Using OpenSSL with non-blocking I/O
Hi, I am developing and application using OpenSSL. I have a proprietary system to handle connection/read data from sockets. All I need to do is to pass callback functions to the system to 1. Handle new connection 2. Read data on the given port Now while I use OpenSSL, I need to use SSL_connect and SSL_accept to do the handshake. But these calls are blocking and also use the sockets directly. Is there any way to use the library so that it works as a event-based handshake. Regards, Rajib
Re: Handshake fails when using SSL-BIOs (ADH-AES256-SHA)
I understand why nobody gave an answer to this question, because the crucial
hint was missing:
I am using the GLib GSocketService for handling incoming connections. The GLib
uses non-blocking
sockets under the hood which I was not aware of. Especially the
g_socket_set_blocking() function
does not affect the socket on the system layer but alters the behavior of the
GSocket wrapper.
The reason why my code did not work is that I should have used the
BIO_should_retry() function
whenever the {BIO_do_handshake(), BIO_puts(), BIO_gets(),...} functions
returned a return-code
less than zero.
I attached a minimal example of my working implementation.
glib-tls-server.tbz
Description: Binary data
Re: evp_encrypt_init_ex
Thanks Steve. On Thu, May 5, 2011 at 6:11 PM, Dr. Stephen Henson st...@openssl.orgwrote: On Thu, May 05, 2011, Prashant Batra wrote: Hi, One question regarding EVP_Encrypt APIs. EVP_EncryptInit_ex(ctx, cipher, NULL, (unsigned char *)enc_key, (unsigned char *)iv)) Is there a way to pass the iv as NULL during the call to the above API, and then update this later on. Yes. You set the iv parameter to NULL in the initial call and later set all parameters apart from the context and iv to NULL. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Prashant Batra Follow the dreams!!
Re: Using OpenSSL with non-blocking I/O
On Fri, May 06, 2011, Rajib Karmakar wrote: Hi, I am developing and application using OpenSSL. I have a proprietary system to handle connection/read data from sockets. All I need to do is to pass callback functions to the system to 1. Handle new connection 2. Read data on the given port Now while I use OpenSSL, I need to use SSL_connect and SSL_accept to do the handshake. But these calls are blocking and also use the sockets directly. Is there any way to use the library so that it works as a event-based handshake. Actually they aren't blocking and don't use sockets directly. They use a BIO I/O abstraction. Your problem can be resolved by either writing your own BIO or using BIO pairs. See the archives for discussion of these concepts. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: CMS_verify() with a public key instead of a cert
Hi,
CMS_verify() works fine if you have the signer cert, but now we have
a CMS file for which only the (trusted) signer public key is available.
Q: is there a high level function like CMS_verify() that works with a
public key?
If not: what would be the best alternative for us?
- Rewrite the CMS_verify() function to use public keys?
- Create a cert (with fake signature) with the public key?
In case someone should have to do the same: below is the code
to make a fake cert (if only 1 signerInfo is present).
After that you can call CMS_Verify() with flags = CMS_NO_SIGNER_CERT_VERIFY.
There's another catch: CMS_verify() changes the CMS_ContentInfo struct
in the sense the signer cert is added if it's not already present,
so subsequence CMS_verify() calls will keep using the added cert.
Don't know if that's intentional, but in our case, where we read
candidate certs/pubkeys from disk and try them one by one, we had
to work around this.
Cheers,
Stef
// E.g. of pubKey:
// 30 81 9f
//30 0d
// 06 09 2a 86 48 86 f7 0d 01 01 01
// 05 00
//03 81 8d
// 00
//30 81 89
// 02 81 81 00 83 b3 ba ... 16 41
// 02 03 01 00 01
void *CSOD::pubKey2DummyCert(CMS_ContentInfo *cms, unsigned char *pucPubKey,
unsigned long iPubKeyLen)
{
// Check that we have exactly 1 signerInfo field
CMS_SignerInfo *si = GetSignerInfo(cms);
if (si == NULL || si-sid == NULL)
return NULL;
CMS_SignerIdentifier *sid = si-sid;
// Convert pucPubKey - EVP_PKEY
BIO *bio = BIO_new_mem_buf(pucPubKey, iPubKeyLen);
if (bio == NULL)
return NULL;
EVP_PKEY *pubkey = d2i_PUBKEY_bio(bio, NULL);
BIO_free(bio);
if (pubkey == NULL)
return NULL;
// Create the unsigned cert
X509 *x = X509_new();
if (x == NULL) {
EVP_PKEY_free(pubkey);
return NULL;
}
// Add dummy data
X509_set_version(x,2);
X509_gmtime_adj(X509_get_notBefore(x), 0);
X509_gmtime_adj(X509_get_notAfter(x), (long) 60*60*24*10);
X509_set_pubkey(x,pubkey);
struct X509_name_st *subj = X509_get_subject_name(x);
X509_NAME_add_entry_by_txt(subj, C, MBSTRING_ASC, (const unsigned
char *) BE, -1, -1, 0);
X509_NAME_add_entry_by_txt(subj, CN, MBSTRING_ASC, (const unsigned
char *) Dummy, -1, -1, 0);
// The signer info (issuer+serialnr or keyid) in the SOD file must be
present
// in the dummy cert we're making, because the CMS_verify() function
needs this
if (sid-type == CMS_SIGNERINFO_ISSUER_SERIAL)
{
X509_set_issuer_name(x, sid-d.issuerAndSerialNumber-issuer);
X509_set_serialNumber(x,
sid-d.issuerAndSerialNumber-serialNumber);
}
else if (sid-type == CMS_SIGNERINFO_KEYIDENTIFIER)
{
if (x-skid != NULL)
M_ASN1_OCTET_STRING_free(x-skid);
x-skid = M_ASN1_OCTET_STRING_dup(sid-d.subjectKeyIdentifier);
// Set a dummy issuer DN and serial nr
ASN1_INTEGER_set(X509_get_serialNumber(x), 13);
struct X509_name_st *issuer = X509_get_subject_name(x);
X509_NAME_add_entry_by_txt(issuer, C, MBSTRING_ASC, (const
unsigned char *) BE, -1, -1, 0);
X509_NAME_add_entry_by_txt(issuer, CN, MBSTRING_ASC, (const
unsigned char *) Dummy CA, -1, -1, 0);
}
// Sign the cert with just any private key,
// CMS_verify() doesn't check this if flags = CMS_NO_SIGNER_CERT_VERIFY
RSA *rsa = RSA_generate_key(512, RSA_F4, NULL, NULL);
EVP_PKEY *privkey = EVP_PKEY_new();
if (EVP_PKEY_assign_RSA(privkey, rsa)) {
if (!X509_sign(x, privkey, EVP_sha1()))
{
X509_free(x);
x = NULL;
}
}
if (privkey != NULL)
EVP_PKEY_free(privkey);
return x;
}
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: CMS_verify() with a public key instead of a cert
