[alibaba/tengine]Tengine2.3.3 如何使用 DTLS 功能

你们好，Tengine 团队的成员们，我在使用最新Tengine2.3.3 版本时遇到了一个问题，我使用coaps 协议发送 udp 加密请求， tengine会报错，最终导致连接不上。而我在网上搜索相关 DTLS 解决方案时，http://nginx.org/patches/dtls/README.txt 这个却能访问通。我不知道 Tengine 如何去配置。我想知道dtls 正确的配置方式。下面是我的配置示例：

stream {

error_log logs/error.log debug;

 upstream emqx_udp {
    server 127.0.0.1:5683 max_fails=2 fail_timeout=30s;
    zone user_servers 64k;
}

server {
    listen 56084 udp ssl;

    # enable DTLSv1 or DTLSv1.2 or both protocols
    ssl_protocols DTLSv1 DTLSv1.2;

    # set up other proxy SSL options as usually
    ssl_certificate /usr/local/certs/coapServerCrt.pem;
    ssl_certificate_key /usr/local/certs/coapServer.key;

    proxy_pass emqx_udp;
}

}

出现如下报错： 2021/04/02 09:17:48 [debug] 15973#0: 9 SSL handshake handler: 0 2021/04/02 09:17:48 [debug] 15973#0: 9 sendto: fd:10 107 of 107 to "192.168.168.1" 2021/04/02 09:17:48 [debug] 15973#0: 9 SSL_do_handshake: 1 2021/04/02 09:17:48 [debug] 15973#0: 9 event timer del: 10: 43884280 2021/04/02 09:17:48 [debug] 15973#0: 9 SSL: DTLSv1.2, cipher: "ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256" 2021/04/02 09:17:48 [debug] 15973#0: 9 event timer del: 10: 43943277 2021/04/02 09:17:48 [debug] 15973#0: 9 generic phase: 2 2021/04/02 09:17:48 [debug] 15973#0: 9 proxy connection handler 2021/04/02 09:17:48 [debug] 15973#0: 9 malloc: 000000000275BA10:432 2021/04/02 09:17:48 [debug] 15973#0: 9 malloc: 000000000273BFB0:16384 2021/04/02 09:17:48 [debug] 15973#0: 9 posix_memalign: 00000000027928F0:256 @16 2021/04/02 09:17:48 [debug] 15973#0: 9 get rr peer, try: 1 2021/04/02 09:17:48 [debug] 15973#0: 9 dgram socket 3 2021/04/02 09:17:48 [debug] 15973#0: 9 epoll add connection: fd:3 ev:80002005 2021/04/02 09:17:48 [debug] 15973#0: 9 connect to 127.0.0.1:5683, fd:3 #10 2021/04/02 09:17:48 [debug] 15973#0: 9 connected 2021/04/02 09:17:48 [debug] 15973#0: 9 proxy connect: 0 2021/04/02 09:17:48 [info] 15973#0: 9 udp proxy 10.0.2.15:57938 connected to 127.0.0.1:5683 2021/04/02 09:17:48 [debug] 15973#0: 9 malloc: 000000000279F980:16384 2021/04/02 09:17:48 [debug] 15973#0: 9 event timer add: 10: 600000:44483459 2021/04/02 09:17:48 [debug] 15973#0: 9 event timer: 10, old: 44483459, new: 44483459 2021/04/02 09:17:48 [debug] 15973#0: recvmsg on 0.0.0.0:56084, ready: 0 2021/04/02 09:17:48 [debug] 15973#0: 9 recvmsg: fd:10 n:253 2021/04/02 09:17:48 [alert] 13058#0: worker process 15973 exited on signal 11 2021/04/02 09:17:48 [debug] 16023#0: epoll add event: fd:10 op:1 ev:00002001 2021/04/02 09:17:49 [debug] 16023#0: recvmsg on 0.0.0.0:56084, ready: 0 2021/04/02 09:17:49 [debug] 16023#0: posix_memalign: 0000000002790990:256 @16 2021/04/02 09:17:49 [debug] 16023#0: posix_memalign: 0000000002792CA0:256 @16 2021/04/02 09:17:49 [debug] 16023#0: malloc: 000000000279EB00:253 2021/04/02 09:17:49 [debug] 16023#0: 11 recvmsg: 192.168.168.1:63704 fd:10 n:253 2021/04/02 09:17:49 [debug] 16023#0: add cleanup: 0000000002790A70 2021/04/02 09:17:49 [debug] 16023#0: posix_memalign: 0000000002790C60:256 @16 2021/04/02 09:17:49 [info] 16023#0: 11 udp client 192.168.168.1:63704 connected to 0.0.0.0:56084 2021/04/02 09:17:49 [debug] 16023#0: 11 posix_memalign: 000000000279F4A0:256 @16 2021/04/02 09:17:49 [debug] 16023#0: 11 generic phase: 0 2021/04/02 09:17:49 [debug] 16023#0: 11 generic phase: 1 2021/04/02 09:17:49 [debug] 16023#0: 11 generic phase: 2 2021/04/02 09:17:49 [debug] 16023#0: 11 posix_memalign: 000000000277A750:256 @16 2021/04/02 09:17:49 [debug] 16023#0: 11 SSL_do_handshake: -1 2021/04/02 09:17:49 [debug] 16023#0: 11 SSL_get_error: 2 2021/04/02 09:17:49 [error] 16023#0: 11 unexcepted message of dtls session while SSL handshaking, udp client: 192.168.168.1, server: 0.0.0.0:56084 2021/04/02 09:17:49 [debug] 16023#0: 11 finalize stream session: 500 2021/04/02 09:17:49 [debug] 16023#0: 11 stream log handler 2021/04/02 09:17:49 [debug] 16023#0: 11 close stream connection: 10 2021/04/02 09:17:49 [debug] 16023#0: 11 reusable connection: 0 2021/04/02 09:17:49 [debug] 16023#0: 11 run cleanup: 0000000002790A70 2021/04/02 09:17:49 [debug] 16023#0: 11 free: 000000000279EB00 2021/04/02 09:17:49 [debug] 16023#0: *11 free: 0000000002790990, unused: 8

