I am wanting to write an application that uses OpenSSL to take advantage of it's DTLS support over SCTP. I am using Ubuntu 13.10.
I have downloaded and successfully compiled LKSCTP 1.0.15 and OpenSSL 1.0.1e. I compiled OpenSSL with ./config sctp.
I can compile the samples provided on http://sctp.fh-muenster.de/, however when I try to execute any of them, they fail at the assertion below. The error message is:
bss_dgram.c(897): OpenSSL internal error, assertion failed: ret > 0
The error encounter by the setsockopt is "Permission denied". Here is the code that fails in function BIO_new_dgram_sctp (from bss_dgram.c)
ret = setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth, sizeof(struct sctp_authchunk));
OPENSSL_assert(ret >= 0);
You need to enable AUTH chunks in sysctl. Apparently, they are off by default in Linux:
sysctl -w net.sctp.auth_enable = 1
You can make the setting permanent by adding net.sctp.auth_enable = 1
to /etc/sysctl.conf.
See the bottom of the README here: https://github.com/jtt/sctp-tools
来源:https://stackoverflow.com/questions/20068706/dtls-over-sctp-using-openssl