I end up using SSL because, weirdly, credit card companies and
shipping companies (I do business software), and so forth, all use
SSL -- almost always HTTPS -- and I don't have a call for a protocol.
It would be REALLY cool if you could make a wrapper on stunnel to
handle the "H" protocol portion as I could certainly use it.
As you pointed out there are two things -- the protocol and the
encryption, there was third I was trying to address and that is the
whole problem of running your own server under Unix ... that you can
skip. When then open source code breaks out the connection from the
protocol is another matter ... they may be mixing them.
I actually was just trying to suggest there might be easier ways (and
maybe I am wrong) -- I try to help new people and I usually come up
with odd solutions that is theory many people say are "slow" when in
practice make no difference.
And, I am not sure, but below that routine may be an actual Unix
accept and then you have those issues of blocking and non-blocking
that become a pain and are not required.
Anyway you can easily ignore me or if you need anything, glad to
help. If you make an SSH server that runs in inetd I'd love to have
it, and if you extend stunnel to do this (I think that would work)
then you could add to the stunnel project which is cool (I have added
very minor things to many open source programs, even libxml2 and so
forth). Also, if you need anything on old-fashioned C, I do breath that :-)
E
At 02:55 PM 10/27/2011, you wrote:
> From: owner-openssl-us...@openssl.org On Behalf Of David Durham
> Sent: Thursday, 27 October, 2011 16:48
> I'm new to C++ and libssl, but nevertheless trying to write an SSH
> server. I have gone through tutorials and believe I have a working
> server that initializes and SSL context, binds and listens on a TCP
> socket, and accepts a connection. Using a debugger I see that if I
> try to "ssh myserver -p myport", the process hangs on the call to
> SSL_accept. I figure this is because the ssh client needs to do
> something before calling SSL_connect. I don't need authentication, I
> just want to use ssh kind of like a secure telnet. <snip>
SSH and SSL are different protocols, even though there is
only one letter difference in the acronym. See RFCs 4250-6.
The underlying *crypto* primitives are mostly the same,
and the widely-used openssh implementation uses the libcrypto
part of OpenSSL, but the protocol part of openssh is entirely
different from the libssl part of OpenSSL (including SSL_accept).
AFAIK SSH always formally authenticates the server, although
in practice this is usually done by accepting the server's key
the first time manually, which people are supposed to think
about but don't, and thereafter checking it is the same.
Similarly I believe it always formally authenticates the
client, but that can be e.g. "anybody/dontcare".
If you just want confidentiality with truly no authentication,
SSL/TLS (and OpenSSL) can do that with the anonymous-DH and
anonymous-ECDH suites. I assume you understand and accept the
vulnerabilities you are creating by not authenticating.
Also:
You didn't show your Error() routine (method?). I hope it
displays the OpenSSL error stack in some suitable way;
that information is very often vital in debugging errors.
And:
> char *message = "Hello SSL";
> if (SSL_write(ssl, message, sizeof(message)) <= 0)
is a very basic (but all too common) C bug.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
Eric S. Eberhard
(928) 567-3727 Voice
(928) 567-6122 Fax
(928) 301-7537 Cell
Vertical Integrated Computer Systems, LLC
Metropolis Support, LLC
For Metropolis support and VICS MBA Support!!!! http://www.vicsmba.com
For pictures: http://www.vicsmba.com/ourpics/index.html
(You can see why we love this state :-) )
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