xianchaoZou

2021/04/07 11:34:19 [debug] 1445#0: recvmsg on 0.0.0.0:56084, ready: 0 2021/04/07 11:34:19 [debug] 1445#0: posix_memalign: 0000000000CC8230:256 @16 2021/04/07 11:34:19 [debug] 1445#0: posix_memalign: 0000000000D00420:256 @16 2021/04/07 11:34:19 [debug] 1445#0: 215 recvmsg: 192.168.168.1:61027 fd:7 n:103 2021/04/07 11:34:19 [debug] 1445#0: posix_memalign: 0000000000D2E0D0:256 @16 2021/04/07 11:34:19 [debug] 1445#0: add cleanup: 0000000000CC8300 2021/04/07 11:34:19 [info] 1445#0: 215 udp client 192.168.168.1:61027 connected to 0.0.0.0:56084 2021/04/07 11:34:19 [debug] 1445#0: 215 posix_memalign: 0000000000D010F0:256 @16 2021/04/07 11:34:19 [debug] 1445#0: 215 generic phase: 0 2021/04/07 11:34:19 [debug] 1445#0: 215 generic phase: 1 2021/04/07 11:34:19 [debug] 1445#0: 215 generic phase: 2 2021/04/07 11:34:19 [debug] 1445#0: 215 posix_memalign: 0000000000D2EDE0:256 @16 2021/04/07 11:34:19 [debug] 1445#0: 215 sendto: fd:7 48 of 48 to "192.168.168.1" 2021/04/07 11:34:19 [debug] 1445#0: 215 SSL_do_handshake: -1 2021/04/07 11:34:19 [debug] 1445#0: 215 SSL_get_error: 2 2021/04/07 11:34:19 [debug] 1445#0: 215 event timer add: 7: 60000:90765176 2021/04/07 11:34:19 [debug] 1445#0: recvmsg on 0.0.0.0:56084, ready: 0 2021/04/07 11:34:19 [debug] 1445#0: 215 recvmsg: fd:7 n:123 2021/04/07 11:34:19 [debug] 1445#0: 215 SSL handshake handler: 0 2021/04/07 11:34:19 [debug] 1445#0: 215 sendto: fd:7 256 of 256 to "192.168.168.1" 2021/04/07 11:34:19 [debug] 1445#0: 215 sendto: fd:7 256 of 256 to "192.168.168.1" 2021/04/07 11:34:19 [debug] 1445#0: 215 sendto: fd:7 256 of 256 to "192.168.168.1" 2021/04/07 11:34:19 [debug] 1445#0: 215 sendto: fd:7 256 of 256 to "192.168.168.1" 2021/04/07 11:34:19 [debug] 1445#0: 215 sendto: fd:7 245 of 245 to "192.168.168.1" 2021/04/07 11:34:19 [debug] 1445#0: 215 SSL_do_handshake: -1 2021/04/07 11:34:19 [debug] 1445#0: 215 SSL_get_error: 2 2021/04/07 11:34:19 [debug] 1445#0: 215 event timer add: 7: 999:90706186 2021/04/07 11:34:20 [debug] 1445#0: recvmsg on 0.0.0.0:56084, ready: 0 2021/04/07 11:34:20 [debug] 1445#0: 215 recvmsg: fd:7 n:198 2021/04/07 11:34:20 [debug] 1445#0: 215 SSL handshake handler: 0 2021/04/07 11:34:20 [debug] 1445#0: 215 sendto: fd:7 107 of 107 to "192.168.168.1" 2021/04/07 11:34:20 [debug] 1445#0: 215 SSL_do_handshake: 1 2021/04/07 11:34:20 [debug] 1445#0: 215 event timer del: 7: 90706186 2021/04/07 11:34:20 [debug] 1445#0: 215 SSL: DTLSv1.2, cipher: "ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256" 2021/04/07 11:34:20 [debug] 1445#0: 215 event timer del: 7: 90765176 2021/04/07 11:34:20 [debug] 1445#0: 215 generic phase: 2 2021/04/07 11:34:20 [debug] 1445#0: 215 stream return text: "ok" 2021/04/07 