On Fri, May 06, 2011, Stef Hoeben wrote: Hi, CMS_verify() works fine if you have the signer cert, but now we have a CMS file for which only the (trusted) signer public key is available. Q: is there a high level function like CMS_verify() that works with a public key? If not: what would be the best alternative for us? - Rewrite the CMS_verify() function to use public keys? - Create a cert (with fake signature) with the public key? In case someone should have to do the same: below is the code to make a fake cert (if only 1 signerInfo is present). After that you can call CMS_Verify() with flags = CMS_NO_SIGNER_CERT_VERIFY. There's another catch: CMS_verify() changes the CMS_ContentInfo struct in the sense the signer cert is added if it's not already present, so subsequence CMS_verify() calls will keep using the added cert. Don't know if that's intentional, but in our case, where we read candidate certs/pubkeys from disk and try them one by one, we had to work around this. If the CMS structure is using public keys without certificates then it presumably has some way of matching the public key to a key identifier: AFAIK there is no standard way to do this though. If so that would be a more efficient way of handling it rather than trial and error. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Multiple connection from 1 client
Hi, I have a server application, which accepts normal sockets and ssl socket connections. I am trying to make 3 connections to server from 1 client machine, on same server port. When i connect on normal sockets then it works with any number of connections. When i tried to connect SSL then they dont work. If i connect 1 client then it works. In my listen socket, I have SO_REUSEADDR socket option, at first i thought might be this is causing issue, but i tried to use SO_EXCLUSIVEADDRUSE even then it dont work. Has someone seen some issue like this, any possible suggestion for this? Thanks, // Harshvir
Re: Multiple connection from 1 client
Hi, I have a server application, which accepts normal sockets and ssl socket connections. I am trying to make 3 connections to server from 1 client machine, on same server port. When i connect on normal sockets then it works with any number of connections. When i tried to connect SSL then they dont work. If i connect 1 client then it works. In my listen socket, I have SO_REUSEADDR socket option, at first i thought might be this is causing issue, but i tried to use SO_EXCLUSIVEADDRUSE even then it dont work. Has someone seen some issue like this, any possible suggestion for this? Thanks, // Harshvir Hi, Can you show us the source code. Paste it into pastebin.org. Regards
Re: Re: Using OpenSSL with non-blocking I/O
Hi, I am developing and application using OpenSSL. I have a proprietary system to handle connection/read data from sockets. All I need to do is to pass callback functions to the system to 1. Handle new connection 2. Read data on the given port Now while I use OpenSSL, I need to use SSL_connect and SSL_accept to do the handshake. But these calls are blocking and also use the sockets directly. Is there any way to use the library so that it works as a event-based handshake. Actually they aren't blocking and don't use sockets directly. They use a BIO I/O abstraction. Your problem can be resolved by either writing your own BIO or using BIO pairs. See the archives for discussion of these concepts. Steve. -- Hi, Can you show us the source code. Paste it into pastebin.org. Regards
Re: Multiple connection from 1 client
My code is all jumbled up, its a big big code. I dont think i can share the code. If there is some particular call that you want to see, please let me know i will share the function call or block of calls. Thanks. On Fri, May 6, 2011 at 2:22 PM, derleader mail derlea...@abv.bg wrote: Hi, I have a server application, which accepts normal sockets and ssl socket connections. I am trying to make 3 connections to server from 1 client machine, on same server port. When i connect on normal sockets then it works with any number of connections. When i tried to connect SSL then they dont work. If i connect 1 client then it works. In my listen socket, I have SO_REUSEADDR socket option, at first i thought might be this is causing issue, but i tried to use SO_EXCLUSIVEADDRUSE even then it dont work. Has someone seen some issue like this, any possible suggestion for this? Thanks, // Harshvir Hi, Can you show us the source code. Paste it into pastebin.org. Regards
Re: Multiple connection from 1 client
On Fri May 6 2011, derleader mail wrote: Hi, I have a server application, which accepts normal sockets and ssl socket connections. I am trying to make 3 connections to server from 1 client machine, on same server port. When i connect on normal sockets then it works with any number of connections. When i tried to connect SSL then they dont work. If i connect 1 client then it works. In my listen socket, I have SO_REUSEADDR socket option, at first i thought might be this is causing issue, but i tried to use SO_EXCLUSIVEADDRUSE even then it dont work. Has someone seen some issue like this, any possible suggestion for this? Thanks, // Harshvir Hi, Can you show us the source code. Paste it into pastebin.org. Is there some reason you ask every poster on this mailing list for their source code? Mike Regards __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Using OpenSSL with non-blocking I/O
On 06 May 2011, at 9:23 PM, derleader mail wrote: Can you show us the source code. Paste it into pastebin.org. We do non blocking SSL by accepting the socket in the normal way (using accept, not SSL_accept), and then wrapping the socket in a BIO like this: BIO *sbio = BIO_new_socket(c-socket, BIO_NOCLOSE); SSL *ssl = SSL_new(ctx); SSL_set_bio(ssl, sbio, sbio); SSL_set_connect_state(ssl); We then put the socket in the event loop, and on read and write events we called SSL_read and SSL_write as appropriate. The first time we call SSL_read, the proper handshake is completed. One thing that you need to support for non blocking SSL to work properly is to take account the fact that during SSL_write, SSL may want to read from the socket, and during SSL_read, SSL may want to write. We keep track of whether a ready to read event should call SSL_read or SSL_write as appropriate, reacting to the SSL_ERROR_WANT_READ and SSL_ERROR_WANT_WRITE result codes. Regards, Graham -- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Multiple connection from 1 client
