Hi.
I think for support IPv6 you must use
BIO_new_bio_pair(http://www.openssl.org/docs/crypto/BIO_new_bio_pair.html).
The BIO pair can be used to have full control over the network access of an
application and you can manually add IPv6 support in your application.
====================================================================================================
From: Akanksha Shukla
Sent: Thursday, November 03, 2011 7:25 PM
To: openssl-users@openssl.org
Subject: RE: Open SSL API's Support For IPv6.
Hi All,
I want to summarize what issue has been faced by me till now and how I
proceeded further on that with the help of suggestions provided on this
forum and what is the current status on the issue is.
Issue Description:
I am using the SSL API’s for client application to get connect to server and
that worked fine over IPv4. Now my requirement is to have the same
client-server communication over IPv6. And this time I also used the same
SSL API’s to get connected to server using IPv6 address, but faced issue in
that. That’s why I raised the same issue in forum itself.
Now I would like to summarize all the options which I used along with code
snippets and their outcome:
Approach 1:
int main()
{
Bio *conn;
SSL_library_init();
SSL_load_error_strings();
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
conn = BIO_new_connect("250::56ff:feab:20:80");
if(!conn)
{
int error = ERR_get_error();
char errorString[BUFFER_SIZE]; // Buffer size has been
initialized to 256.
ERR_error_string(error, errorString);
cout << "The error details returned by Bio_new_connect() are:" <<
errorString << endl;
return 0;
}
/* Configure the BIO as a non-blocking one */
BIO_set_nbio(conn, 1);
int retryCounter = 0;
while(retryCounter < CONNECT_MAX_TRY) // Connect_Max_try has been
initialized to 10.
{
int retVal = BIO_do_connect(conn);
if(retVal <= 0)
{
if(BIO_should_retry(conn))
{
retryCounter++;
cout << "try: BIO_do_connect return BIO_should_retry true!
Retrying later!" << endl;
sleep(CONNECT_SLEEP_INTERVAL);
continue;
}
else
{
int error = ERR_get_error();
char errorString[BUFFER_SIZE];
ERR_error_string(error, errorString);
cout << "The error details returned by Bio_do_connect()
are:" << errorString << endl;
break;
}
}
else
{
cout << "Bio_do_connect() passed successfully." << endl;
break;
}
}
return 0;
}
After executing the above program, the output came:
The error details returned by Bio_do_connect() are: error:02003000:system
library:getservbyname:system library
Approach 2:
All of the code mentioned above is same except this API call which is
BIO_new_connect("[250::56ff:feab:20]:80"). After executing this, the outcome
came as:
The error details returned by Bio_do_connect() are: error:2006A066:BIO
routines:BIO_get_host_ip:bad hostname lookup
Approach 3:
I followed the way suggested in forum and tried with IPv4 address. This
time, I am not able to make connection on IPV4 and biggest issue is that
nothing is coming in the error logs of SSL as well.
int main()
{
Bio *conn;
SSL_library_init();
SSL_load_error_strings();
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
char address[INET_ADDRSTRLEN+1] = "10.65.156.43";
int socket_desc = socket (AF_INET, SOCK_STREAM, 0);
if (socket_desc == INVALID_SOCKET)
{
cout << "The error retuned by socket is" << errno << endl;
}
cout << "The socket is created successfully." << endl;
struct sockaddr_in addrinfo;
addrinfo.sin_family = AF_INET;
addrinfo.sin_port = htons(80);
inet_pton(AF_INET, address, &(addrinfo.sin_addr.s_addr));
int retval = connect(socket_desc, (struct sockaddr *)&addrinfo, sizeof
(addrinfo));
if (retval != 0)
{
cout << " The error returned by socket connect is" << errno << endl;
}
cout << "The socket is connected successfully." << endl;
conn = BIO_new_socket(socket_desc,0);
if(!conn)
{
int error = ERR_get_error();
char errorString[BUFFER_SIZE];
ERR_error_string(error, errorString);
cout << "The error details returned by Bio_new_socket() are:" <<
errorString << endl;
}
/* Configure the BIO as a non-blocking one */
BIO_set_nbio(conn, 1);
int retryCounter = 0;
while(retryCounter < CONNECT_MAX_TRY) // whose value is 10.
{
int retVal = BIO_do_connect(conn);
if(retVal <= 0)
{
if(BIO_should_retry(conn))
{
retryCounter++;
cout << "try: BIO_do_connect return BIO_should_retry true!
Retrying later!" << endl;
sleep(CONNECT_SLEEP_INTERVAL);
continue;
}
else
{
int error = ERR_get_error();
char errorString[BUFFER_SIZE];
ERR_error_string(error, errorString);
cout << "The error details returned by Bio_do_connect()
are:" << errorString << endl;
break;
}
}
else
{
cout << "Bio_do_connect() passed successfully." << endl;
break;
}
}
return 0;
}
After executing program, the outcome came:
The error details returned by Bio_do_connect() are:
error:00000000:lib(0):func(0):reason(0)
So, my main queries or doubt are:
1) I wanted to have SSL API’s which could have been used for both IPv4
and IPv6 (client side application). Is there support for IPv6 in any of the
client side OpenSSl API or not? This has been my question from the first day
when I posted my query in forum but till now I haven’t got any concrete
response on this.
2) Since I am getting error in the IPv4 only when I followed the way
suggested in forum and nothing is coming in error logs. So, I don’t know how
to proceed further and my work is struck here.
3) I am also not clear why the error log is coming as 0 in approach 3
while in case 1 and case 2, I can see some error thrown by SSL API’s. I don’t
think in case 3, I am missing something which could cause error as 0.
4) I am not sure whether to ask this or not. But is it possible for
someone to try the approach 3 at their end and see if the similar problem is
observed by you as seen by me.
Please have a look and suggest something.
Thanks
Akanksha Shukla.
-----Original Message-----
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson
Sent: Tuesday, November 01, 2011 8:48 AM
To: openssl-users@openssl.org
Subject: RE: Open SSL API's Support For IPv6.
From: owner-openssl-us...@openssl.org On Behalf Of Akanksha Shukla
Sent: Monday, 31 October, 2011 08:48
<snip>
{
FILE * pFile1;
char mystring [500];
pFile1 = fopen ("result.txt","a");
if (pFile1!=NULL)
{
ERR_print_errors_fp(stderr);
if ( fgets (mystring , 500 , stderr) != NULL )
{
fputs (mystring, pFile);
}
fclose(pFile1);
}
<snip>
And also tried this one, but no luck.
<snip: same thing but no if() on fgets return>
These will never work. First of all, there's no promise
you can read from stderr (or stdout) at all. Even on systems
and in situations (e.g. redirection) where you can read,
you have to fseek or fsetpos first (or fflush if you
are already positioned, which here you aren't).
The approach I thought you had before,
if( pFile1 != NULL ) ERR_print_errors_fp (pFile1)
should work assuming the fopen succeeded.
Could 'results.txt' be a pre-existing file that is not writable?
(If this code is part of a bigger program/process, is everything
run and owned by your userid, or is it more complicated?)
I suggest divide and conquer -- just call
ERR_print_errors_fp(stdout)
You won't get the info to the file where you may want it,
but you should get it somewhere you can see,
assuming you are seeing the other cout<< stuff.
And printf or cout<< retVal, just to make sure what it is.
Then you can figure out writing to a file.
Even if you get hex codes instead of friendly strings,
because you didn't _load_error_strings, it's still better
than nothing. You can decode them with commandline errstr.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
