  Proxy is ready, listening for connections on UDP 0.0.0.0:11194
2019-08-06 15:07:32.039800 INFO  main_loop - start
2019-08-06 15:07:32.039800 DEBUG start_listen_io - 3
2019-08-06 15:07:50.029800 DEBUG global_cb fds: 3,3 revents: 0x01 count: 0
2019-08-06 15:07:50.029800 DEBUG connect_to_new_client: connected on fd 6
2019-08-06 15:07:50.029800 INFO  (172.25.30.222:43059) Client connected
2019-08-06 15:07:50.029800 DEBUG global_cb - session_start - client_fd 6
2019-08-06 15:07:50.029800 DEBUG (172.25.30.222:43059) DTLS handshake requested hello verification
2019-08-06 15:07:50.029800 DEBUG session_deferred_free - hello verification 54c0 6
2019-08-06 15:07:50.029800 DEBUG session_free - sc=54c0
2019-08-06 15:07:50.052800 INFO  (172.25.30.222:43059) Session closed
2019-08-06 15:07:50.056800 DEBUG global_cb fds: 3,3 revents: 0x01 count: 1
2019-08-06 15:07:50.056800 DEBUG connect_to_new_client: connected on fd 6
2019-08-06 15:07:50.056800 INFO  (172.25.30.222:43059) Client connected
2019-08-06 15:07:50.056800 DEBUG global_cb - session_start - client_fd 6
2019-08-06 15:07:50.102800 DEBUG global_cb fds: 3,3 revents: 0x01 count: 2
2019-08-06 15:07:50.102800 DEBUG connect_to_new_client: connected on fd 8
2019-08-06 15:07:50.102800 INFO  (172.25.30.222:43059) Client connected
2019-08-06 15:07:50.102800 DEBUG global_cb - session_start - client_fd 8
2019-08-06 15:07:50.102800 DEBUG connect_to_new_client: connected on fd 9
2019-08-06 15:07:50.102800 INFO  (172.25.30.222:43059) Client connected
2019-08-06 15:07:50.102800 DEBUG global_cb - session_start - client_fd 9
2019-08-06 15:07:50.102800 DEBUG connect_to_new_client: connected on fd 10
2019-08-06 15:07:50.102800 INFO  (172.25.30.222:43059) Client connected
2019-08-06 15:07:50.102800 DEBUG global_cb - session_start - client_fd 10
2019-08-06 15:07:50.102800 ERROR (172.25.30.222:43059) session_cb - ssl handshake: SSL - Processing of the ClientHello handshake message failed (-30976)
2019-08-06 15:07:50.102800 DEBUG session_deferred_free - session_cb - ssl handshake 5d740 10
2019-08-06 15:07:50.102800 DEBUG session_free - sc=5d740
2019-08-06 15:07:50.102800 INFO  (172.25.30.222:43059) Session closed
2019-08-06 15:07:50.102800 ERROR (172.25.30.222:43059) session_cb - ssl handshake: SSL - Processing of the ClientHello handshake message failed (-30976)
2019-08-06 15:07:50.102800 DEBUG session_deferred_free - session_cb - ssl handshake 54660 9
2019-08-06 15:07:50.102800 DEBUG session_free - sc=54660
2019-08-06 15:07:50.102800 INFO  (172.25.30.222:43059) Session closed
2019-08-06 15:07:50.102800 ERROR (172.25.30.222:43059) session_cb - ssl handshake: SSL - Processing of the ClientHello handshake message failed (-30976)
2019-08-06 15:07:50.102800 DEBUG session_deferred_free - session_cb - ssl handshake 4b4f0 8
2019-08-06 15:07:50.102800 DEBUG session_free - sc=4b4f0
2019-08-06 15:07:50.102800 INFO  (172.25.30.222:43059) Session closed
2019-08-06 15:08:23.322800 DEBUG global_cb fds: 3,3 revents: 0x01 count: 3
2019-08-06 15:08:23.322800 DEBUG connect_to_new_client: connected on fd 8
2019-08-06 15:08:23.322800 INFO  (172.25.30.222:40460) Client connected
2019-08-06 15:08:23.322800 DEBUG global_cb - session_start - client_fd 8
2019-08-06 15:08:23.322800 DEBUG (172.25.30.222:40460) DTLS handshake requested hello verification
2019-08-06 15:08:23.322800 DEBUG session_deferred_free - hello verification 4b4f0 8
2019-08-06 15:08:23.322800 DEBUG session_free - sc=4b4f0
2019-08-06 15:08:23.323800 INFO  (172.25.30.222:40460) Session closed
2019-08-06 15:08:23.326800 DEBUG global_cb fds: 3,3 revents: 0x01 count: 4
2019-08-06 15:08:23.326800 DEBUG connect_to_new_client: connected on fd 8
2019-08-06 15:08:23.326800 INFO  (172.25.30.222:40460) Client connected
2019-08-06 15:08:23.326800 DEBUG global_cb - session_start - client_fd 8
2019-08-06 15:08:23.369800 DEBUG global_cb fds: 3,3 revents: 0x01 count: 5
2019-08-06 15:08:23.369800 DEBUG connect_to_new_client: connected on fd 9
2019-08-06 15:08:23.369800 INFO  (172.25.30.222:40460) Client connected
2019-08-06 15:08:23.369800 DEBUG global_cb - session_start - client_fd 9
2019-08-06 15:08:23.369800 DEBUG connect_to_new_client: connected on fd 10
2019-08-06 15:08:23.369800 INFO  (172.25.30.222:40460) Client connected
2019-08-06 15:08:23.369800 DEBUG global_cb - session_start - client_fd 10
2019-08-06 15:08:23.369800 DEBUG connect_to_new_client: connected on fd 11
2019-08-06 15:08:23.369800 INFO  (172.25.30.222:40460) Client connected
2019-08-06 15:08:23.369800 DEBUG global_cb - session_start - client_fd 11
2019-08-06 15:08:23.369800 ERROR (172.25.30.222:40460) session_cb - ssl handshake: SSL - Processing of the ClientHello handshake message failed (-30976)
2019-08-06 15:08:23.369800 DEBUG session_deferred_free - session_cb - ssl handshake 69850 11
2019-08-06 15:08:23.369800 DEBUG session_free - sc=69850
2019-08-06 15:08:23.369800 INFO  (172.25.30.222:40460) Session closed
2019-08-06 15:08:23.369800 ERROR (172.25.30.222:40460) session_cb - ssl handshake: SSL - Processing of the ClientHello handshake message failed (-30976)
2019-08-06 15:08:23.369800 DEBUG session_deferred_free - session_cb - ssl handshake 60770 10
2019-08-06 15:08:23.369800 DEBUG session_free - sc=60770
2019-08-06 15:08:23.369800 INFO  (172.25.30.222:40460) Session closed
2019-08-06 15:08:23.369800 ERROR (172.25.30.222:40460) session_cb - ssl handshake: SSL - Processing of the ClientHello handshake message failed (-30976)
2019-08-06 15:08:23.369800 DEBUG session_deferred_free - session_cb - ssl handshake 57690 9
2019-08-06 15:08:23.369800 DEBUG session_free - sc=57690
2019-08-06 15:08:23.369800 INFO  (172.25.30.222:40460) Session closed
2019-08-06 15:08:50.061800 DEBUG session_inactivity_timer_handler - sc=54c0 timeout: now=1565096930.062 - last_activity=1565096870.057 (duration=60.005) > timeout=60
2019-08-06 15:08:50.061800 INFO  (172.25.30.222:43059) Session timeout
2019-08-06 15:08:50.061800 DEBUG session_free - sc=54c0
2019-08-06 15:08:50.061800 INFO  (172.25.30.222:43059) Session closed
2019-08-06 15:09:23.331800 DEBUG session_inactivity_timer_handler - sc=4b4f0 timeout: now=1565096963.332 - last_activity=1565096903.327 (duration=60.005) > timeout=60
2019-08-06 15:09:23.331800 INFO  (172.25.30.222:40460) Session timeout
2019-08-06 15:09:23.331800 DEBUG session_free - sc=4b4f0
2019-08-06 15:09:23.331800 INFO  (172.25.30.222:40460) Session closed