From: Harshvir Sidhu Hi, I have a server application, which accepts normal sockets and ssl socket connections. I am trying to make 3 connections to server from 1 client machine, on same server port. When i connect on normal sockets then it works with any number of connections. When i tried to connect SSL then they dont work. If i connect 1 client then it works. In my listen socket, I have SO_REUSEADDR socket option, at first i thought might be this is causing issue, but i tried to use SO_EXCLUSIVEADDRUSE even then it dont work. Has someone seen some issue like this, any possible suggestion for this? Thanks, // Harshvir http://www.catb.org/~esr/faqs/smart-questions.html
Re: Multiple connection from 1 client
Well i think this link is for my question. I have already done 1-5 from the Before you ask list. Number 6, i dont know anyone who use openssl. Number 7, it will take a lot of time to go through all the code, i was just trying to save some time. I thought user discussion forums are for this only. I apologize for my understanding. On Fri, May 6, 2011 at 5:18 PM, Jeremy Farrell jfarr...@pillardata.comwrote: *From:* Harshvir Sidhu Hi, I have a server application, which accepts normal sockets and ssl socket connections. I am trying to make 3 connections to server from 1 client machine, on same server port. When i connect on normal sockets then it works with any number of connections. When i tried to connect SSL then they dont work. If i connect 1 client then it works. In my listen socket, I have SO_REUSEADDR socket option, at first i thought might be this is causing issue, but i tried to use SO_EXCLUSIVEADDRUSE even then it dont work. Has someone seen some issue like this, any possible suggestion for this? Thanks, // Harshvir http://www.catb.org/~esr/faqs/smart-questions.html
Re: Multiple connection from 1 client
Harshvir, SO_REUSEADDR sock option has noting to do with ur problem, please go thro the socket ops man page to get a better understanding. First find out if ur server code is a blocking i/o or non blocking I/O..if former then connections will be handled sequentially..only after the 1st client is finished will the server be able to respond to the 2nd connect request. If non blocking then there should be no problem. Check the code if you see and O_NONBLOCK flag set in some fcntl call or check for FIONBIO flag. Thanks --Gayathri On Fri, May 6, 2011 at 5:29 PM, Harshvir Sidhu hvssi...@gmail.com wrote: Well i think this link is for my question. I have already done 1-5 from the Before you ask list. Number 6, i dont know anyone who use openssl. Number 7, it will take a lot of time to go through all the code, i was just trying to save some time. I thought user discussion forums are for this only. I apologize for my understanding. On Fri, May 6, 2011 at 5:18 PM, Jeremy Farrell jfarr...@pillardata.comwrote: *From:* Harshvir Sidhu Hi, I have a server application, which accepts normal sockets and ssl socket connections. I am trying to make 3 connections to server from 1 client machine, on same server port. When i connect on normal sockets then it works with any number of connections. When i tried to connect SSL then they dont work. If i connect 1 client then it works. In my listen socket, I have SO_REUSEADDR socket option, at first i thought might be this is causing issue, but i tried to use SO_EXCLUSIVEADDRUSE even then it dont work. Has someone seen some issue like this, any possible suggestion for this? Thanks, // Harshvir http://www.catb.org/~esr/faqs/smart-questions.html
Re: Using OpenSSL with non-blocking I/O
I think the openssl src already has sample server and client programs which are written in non blocking mode ..check wserver2.c if I am able to recall. On Fri, May 6, 2011 at 2:42 PM, Graham Leggett minf...@sharp.fm wrote: On 06 May 2011, at 9:23 PM, derleader mail wrote: Can you show us the source code. Paste it into pastebin.org. We do non blocking SSL by accepting the socket in the normal way (using accept, not SSL_accept), and then wrapping the socket in a BIO like this: BIO *sbio = BIO_new_socket(c-socket, BIO_NOCLOSE); SSL *ssl = SSL_new(ctx); SSL_set_bio(ssl, sbio, sbio); SSL_set_connect_state(ssl); We then put the socket in the event loop, and on read and write events we called SSL_read and SSL_write as appropriate. The first time we call SSL_read, the proper handshake is completed. One thing that you need to support for non blocking SSL to work properly is to take account the fact that during SSL_write, SSL may want to read from the socket, and during SSL_read, SSL may want to write. We keep track of whether a ready to read event should call SSL_read or SSL_write as appropriate, reacting to the SSL_ERROR_WANT_READ and SSL_ERROR_WANT_WRITE result codes. Regards, Graham -- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Multiple connection from 1 client
Gayatri, My server code is single threaded and i am using blocking sockets, i am using fd_set and select to wait for event on socket, and then performing operation based on the event that acts on a socket. I have an array of sockets to listen. So if i start listening on 3 different ports and from my client machien, i try to connect on them at different ports then it works fine, but when i use 1 listen port then it dont work properly. What i mean to say by work properly is that the connection is established, but when i am waiting for select to return event, then it dont show any activity when i send data from client, only 1 of them works, 2 dont work. In addition to that, when i use WireShark to see packets, then it shows that machine has received the packet from client. But server dont show that alert. Thats why i think it could be some socket option which is affecting it. // Harshvir On Fri, May 6, 2011 at 5:37 PM, Gayathri Sundar suraj...@gmail.com wrote: Harshvir, SO_REUSEADDR sock option has noting to do with ur problem, please go thro the socket ops man page to get a better understanding. First find out if ur server code is a blocking i/o or non blocking I/O..if former then connections will be handled sequentially..only after the 1st client is finished will the server be able to respond to the 2nd connect request. If non blocking then there should be no problem. Check the code if you see and O_NONBLOCK flag set in some fcntl call or check for FIONBIO flag. Thanks --Gayathri On Fri, May 6, 2011 at 5:29 PM, Harshvir Sidhu hvssi...