11:34:20 [debug] 1445#0: 215 posix_memalign: 0000000000D08240:256 @16 2021/04/07 11:34:20 [debug] 1445#0: 215 write new buf t:0 f:0 0000000000000000, pos 0000000000CF51A3, size: 2 file: 0, size: 0 2021/04/07 11:34:20 [debug] 1445#0: 215 stream write filter: l:1 f:0 s:2 2021/04/07 11:34:20 [debug] 1445#0: 215 SSL to write: 2 2021/04/07 11:34:20 [debug] 1445#0: 215 sendto: fd:7 77 of 77 to "192.168.168.1" 2021/04/07 11:34:20 [debug] 1445#0: 215 SSL_write: 2 2021/04/07 11:34:20 [debug] 1445#0: 215 stream write filter 0000000000000000 2021/04/07 11:34:20 [debug] 1445#0: 215 stream return done sending 2021/04/07 11:34:20 [debug] 1445#0: 215 finalize stream session: 200 2021/04/07 11:34:20 [debug] 1445#0: 215 stream log handler 2021/04/07 11:34:20 [debug] 1445#0: 215 close stream connection: 7 2021/04/07 11:34:20 [debug] 1445#0: 215 sendto: fd:7 77 of 77 to "192.168.168.1" 2021/04/07 11:34:20 [debug] 1445#0: 215 SSL_shutdown: 0 2021/04/07 11:34:20 [debug] 1445#0: 215 reusable connection: 0 2021/04/07 11:34:20 [debug] 1445#0: 215 run cleanup: 0000000000CC8300 2021/04/07 11:34:20 [debug] 1445#0: 215 free: 0000000000CC8230, unused: 0 2021/04/07 11:34:20 [debug] 1445#0: 215 free: 0000000000D00420, unused: 8 2021/04/07 11:34:20 [debug] 1445#0: 215 free: 0000000000D2E0D0, unused: 8 2021/04/07 11:34:20 [debug] 1445#0: 215 free: 0000000000D010F0, unused: 0 2021/04/07 11:34:20 [debug] 1445#0: 215 free: 0000000000D2EDE0, unused: 72 2021/04/07 11:34:20 [debug] 1445#0: 215 free: 0000000000D08240, unused: 144 2021/04/07 11:34:20 [debug] 1445#0: recvmsg on 0.0.0.0:56084, ready: 0 2021/04/07 11:34:20 [debug] 1445#0: posix_memalign: 0000000000CC8230:256 @16 2021/04/07 11:34:20 [debug] 1445#0: posix_memalign: 0000000000D00420:256 @16 2021/04/07 11:34:20 [debug] 1445#0: malloc: 0000000000CC83B0:221 2021/04/07 11:34:20 [debug] 1445#0: 216 recvmsg: 192.168.168.1:61027 fd:7 n:221 2021/04/07 11:34:20 [debug] 1445#0: add cleanup: 0000000000CC8310 2021/04/07 11:34:20 [debug] 1445#0: posix_memalign: 0000000000D2E0D0:256 @16 2021/04/07 11:34:20 [info] 1445#0: 216 udp client 192.168.168.1:61027 connected to 0.0.0.0:56084 2021/04/07 11:34:20 [debug] 1445#0: 216 posix_memalign: 0000000000D010F0:256 @16 2021/04/07 11:34:20 [debug] 1445#0: 216 generic phase: 0 2021/04/07 11:34:20 [debug] 1445#0: 216 generic phase: 1 2021/04/07 11:34:20 [debug] 1445#0: 216 generic phase: 2 2021/04/07 11:34:20 [debug] 1445#0: 216 posix_memalign: 0000000000D2FBC0:256 @16 2021/04/07 11:34:20 [debug] 1445#0: 216 SSL_do_handshake: -1 2021/04/07 11:34:20 [debug] 1445#0: 216 SSL_get_error: 2 2021/04/07 11:34:20 [error] 1445#0: 216 unexcepted message of dtls session while SSL handshaking, udp client: 