Packetdumps:
https://mifritscher.de/austausch/zft/goldy_ok.pcapng
https://mifritscher.de/austausch/zft/goldy_nok.pcapng

It seems to simply abort on the first encrypted handshake packet.

libev download fails

make deps output:

tar xzf mbedtls-2.7.10-apache.tgz
rm -f mbedtls-2.7.10-apache.tgz
Downloading libev-4.27 ...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (22) The requested URL returned error: 404 Not Found
Error downloading libev: Check the LIBEV_VER in deps/versions.mk and current version in http://dist.schmorp.de/libev/
Makefile:30: recipe for target 'download_libev' failed
make[1]: *** [download_libev] Error 1

Wrong URL in installation process

I don’t know if it will be updated as the latest commit is 2 years old, but if you have a problem in your installation process, change the mbedtls download URL by this one in in deps/Makefile : 

https://github.com/Mbed-TLS/mbedtls/archive/refs/tags/v3.5.1.tar.gz

You must also remove the « apache » in the archive name as well as change the name of the extracted folder from mbedtls-$(MBEDTLS_VER) to mbedtls-mbedtls-$(MBEDTLS_VER).

Does Goldy support 0.9 version?

Could I use Goldy like DTLS terminator? Does Goldy support openSSL 0.9?

Thank you for all :)

Can session reusable?

According to the debug log, session will be release at each step, it's possible to reuse/resume/renegotiate dtls connection?

Error downloading libev

After running "make deps", mbedTLS was downloaded successfully and libev cannot be downloaded.

Downloading libev-4.22 ...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0
curl: (22) The requested URL returned error: 404 Not Found
Error downloading libev: Check the LIBEV_VER in deps/versions.mk and current version in http://dist.schmorp.de/libev/
Makefile:30: recipe for target 'download_libev' failed
make[1]: *** [download_libev] Error 1
make[1]: Leaving directory '/root/goldy/deps'
Makefile:99: recipe for target 'deps' failed
make: *** [deps] Error 2

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.