@gmail.com wrote: Well i think this link is for my question. I have already done 1-5 from the Before you ask list. Number 6, i dont know anyone who use openssl. Number 7, it will take a lot of time to go through all the code, i was just trying to save some time. I thought user discussion forums are for this only. I apologize for my understanding. On Fri, May 6, 2011 at 5:18 PM, Jeremy Farrell jfarr...@pillardata.comwrote: *From:* Harshvir Sidhu Hi, I have a server application, which accepts normal sockets and ssl socket connections. I am trying to make 3 connections to server from 1 client machine, on same server port. When i connect on normal sockets then it works with any number of connections. When i tried to connect SSL then they dont work. If i connect 1 client then it works. In my listen socket, I have SO_REUSEADDR socket option, at first i thought might be this is causing issue, but i tried to use SO_EXCLUSIVEADDRUSE even then it dont work. Has someone seen some issue like this, any possible suggestion for this? Thanks, // Harshvir http://www.catb.org/~esr/faqs/smart-questions.html
Re: Multiple connection from 1 client
Harsh, Okay from what I can understand, if you make ur underlying fd non blocking then it would work fine. Blocking FDs, unless and until one client is finished with its processing the other client will not be able to communicate with the server as the previous fd is blocked. The server is waiting on the 1st client to finish. When you have 3 ports and 3 clients then ofcourse it will work. thanks --Gayathri On Fri, May 6, 2011 at 5:50 PM, Harshvir Sidhu hvssi...@gmail.com wrote: Gayatri, My server code is single threaded and i am using blocking sockets, i am using fd_set and select to wait for event on socket, and then performing operation based on the event that acts on a socket. I have an array of sockets to listen. So if i start listening on 3 different ports and from my client machien, i try to connect on them at different ports then it works fine, but when i use 1 listen port then it dont work properly. What i mean to say by work properly is that the connection is established, but when i am waiting for select to return event, then it dont show any activity when i send data from client, only 1 of them works, 2 dont work. In addition to that, when i use WireShark to see packets, then it shows that machine has received the packet from client. But server dont show that alert. Thats why i think it could be some socket option which is affecting it. // Harshvir On Fri, May 6, 2011 at 5:37 PM, Gayathri Sundar suraj...@gmail.comwrote: Harshvir, SO_REUSEADDR sock option has noting to do with ur problem, please go thro the socket ops man page to get a better understanding. First find out if ur server code is a blocking i/o or non blocking I/O..if former then connections will be handled sequentially..only after the 1st client is finished will the server be able to respond to the 2nd connect request. If non blocking then there should be no problem. Check the code if you see and O_NONBLOCK flag set in some fcntl call or check for FIONBIO flag. Thanks --Gayathri On Fri, May 6, 2011 at 5:29 PM, Harshvir Sidhu hvssi...@gmail.comwrote: Well i think this link is for my question. I have already done 1-5 from the Before you ask list. Number 6, i dont know anyone who use openssl. Number 7, it will take a lot of time to go through all the code, i was just trying to save some time. I thought user discussion forums are for this only. I apologize for my understanding. On Fri, May 6, 2011 at 5:18 PM, Jeremy Farrell jfarr...@pillardata.comwrote: *From:* Harshvir Sidhu Hi, I have a server application, which accepts normal sockets and ssl socket connections. I am trying to make 3 connections to server from 1 client machine, on same server port. When i connect on normal sockets then it works with any number of connections. When i tried to connect SSL then they dont work. If i connect 1 client then it works. In my listen socket, I have SO_REUSEADDR socket option, at first i thought might be this is causing issue, but i tried to use SO_EXCLUSIVEADDRUSE even then it dont work. Has someone seen some issue like this, any possible suggestion for this? Thanks, // Harshvir http://www.catb.org/~esr/faqs/smart-questions.html
Re: Multiple connection from 1 client
And I cannot imagine a case where a blocking FD is useful except it is lazier to code that way. You need to use non-blocking. E At 04:03 PM 5/6/2011, you wrote: Harsh, Okay from what I can understand, if you make ur underlying fd non blocking then it would work fine. Blocking FDs, unless and until one client is finished with its processing the other client will not be able to communicate with the server as the previous fd is blocked. The server is waiting on the 1st client to finish. When you have 3 ports and 3 clients then ofcourse it will work. thanks --Gayathri On Fri, May 6, 2011 at 5:50 PM, Harshvir Sidhu mailto:hvssi...@gmail.comhvssi...@gmail.com wrote: Gayatri, My server code is single threaded and i am using blocking sockets, i am using fd_set and select to wait for event on socket, and then performing operation based on the event that acts on a socket. I have an array of sockets to listen. So if i start listening on 3 different ports and from my client machien, i try to connect on them at different ports then it works fine, but when i use 1 listen port then it dont work properly. What i mean to say by work properly is that the connection is established, but when i am waiting for select to return event, then it dont show any activity when i send data from client, only 1 of them works, 2 dont work. In addition to that, when i use WireShark to see packets, then it shows that machine has received the packet from client. But server dont show that alert. Thats why i think it could be some socket option which is affecting it. // Harshvir On Fri, May 6, 2011 at 5:37 PM, Gayathri Sundar mailto:suraj...@gmail.comsuraj...@gmail.com wrote: Harshvir, SO_REUSEADDR sock option has noting to do with ur problem, please go thro the socket ops man page to get a better understanding. First find out if ur server code is a blocking i/o or non blocking I/O..if former then connections will be handled sequentially..only after the 1st client is finished will the server be able to respond to the 2nd connect request. If non blocking then there should be no problem. Check the code if you see and O_NONBLOCK flag set in some fcntl call or check for FIONBIO flag. Thanks --Gayathri On Fri, May 6, 2011 at 5:29 PM, Harshvir Sidhu mailto:hvssi...