Thanks, I didn't notice this change (some merge issue I guess) I'm sending new diff in the attachement. Also I've decided to close old pull request 108 and open new one. It is here:
https://github.com/openssl/openssl/pull/113 Regards, Kris On Sun, 2014-05-25 at 07:05 +0200, Tim Hudson via RT wrote: > On 24/05/2014 11:06 PM, Krzysztof Kwiatkowski via RT wrote: > > Hello, > > > > This patch implements request for ticket 2578. I've also created pull > > request in github that you can find here: > > https://github.com/openssl/openssl/pull/108 > > Why is there a crypto/objects/obj_xref.h change mixed in with this patch? > It does not belong there. > > Thanks, > Tim. > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org
>From 668d6d28718e4a8f6a217d0c340160b568d9d798 Mon Sep 17 00:00:00 2001 From: Krzysztof Kwiatkowski <krzys...@leeds.pl> Date: Sun, 25 May 2014 14:19:57 +0200 Subject: [PATCH] Possibility to bind connection to local interface: ticket #2578 --- apps/s_apps.h | 2 +- apps/s_client.c | 19 +++++++++++++------ apps/s_socket.c | 48 ++++++++++++++++++++++++++++++++++-------------- 3 files changed, 48 insertions(+), 21 deletions(-) diff --git a/apps/s_apps.h b/apps/s_apps.h index 9d16e45..1edbed8 100644 --- a/apps/s_apps.h +++ b/apps/s_apps.h @@ -168,7 +168,7 @@ int ssl_print_point_formats(BIO *out, SSL *s); int ssl_print_curves(BIO *out, SSL *s, int noshared); #endif int ssl_print_tmp_key(BIO *out, SSL *s); -int init_client(int *sock, const char *server, int port, int type); +int init_client(int *sock, const char *remote_host, int port, const char* local_host, int type); #ifndef NO_SYS_UN_H int init_client_unix(int *sock, const char *server); #endif diff --git a/apps/s_client.c b/apps/s_client.c index eee0e2e..fee9d11 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -324,6 +324,7 @@ static void sc_usage(void) BIO_printf(bio_err," -host host - use -connect instead\n"); BIO_printf(bio_err," -port port - use -connect instead\n"); BIO_printf(bio_err," -connect host:port - connect over TCP/IP (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR); + BIO_printf(bio_err," -localip arg - specify local address to use\n"); BIO_printf(bio_err," -unix path - connect over unix domain sockets\n"); BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n"); @@ -627,7 +628,8 @@ int MAIN(int argc, char **argv) fd_set readfds,writefds; short port=PORT; int full_log=1; - char *host=SSL_HOST_NAME; + char *remote_host=SSL_HOST_NAME; + char *local_ip=NULL; const char *unix_path = NULL; char *xmpphost = NULL; char *cert_file=NULL,*key_file=NULL,*chain_file=NULL; @@ -748,7 +750,7 @@ static char *jpake_secret = NULL; if (strcmp(*argv,"-host") == 0) { if (--argc < 1) goto bad; - host= *(++argv); + remote_host= *(++argv); } else if (strcmp(*argv,"-port") == 0) { @@ -759,9 +761,14 @@ static char *jpake_secret = NULL; else if (strcmp(*argv,"-connect") == 0) { if (--argc < 1) goto bad; - if (!extract_host_port(*(++argv),&host,NULL,&port)) + if (!extract_host_port(*(++argv),&remote_host,NULL,&port)) goto bad; } + else if (strcmp(*argv,"-localip") == 0) + { + if (--argc < 1) goto bad; + local_ip=*(++argv); + } else if (strcmp(*argv,"-unix") == 0) { if (--argc < 1) goto bad; @@ -1499,7 +1506,7 @@ bad: if (con && (kctx = kssl_ctx_new()) != NULL) { SSL_set0_kssl_ctx(con, kctx); - kssl_ctx_setstring(kctx, KSSL_SERVER, host); + kssl_ctx_setstring(kctx, KSSL_SERVER, remote_host); } #endif /* OPENSSL_NO_KRB5 */ /* SSL_set_cipher_list(con,"RC4-MD5"); */ @@ -1511,7 +1518,7 @@ bad: re_start: - if ((!unix_path && (init_client(&s,host,port,socket_type) == 0)) || + if ((!unix_path && (init_client(&s,remote_host,port,local_ip,socket_type) == 0)) || (unix_path && (init_client_unix(&s,unix_path) == 0))) { BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error()); @@ -1735,7 +1742,7 @@ SSL_set_tlsext_status_ids(con, ids); BIO_printf(sbio,"<stream:stream " "xmlns:stream='http://etherx.jabber.org/streams' " "xmlns='jabber:client' to='%s' version='1.0'>", xmpphost ? - xmpphost : host); + xmpphost : remote_host); seen = BIO_read(sbio,mbuf,BUFSIZZ); mbuf[seen] = 0; while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'") && diff --git a/apps/s_socket.c b/apps/s_socket.c index e83baf4..64bb1ef 100644 --- a/apps/s_socket.c +++ b/apps/s_socket.c @@ -96,8 +96,8 @@ static struct hostent *GetHostByName(const char *name); static void ssl_sock_cleanup(void); #endif static int ssl_sock_init(void); -static int init_client_ip(int *sock, const unsigned char ip[4], int port, - int type); +static int init_client_ip(int *sock, const unsigned char remote_ip[4], int port, + const unsigned char local_ip[4], int type); static int init_server(int *sock, int port, int type); static int init_server_long(int *sock, int port,char *ip, int type); static int do_accept(int acc_sock, int *sock, char **host); @@ -233,18 +233,24 @@ static int ssl_sock_init(void) return(1); } -int init_client(int *sock, const char *host, int port, int type) +int init_client(int *sock, const char *remote_host, int port, const char *local_host, int type) { - unsigned char ip[4]; + unsigned char remote_ip[4]; + unsigned char local_ip[4]; - ip[0] = ip[1] = ip[2] = ip[3] = 0; - if (!host_ip(host,&(ip[0]))) + remote_ip[0] = remote_ip[1] = remote_ip[2] = remote_ip[3] = 0; + if (!host_ip(remote_host,&(remote_ip[0]))) return 0; - return init_client_ip(sock,ip,port,type); + + local_ip[0] = local_ip[1] = local_ip[2] = local_ip[3] = 0; + if (local_host!=NULL && !host_ip(local_host,&(local_ip[0]))) + return 0; + + return init_client_ip(sock,remote_ip,port,local_ip,type); } -static int init_client_ip(int *sock, const unsigned char ip[4], int port, - int type) +static int init_client_ip(int *sock, const unsigned char remote_ip[4], int port, + const unsigned char local_ip[4], int type) { unsigned long addr; struct sockaddr_in them; @@ -256,10 +262,10 @@ static int init_client_ip(int *sock, const unsigned char ip[4], int port, them.sin_family=AF_INET; them.sin_port=htons((unsigned short)port); addr=(unsigned long) - ((unsigned long)ip[0]<<24L)| - ((unsigned long)ip[1]<<16L)| - ((unsigned long)ip[2]<< 8L)| - ((unsigned long)ip[3]); + ((unsigned long)remote_ip[0]<<24L)| + ((unsigned long)remote_ip[1]<<16L)| + ((unsigned long)remote_ip[2]<< 8L)| + ((unsigned long)remote_ip[3]); them.sin_addr.s_addr=htonl(addr); if (type == SOCK_STREAM) @@ -277,7 +283,21 @@ static int init_client_ip(int *sock, const unsigned char ip[4], int port, if (i < 0) { closesocket(s); perror("keepalive"); return(0); } } #endif - + if(0!=local_ip[0]) + { + struct sockaddr_in me; + memset((char*)&me,0,sizeof(me)); + me.sin_family = AF_INET; + addr=(unsigned long) + ((unsigned long)local_ip[0]<<24L)| + ((unsigned long)local_ip[1]<<16L)| + ((unsigned long)local_ip[2]<< 8L)| + ((unsigned long)local_ip[3]); + me.sin_addr.s_addr = htonl(addr); + + if( bind(s,(struct sockaddr *)&me,sizeof(me)) == -1 ) + { closesocket(s); perror("bind"); return(0); } + } if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1) { closesocket(s); perror("connect"); return(0); } *sock=s; -- 1.9.0