192.168.168.1, server: 0.0.0.0:56084 2021/04/07 11:34:20 [debug] 1445#0: 216 finalize stream session: 500 2021/04/07 11:34:20 [debug] 1445#0: 216 stream log handler 2021/04/07 11:34:20 [debug] 1445#0: 216 close stream connection: 7 2021/04/07 11:34:20 [debug] 1445#0: 216 reusable connection: 0 2021/04/07 11:34:20 [debug] 1445#0: 216 run cleanup: 0000000000CC8310 2021/04/07 11:34:20 [debug] 1445#0: 216 free: 0000000000CC83B0 2021/04/07 11:34:20 [debug] 1445#0: 216 free: 0000000000CC8230, unused: 8 2021/04/07 11:34:20 [debug] 1445#0: 216 free: 0000000000D00420, unused: 88 2021/04/07 11:34:20 [debug] 1445#0: 216 free: 0000000000D2E0D0, unused: 64 2021/04/07 11:34:20 [debug] 1445#0: 216 free: 0000000000D010F0, unused: 0 2021/04/07 11:34:20 [debug] 1445#0: 216 free: 0000000000D2FBC0, unused: 72 2021/04/07 11:34:20 [debug] 1445#0: recvmsg on 0.0.0.0:56084, ready: 0 2021/04/07 11:34:20 [debug] 1445#0: posix_memalign: 0000000000CC8230:256 @16 2021/04/07 11:34:20 [debug] 1445#0: posix_memalign: 0000000000D00420:256 @16 2021/04/07 11:34:20 [debug] 1445#0: 217 recvmsg: 192.168.168.1:61027 fd:7 n:77 2021/04/07 11:34:20 [debug] 1445#0: add cleanup: 0000000000CC8300 2021/04/07 11:34:20 [debug] 1445#0: posix_memalign: 0000000000D2E0D0:256 @16 2021/04/07 11:34:20 [info] 1445#0: 217 udp client 192.168.168.1:61027 connected to 0.0.0.0:56084 2021/04/07 11:34:20 [debug] 1445#0: 217 posix_memalign: 0000000000D2EDE0:256 @16 2021/04/07 11:34:20 [debug] 1445#0: 217 generic phase: 0 2021/04/07 11:34:20 [debug] 1445#0: 217 generic phase: 1 2021/04/07 11:34:20 [debug] 1445#0: 217 generic phase: 2 2021/04/07 11:34:20 [debug] 1445#0: 217 posix_memalign: 0000000000D010F0:256 @16 2021/04/07 11:34:20 [debug] 1445#0: 217 SSL_do_handshake: -1 2021/04/07 11:34:20 [debug] 1445#0: *217 SSL_get_error: 2 *2021/04/07 11:34:20 [error] 1445#0: 217 unexcepted message of dtls session while SSL handshaking, udp client: 192.168.168.1, server: 0.0.0.0:56084* 2021/04/07 11:34:20 [debug] 1445#0: 217 finalize stream session: 500 2021/04/07 11:34:20 [debug] 1445#0: 217 stream log handler 2021/04/07 11:34:20 [debug] 1445#0: 217 close stream connection: 7 2021/04/07 11:34:20 [debug] 1445#0: 217 reusable connection: 0 2021/04/07 11:34:20 [debug] 1445#0: 217 run cleanup: 0000000000CC8300 2021/04/07 11:34:20 [debug] 1445#0: 217 free: 0000000000CC8230, unused: 24 2021/04/07 11:34:20 [debug] 1445#0: 217 free: 0000000000D00420, unused: 8 2021/04/07 11:34:20 [debug] 1445#0: 217 free: 0000000000D2E0D0, unused: 64 2021/04/07 11:34:20 [debug] 1445#0: 217 free: 0000000000D2EDE0, unused: 0 2021/04/07 11:34:20 [debug] 1445#0: *217 free: 0000000000D010F0, unused: 72

xianchaoZou

[alibaba/tengine]Tengine2.3.3 如何使用 DTLS 功能

回答