@gmail.comhvssi...@gmail.com wrote: Well i think this link is for my question. I have already done 1-5 from the Before you ask list. Number 6, i dont know anyone who use openssl. Number 7, it will take a lot of time to go through all the code, i was just trying to save some time. I thought user discussion forums are for this only. I apologize for my understanding. On Fri, May 6, 2011 at 5:18 PM, Jeremy Farrell mailto:jfarr...@pillardata.comjfarr...@pillardata.com wrote: From: Harshvir Sidhu Hi, I have a server application, which accepts normal sockets and ssl socket connections. I am trying to make 3 connections to server from 1 client machine, on same server port. When i connect on normal sockets then it works with any number of connections. When i tried to connect SSL then they dont work. If i connect 1 client then it works. In my listen socket, I have SO_REUSEADDR socket option, at first i thought might be this is causing issue, but i tried to use SO_EXCLUSIVEADDRUSE even then it dont work. Has someone seen some issue like this, any possible suggestion for this? Thanks, // Harshvir http://www.catb.org/~esr/faqs/smart-questions.htmlhttp://www.catb.org/~esr/faqs/smart-questions.html Eric S. Eberhard (928) 567-3727 Voice (928) 567-6122 Fax (928) 301-7537 Cell Vertical Integrated Computer Systems, LLC Metropolis Support, LLC For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com Pictures of Snake in Spring http://www.facebook.com/album.php?aid=115547id=1409661701l=1c375e1f49 Pictures of Camp Verde http://www.facebook.com/album.php?aid=12771id=1409661701l=fc0e0a2bcf Pictures of Land Cruiser in Sedona http://www.facebook.com/album.php?aid=50953id=1409661701 Pictures of Flagstaff area near our cabin http://www.facebook.com/album.php?aid=12750id=1409661701 Pictures of Cheryl in a Horse Show http://www.facebook.com/album.php?aid=32484id=1409661701 Pictures of the AZ Desert http://www.facebook.com/album.php?aid=58827id=1409661701 (You can see why we love this state :-) ) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Multiple connection from 1 client
Thanks for the reply Gayathri. Do you mean to changing the sockets to non blocking, or when i create bio for ssl to make that as non blocking? Thanks. On Fri, May 6, 2011 at 6:03 PM, Gayathri Sundar suraj...@gmail.com wrote: Harsh, Okay from what I can understand, if you make ur underlying fd non blocking then it would work fine. Blocking FDs, unless and until one client is finished with its processing the other client will not be able to communicate with the server as the previous fd is blocked. The server is waiting on the 1st client to finish. When you have 3 ports and 3 clients then ofcourse it will work. thanks --Gayathri On Fri, May 6, 2011 at 5:50 PM, Harshvir Sidhu hvssi...@gmail.com wrote: Gayatri, My server code is single threaded and i am using blocking sockets, i am using fd_set and select to wait for event on socket, and then performing operation based on the event that acts on a socket. I have an array of sockets to listen. So if i start listening on 3 different ports and from my client machien, i try to connect on them at different ports then it works fine, but when i use 1 listen port then it dont work properly. What i mean to say by work properly is that the connection is established, but when i am waiting for select to return event, then it dont show any activity when i send data from client, only 1 of them works, 2 dont work. In addition to that, when i use WireShark to see packets, then it shows that machine has received the packet from client. But server dont show that alert. Thats why i think it could be some socket option which is affecting it. // Harshvir On Fri, May 6, 2011 at 5:37 PM, Gayathri Sundar suraj...@gmail.comwrote: Harshvir, SO_REUSEADDR sock option has noting to do with ur problem, please go thro the socket ops man page to get a better understanding. First find out if ur server code is a blocking i/o or non blocking I/O..if former then connections will be handled sequentially..only after the 1st client is finished will the server be able to respond to the 2nd connect request. If non blocking then there should be no problem. Check the code if you see and O_NONBLOCK flag set in some fcntl call or check for FIONBIO flag. Thanks --Gayathri On Fri, May 6, 2011 at 5:29 PM, Harshvir Sidhu hvssi...@gmail.comwrote: Well i think this link is for my question. I have already done 1-5 from the Before you ask list. Number 6, i dont know anyone who use openssl. Number 7, it will take a lot of time to go through all the code, i was just trying to save some time. I thought user discussion forums are for this only. I apologize for my understanding. On Fri, May 6, 2011 at 5:18 PM, Jeremy Farrell jfarr...@pillardata.com wrote: *From:* Harshvir Sidhu Hi, I have a server application, which accepts normal sockets and ssl socket connections. I am trying to make 3 connections to server from 1 client machine, on same server port. When i connect on normal sockets then it works with any number of connections. When i tried to connect SSL then they dont work. If i connect 1 client then it works. In my listen socket, I have SO_REUSEADDR socket option, at first i thought might be this is causing issue, but i tried to use SO_EXCLUSIVEADDRUSE even then it dont work. Has someone seen some issue like this, any possible suggestion for this? Thanks, // Harshvir http://www.catb.org/~esr/faqs/smart-questions.html
Re: Multiple connection from 1 client
Change the sockets. This is what I use:
int setblock(fd, mode)
int fd;
int mode; /* True - blocking, False - non blocking */
{
int flags;
int prevmode;
flags = fcntl(fd, F_GETFL, 0);
prevmode = !(flags O_NDELAY);
if (mode)
flags = ~O_NDELAY; /* turn blocking on */
else
flags |= O_NDELAY; /* turn blocking off */
fcntl(fd, F_SETFL, flags);
return prevmode;
}
Since it returns the existing mode you can use as such:
prevmode = setblock(fd,0) /* turn of blocking */
/* do your thing */
(void)setblock(fd,prevmode);/* restore to
original condition */
At 04:15 PM 5/6/2011, you wrote:
Thanks for the reply Gayathri.
