Re: [openssl-users] QcStatements with OpenSSL (C++)?

2017-05-05 Thread Matthias Ballreich 
thanks :)

But can you explain how i got the concrete data like QCStatement? Because there 
is no defined structure in OpenSSL like for example CRLDistributionPoints. So 
which structure and functions i have to use, to get the matching data?

QCStatement ::= SEQUENCE {

  statementId   QC-STATEMENT.({SupportedStatements}),
  statementInfo QC-STATEMENT.
  ({SupportedStatements}{@statementId}) OPTIONAL }

thanks again!


Von: openssl-users  im Auftrag von lists 

Gesendet: Mittwoch, 26. April 2017 17:06:58
An: openssl-users@openssl.org
Betreff: Re: [openssl-users] QcStatements with OpenSSL (C++)?

On 04/17/2017 06:40 PM, Matthias Ballreich wrote:

Hi there,

can OpenSSL pasre QcStatement X509v3 Extension btw. Did OpenSSL Support these?
Any Piece of example Code of how can i parse the data?


To my knowledge, there is direct support for the qcStatements, you must parse 
it yourself.
I asked for some help on the list more or less a month ago, I was trying to 
develop the required structures but apparently I got lost in the OpenSSL macro 
jungle, finally I had to quit working on it.
What you can do is search for specific statements of interest to you (there are 
quite a bit) by parsing the attribute.
Get the attribute NID of the object in the extension and see if it matches the 
NID of qcStatements:

oneObj = X509_EXTENSION_get_object(oneExt);
objnid = OBJ_obj2nid(theObj);
if (objnid == NID_qcStatements)
  { printf("DEBUG:ext:GOTCHA!:this is qcStatements!\n"); }

you then extract the data from the object and parse it.
For the moment I have this ugly quick way of doing it, for instance for a 
simple one:

#define UC_id_etsi_qcs_QcCompliance "0.4.0.1862.1.1"

  if (strstr(extdump, UC_id_etsi_qcs_QcCompliance) == NULL)
{ printf("INFO:QcCompliance:no:\n"); }
  else
{ printf("INFO:QcCompliance:yes:\n"); }



Thanks
Matthias


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] forking server question

2017-05-05 Thread Robert Cousins 
Please excuse what is a simple question: what is the proper way to clean
up in the parent and child when writing a forking server using OpenSSL?
(I expected this would be a FAQ, but I couldn't find it.)  I have code
which works, but I have the nagging feeling that I'm leaking on the
parent side. Here is my main program:

int
main(int argc, char *argv[])
{
  BIO *acc;
  SSL_CTX *ctx;
  install_sigchld();/* Install signal handlers */
  init_OpenSSL(  );/* Initialize library, RNG, etc. */
  ctx = setup_server_ctx(  );/* Build Context */
  if (!(acc = BIO_new_accept(PORT)))/* Get ready for connection */
int_error("Error creating server socket");
  if (BIO_do_accept(acc) <= 0)/* Bind to socket */
int_error("Error binding server socket");
  while (1) {
SSL *ssl;
int fd = -1;
if (BIO_do_accept(acc) <= 0) /* Accept the connection */
  int_error("Error accepting connection");
BIO *client = BIO_pop(acc);/* get the client off BIO */
switch (fork()) {
case -1: err(1,"Fork failed"); /* error */
default:/* parent */
  BIO_get_fd(client,);/* close the socket on parent side */
  close(fd);
  break;
case 0:/* child */
  if (!(ssl = SSL_new(ctx)))/* create new context */
int_error("Error creating SSL context");
  SSL_set_accept_state(ssl);
  SSL_set_bio(ssl, client, client);
  do_work(ssl);/* go do some work */
  exit(0);/* leave (we'll get sigchld) */
}   
  }
  SSL_CTX_free(ctx);
  BIO_free(acc);
  return 0;
}


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users