So BIO_new_socket would create a BIO around the socket of my choosing which would be more portable than doing BIO_set_fd afterwards? But then the current code uses BIO_new_ssl_connect to create the bio in the first place. I assume I would replace this with BIO_new_socket and BIO_new_ssl except I'm not sure how this chains the BIOs together. I would use BIO_push I assume but I'm not exactly sure of the order. And then the other thing, which probably has something to do with all of this, is that I can't seem to close the connection. It closes on exit of the program but BIO_ssl_shutdown, I guess, only shuts down the SSL bio and just doing BIO_get_fd and then "close" on the resulting socket doesn't seem to work. "lsof -i" still lists it as open until the program exits.
- Peter On Mar 2, 2005, at 7:59 PM, Dr. Stephen Henson wrote:
On Wed, Mar 02, 2005, Peter wrote:
I am using BIO_set_fd to set the file descriptor of a BIO created by
BIO_new_connect to the socket of an existing SOCKS connection. This
seems to work fine, "lsof -i" reports that indeed I am connected to the
proxy. However, I want to be sure that my ip address is not embedded
in the SSL connection in any way!!! Can anyone assure me of this?
What is BIO_set_fd supposed to do? What is the behavior of openSSL
when BIO_set_fd is used with an existing connection. Does
BIO_do_connect not open a TCP connection if one already exists? Is the
ip address of the client never used in the SSLv2/3/TLS protocol?
If you want to use BIOs then you can first create a socket BIO with BIO_new_socket(). A socket BIO is preferable because on some platforms sockets aren't fds.
There are several other ways to achieve the same thing but that's the easiest.
The IP address isn't embedded in the SSL connection.
Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