Do you mean to changing the sockets to non blocking, or when i
create bio for ssl to make that as non blocking?
Thanks.
On Fri, May 6, 2011 at 6:03 PM, Gayathri Sundar
mailto:suraj...@gmail.comsuraj...@gmail.com wrote:
Harsh,
Okay from what I can understand, if you make ur underlying fd non
blocking then it would work fine. Blocking FDs, unless and until one
client is finished with its processing the other client will not be
able to communicate with the server as the previous fd is blocked.
The server is waiting on the 1st client to finish. When you have 3
ports and 3 clients then ofcourse it will work.
thanks
--Gayathri
On Fri, May 6, 2011 at 5:50 PM, Harshvir Sidhu
mailto:hvssi...@gmail.comhvssi...@gmail.com wrote:
Gayatri,
My server code is single threaded and i am using blocking sockets, i
am using fd_set and select to wait for event on socket, and then
performing operation based on the event that acts on a socket.
I have an array of sockets to listen. So if i start listening on 3
different ports and from my client machien, i try to connect on them
at different ports then it works fine, but when i use 1 listen port
then it dont work properly. What i mean to say by work properly is
that the connection is established, but when i am waiting for select
to return event, then it dont show any activity when i send data
from client, only 1 of them works, 2 dont work.
In addition to that, when i use WireShark to see packets, then it
shows that machine has received the packet from client. But server
dont show that alert.
Thats why i think it could be some socket option which is affecting it.
// Harshvir
On Fri, May 6, 2011 at 5:37 PM, Gayathri Sundar
mailto:suraj...@gmail.comsuraj...@gmail.com wrote:
Harshvir,
SO_REUSEADDR sock option has noting to do with ur problem, please go
thro the socket ops man page to get a better understanding. First
find out if ur server code is a blocking i/o or non blocking I/O..if
former then connections will be handled sequentially..only after the
1st client is finished will the server be able to respond to the 2nd
connect request. If non blocking then there should be no problem.
Check the code if you see and O_NONBLOCK flag set in some fcntl call
or check for FIONBIO flag.
Thanks
--Gayathri
On Fri, May 6, 2011 at 5:29 PM, Harshvir Sidhu
mailto:hvssi...@gmail.comhvssi...@gmail.com wrote:
Well i think this link is for my question.
I have already done 1-5 from the Before you ask list.
Number 6, i dont know anyone who use openssl.
Number 7, it will take a lot of time to go through all the code, i
was just trying to save some time. I thought user discussion forums
are for this only. I apologize for my understanding.
On Fri, May 6, 2011 at 5:18 PM, Jeremy Farrell
mailto:jfarr...@pillardata.comjfarr...@pillardata.com wrote:
From: Harshvir Sidhu
Hi,
I have a server application, which accepts normal sockets and
ssl socket connections. I am trying to make 3 connections to server
from 1 client machine, on same server port.
When i connect on normal sockets then it works with any number
of connections.
When i tried to connect SSL then they dont work. If i connect 1
client then it works.
In my listen socket, I have SO_REUSEADDR socket option, at first
i thought might be this is causing issue, but i tried to use
SO_EXCLUSIVEADDRUSE even then it dont work.
Has someone seen some issue like this, any possible suggestion for this?
Thanks,
// Harshvir
http://www.catb.org/~esr/faqs/smart-questions.htmlhttp://www.catb.org/~esr/faqs/smart-questions.html
Eric S. Eberhard
(928) 567-3727 Voice
(928) 567-6122 Fax
(928) 301-7537 Cell
Vertical Integrated Computer Systems, LLC
Metropolis Support, LLC
For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com
Pictures of Snake in Spring
http://www.facebook.com/album.php?aid=115547id=1409661701l=1c375e1f49
Pictures of Camp Verde
http://www.facebook.com/album.php?aid=12771id=1409661701l=fc0e0a2bcf
Pictures of Land Cruiser in Sedona
http://www.facebook.com/album.php?aid=50953id=1409661701
Pictures of
Re: Multiple connection from 1 client
Yes, you need to make the underlying socket non blocking, and at the same time gotta change the way you call SSL_accept, SSL_read, write etc to handle non block error conditions like want_read, want_write errors, use the code Eric has given to make the fd non block, or u can also set the bio non block by using FIONBIO option. basically you really need to write an asynchronous state machine. Thanks --Gayathri On Friday, May 6, 2011, Harshvir Sidhu hvssi...@gmail.com wrote: Thanks for the reply Gayathri.Do you mean to changing the sockets to non blocking, or when i create bio for ssl to make that as non blocking? Thanks. On Fri, May 6, 2011 at 6:03 PM, Gayathri Sundar suraj...@gmail.com wrote: Harsh, Okay from what I can understand, if you make ur underlying fd non blocking then it would work fine. Blocking FDs, unless and until one client is finished with its processing the other client will not be able to communicate with the server as the previous fd is blocked. The server is waiting on the 1st client to finish. When you have 3 ports and 3 clients then ofcourse it will work. thanks--Gayathri On Fri, May 6, 2011 at 5:50 PM, Harshvir Sidhu hvssi...@gmail.com wrote: Gayatri,My server code is single threaded and i am using blocking sockets, i am using fd_set and select to wait for event on socket, and then performing operation based on the event that acts on a socket. I have an array of sockets to listen. So if i start listening on 3 different ports and from my client machien, i try to connect on them at different ports then it works fine, but when i use 1 listen port then it dont work properly. What i mean to say by work properly is that the connection is established, but when i am waiting for select to return event, then it dont show any activity when i send data from client, only 1 of them works, 2 dont work. In addition to that, when i use WireShark to see packets, then it shows that machine has received the packet from client. But server dont show that alert.Thats why i think it could be some socket option which is affecting it. // Harshvir On Fri, May 6, 2011 at 5:37 PM, Gayathri Sundar suraj...@gmail.com wrote: Harshvir, SO_REUSEADDR sock option has noting to do with ur problem, please go thro the socket ops man page to get a better understanding. First find out if ur server code is a blocking i/o or non blocking I/O..if former then connections will be handled sequentially..only after the 1st client is finished will the server be able to respond to the 2nd connect request. If non blocking then there should be no problem. Check the code if you see and O_NONBLOCK flag set in some fcntl call or check for FIONBIO flag. Thanks--Gayathri On Fri, May 6, 2011 at 5:29 PM, Harshvir Sidhu hvssi...@gmail.com wrote: Well i think this link is for my question.I have already done 1-5 from the Before you ask list.Number 6, i dont know anyone who use openssl. Number 7, it will take a lot of time to go through all the code, i was just trying to save some time. I thought user discussion forums are for this only. I apologize for my understanding. On Fri, May 6, 2011 at 5:18 PM, Jeremy Farrell jfarr...@pillardata.com wrote: From: Harshvir Sidhu Hi, I have a server application, which accepts normal sockets and ssl socket connections. I am trying to make 3 connections to server from 1 client machine, on same server port. When i connect on normal sockets then it works with any number of connections. When i tried to connect SSL then they dont work. If i connect 1 client then it works. In my listen socket, I have SO_REUSEADDR socket option, at first i thoug __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Multiple connection from 1 client
Thanks, I will give this a try.
// Harshvir
On Fri, May 6, 2011 at 6:44 PM, Eric S. Eberhard fl...@vicsmba.com wrote:
Change the sockets. This is what I use:
int setblock(fd, mode)
int fd;
int mode; /* True - blocking, False - non blocking */
{
int flags;
int prevmode;
flags = fcntl(fd, F_GETFL, 0);
prevmode = !(flags O_NDELAY);
if (mode)
flags = ~O_NDELAY; /* turn blocking on */
else
flags |= O_NDELAY; /* turn blocking off */
fcntl(fd, F_SETFL, flags);
return prevmode;
}
Since it returns the existing mode you can use as such:
prevmode = setblock(fd,0) /* turn of blocking */
/* do your thing */
(void)setblock(fd,prevmode);/* restore to original
condition */
At 04:15 PM 5/6/2011, you wrote:
Thanks for the reply Gayathri.
Do you mean to changing the sockets to non blocking, or when i create bio
for ssl to make that as non blocking?
Thanks.
On Fri, May 6, 2011 at 6:03 PM, Gayathri Sundar mailto:
suraj...@gmail.comsuraj...@gmail.com wrote:
Harsh,
Okay from what I can understand, if you make ur underlying fd non blocking
then it would work fine. Blocking FDs, unless and until one client is
finished with its processing the other client will not be able to
communicate with the server as the previous fd is blocked. The server is
waiting on the 1st client to finish. When you have 3 ports and 3 clients
then ofcourse it will work.
thanks
--Gayathri
On Fri, May 6, 2011 at 5:50 PM, Harshvir Sidhu mailto:
hvssi...@gmail.comhvssi...@gmail.com wrote:
Gayatri,
My server code is single threaded and i am using blocking sockets, i am
using fd_set and select to wait for event on socket, and then performing
operation based on the event that acts on a socket.
I have an array of sockets to listen. So if i start listening on 3
different ports and from my client machien, i try to connect on them at
different ports then it works fine, but when i use 1 listen port then it
dont work properly. What i mean to say by work properly is that the
connection is established, but when i am waiting for select to return event,
then it dont show any activity when i send data from client, only 1 of them
works, 2 dont work.
In addition to that, when i use WireShark to see packets, then it shows
that machine has received the packet from client. But server dont show that
alert.
Thats why i think it could be some socket option which is affecting it.
// Harshvir
On Fri, May 6, 2011 at 5:37 PM, Gayathri Sundar mailto:
suraj...@gmail.comsuraj...@gmail.com wrote:
Harshvir,
SO_REUSEADDR sock option has noting to do with ur problem, please go thro
the socket ops man page to get a better understanding. First find out if ur
server code is a blocking i/o or non blocking I/O..if former then
connections will be handled sequentially..only after the 1st client is
finished will the server be able to respond to the 2nd connect request. If
non blocking then there should be no problem. Check the code if you see and
O_NONBLOCK flag set in some fcntl call or check for FIONBIO flag.
Thanks
--Gayathri
On Fri, May 6, 2011 at 5:29 PM, Harshvir Sidhu mailto:
hvssi...@gmail.comhvssi...@gmail.com wrote:
Well i think this link is for my question.
I have already done 1-5 from the Before you ask list.
Number 6, i dont know anyone who use openssl.
Number 7, it will take a lot of time to go through all the code, i was
just trying to save some time. I thought user discussion forums are for this
only. I apologize for my understanding.
On Fri, May 6, 2011 at 5:18 PM, Jeremy Farrell mailto:
jfarr...@pillardata.comjfarr...@pillardata.com wrote:
From: Harshvir Sidhu
Hi,
I have a server application, which accepts normal sockets and ssl socket
connections. I am trying to make 3 connections to server from 1 client
machine, on same server port.
When i connect on normal sockets then it works with any number of
connections.
When i tried to connect SSL then they dont work. If i connect 1 client
then it works.
In my listen socket, I have SO_REUSEADDR socket option, at first i
thought might be this is causing issue, but i tried to use
SO_EXCLUSIVEADDRUSE even then it dont work.
Has someone seen some issue like this, any possible suggestion for this?
Thanks,
// Harshvir
http://www.catb.org/~esr/faqs/smart-questions.html
http://www.catb.org/~esr/faqs/smart-questions.html
Eric S. Eberhard
(928) 567-3727 Voice
(928) 567-6122 Fax
(928) 301-7537 Cell
Vertical Integrated Computer Systems, LLC
Metropolis Support, LLC
For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com
Pictures of Snake in Spring
http://www.facebook.com/album.php?aid=115547id=1409661701l=1c375e1f49
Pictures of Camp Verde
Re: Multiple connection from 1 client
Harsh.,
If u have any specific doubts in writing this asynchronous state
machine email me privately at suraj...@gmail.com.
I am pretty much jobless right now and can spend some time on this.
Thanks
--Gayathri
On Friday, May 6, 2011, Harshvir Sidhu hvssi...@gmail.com wrote:
Thanks, I will give this a try.
// Harshvir
On Fri, May 6, 2011 at 6:44 PM, Eric S. Eberhard fl...@vicsmba.com wrote:
Change the sockets. This is what I use:
int setblock(fd, mode)
int fd;
int mode; /* True - blocking, False - non blocking */
{
int flags;
int prevmode;
flags = fcntl(fd, F_GETFL, 0);
prevmode = !(flags O_NDELAY);
if (mode)
flags = ~O_NDELAY; /* turn blocking on */
else
flags |= O_NDELAY; /* turn blocking off */
fcntl(fd, F_SETFL, flags);
return prevmode;
}
Since it returns the existing mode you can use as such:
prevmode = setblock(fd,0) /* turn of blocking */
/* do your thing */
(void)setblock(fd,prevmode); /* restore to original
condition */
At 04:15 PM 5/6/2011, you wrote:
Thanks for the reply Gayathri.
Do you mean to changing the sockets to non blocking, or when i create bio for
ssl to make that as non blocking?
Thanks.
On Fri, May 6, 2011 at 6:03 PM, Gayathri Sundar
mailto:suraj...@gmail.comsuraj...@gmail.com wrote:
Harsh,
Okay from what I can understand, if you make ur underlying fd non blocking
then it would work fine. Blocking FDs, unless and until one client is
finished with its processing the other client will not be able to communicate
with the server as the previous fd is blocked. The server is waiting on the
1st client to finish. When you have 3 ports and 3 clients then ofcourse it
will work.
thanks
--Gayathri
On Fri, May 6, 2011 at 5:50 PM, Harshvir Sidhu
mailto:hvssi...@gmail.comhvssi...@gmail.com wrote:
Gayatri,
My server code is single threaded and i am using blocking sockets, i am using
fd_set and select to wait for event on socket, and then performing operation
based on the event that acts on a socket.
I have an array of sockets to listen. So if i start listening on 3 different
ports and from my client machien, i try to connect on them at different ports
then it works fine, but when i use 1 listen port then it dont work properly.
What i mean to say by work properly is that the connection is established,
but when i am waiting for select to return event, then it dont show any
activity when i send data from client, only 1 of them works, 2 dont work.
In addition to that, when i use WireShark to see packets, then it shows that
machine has received the packet from client. But server dont show that alert.
Thats why i think it could be some socket option which is affecting it.
// Harshvir
On Fri, May 6, 2011 at 5:37 PM, Gayathri Sundar
mailto:suraj...@gmail.comsuraj...@gmail.com wrote:
Harshvir,
SO_REUSEADDR sock option has noting to do with ur problem, please go thro the
socket ops man page to get a better understanding. First find out if ur
server code is a blocking i/o or non blocking I/O..if former then connections
will be handled sequentially..only after the 1st client is finished will the
server be able to respond to the 2nd connect request. If non blocking then
there should be no problem. Check the code if you see and O_NONBLOCK flag set
in some fcntl call or check for FIONBIO flag.
Thanks
--Gayathri
On Fri, May 6, 2011 at 5:29 PM, Harshvir Sidhu
mailto:hvssi...@gmail.comhvssi...@gmail.com wrote:
Well i think this link is for my question.
I have already done 1-5 from the Before you ask list.
Number 6, i dont know anyone who use openssl.
Number 7, it will take a lot of time to go through all the code, i was just
trying to save some time. I thought user discussion forums are for this only.
I apologize for my understanding.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Initialization Vector for EVP_rc4() ?
Hello, I need to exchange encrypted content with an existing application on Windows with an RC4 key that is salted as per http://msdn.microsoft.com/en-us/library/aa387782%28v=vs.85%29.aspx (KP_SALT_EX). Note that this is not a passphrase and salt key derivation, but a cipher initialized with some a known key and known initialization vector, similar to a block cipher. I think technically RC4 does not have an IV, but what is the equivalent operation I can perform in openssl to get the cipher in the desired state? Specifying the salt as the iv param in EVP_EncryptInit does not work. TIA, ~ Remus __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
