RE: Open SSL API's Support For IPv6.
else { int error = ERR_get_error(); char errorString[BUFFER_SIZE]; ERR_error_string(error, errorString); cout << "The error details returned by Bio_do_connect() are:" << errorString << endl; break; } } else { cout << "Bio_do_connect() passed successfully." << endl; break; } } return 0; } After executing program, the outcome came: The error details returned by Bio_do_connect() are: error::lib(0):func(0):reason(0) So, my main queries or doubt are: 1) I wanted to have SSL API's which could have been used for both IPv4 and IPv6 (client side application). Is there support for IPv6 in any of the client side OpenSSl API or not? This has been my question from the first day when I posted my query in forum but till now I haven't got any concrete response on this. 2) Since I am getting error in the IPv4 only when I followed the way suggested in forum and nothing is coming in error logs. So, I don't know how to proceed further and my work is struck here. 3) I am also not clear why the error log is coming as 0 in approach 3 while in case 1 and case 2, I can see some error thrown by SSL API's. I don't think in case 3, I am missing something which could cause error as 0. 4) I am not sure whether to ask this or not. But is it possible for someone to try the approach 3 at their end and see if the similar problem is observed by you as seen by me. Please have a look and suggest something. Thanks Akanksha Shukla. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: Tuesday, November 01, 2011 8:48 AM To: openssl-users@openssl.org Subject: RE: Open SSL API's Support For IPv6. > From: owner-openssl-us...@openssl.org On Behalf Of Akanksha Shukla > Sent: Monday, 31 October, 2011 08:48 > { > FILE * pFile1; > char mystring [500]; > pFile1 = fopen ("result.txt","a"); > if (pFile1!=NULL) > { > ERR_print_errors_fp(stderr); > if ( fgets (mystring , 500 , stderr) != NULL ) > { >fputs (mystring, pFile); > } > fclose(pFile1); > } > And also tried this one, but no luck. These will never work. First of all, there's no promise you can read from stderr (or stdout) at all. Even on systems and in situations (e.g. redirection) where you can read, you have to fseek or fsetpos first (or fflush if you are already positioned, which here you aren't). The approach I thought you had before, if( pFile1 != NULL ) ERR_print_errors_fp (pFile1) should work assuming the fopen succeeded. Could 'results.txt' be a pre-existing file that is not writable? (If this code is part of a bigger program/process, is everything run and owned by your userid, or is it more complicated?) I suggest divide and conquer -- just call ERR_print_errors_fp(stdout) You won't get the info to the file where you may want it, but you should get it somewhere you can see, assuming you are seeing the other cout<< stuff. And printf or cout<< retVal, just to make sure what it is. Then you can figure out writing to a file. Even if you get hex codes instead of friendly strings, because you didn't _load_error_strings, it's still better than nothing. You can decode them with commandline errstr. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: RE: Open SSL API's Support For IPv6.
Hi, I am sorry if I misunderstood things. I went through the text quoted by him. Also, I did google search for that and what I understood was: ERR_load_crypto_strings() registers the error strings for all libcrypto functions. SSL_load_error_strings() does the same, but also registers the libssl error strings. One of these functions should be called before generating textual error messages. However, this is not required when memory usage is an issue. ERR_free_strings() frees all previously loaded error strings. So, I thought by calling SSL_load_error_strings() will register the SSL error strings automatically and once that is done, then probably SSL error string will get dumped in file. This is what I understood and also I am not much familiar with SSl API's. So, here it might be possible that I mis-interpreted things. Thanks Akanksha Shukla. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Jeremy Farrell Sent: Tuesday, November 01, 2011 1:39 AM To: openssl-users@openssl.org; carlyo...@keycomm.co.uk Subject: RE: RE: Open SSL API's Support For IPv6. > From: Akanksha Shukla [mailto:akshu...@cisco.com] > > Hi Carl, > > I added the API's call as mentioned by you in the else part to get the > dump > of the error. But this time also, I am not successful. > else > { > SSL_load_error_strings(); > SSL_library_init(); > FILE * pFile1; > pFile1 = fopen ("result.txt","a"); > if (pFile1!=NULL) > { > ERR_print_errors_fp(pFile1); > fclose(pFile1); > } > cout << " The Bio_do_connect failed" << endl; > break; > } > > This time also, I got blank file without having any output in it. Am is > missing something here or using them in incorrect way? > > Please suggest. > > Thanks > Akanksha Shukla. > > -Original Message- > From: carlyo...@keycomm.co.uk [mailto:carlyo...@keycomm.co.uk] > > > On Mon 31/10/11 4:25 PM , "Akanksha Shukla" akshu...@cisco.com sent: > > Hi Michael, > > > > Thanks for the reply. But I think the issue is not from the C > perspective. > > As I already mentioned, that if I use fputs to directly write a > string to > > file, then I am able to do that successfully. But when I try to write > the > > error code thrown by Bio_do_connect() API, then nothing is getting > written > > in file and for that I have used the API suggested by Stephen in the > forum > > (ERR_print_errors_fp(pFile)). > > Are you loading the strings? > > From:http://www.openssl.org/docs/ssl/SSL_library_init.htmlEXAMPLES > > A typical TLS/SSL application will start with the library > initialization, and provide readable error messages. > SSL_load_error_strings();/* readable error > messages > */ > SSL_library_init(); /* initialize library > */ > > Carl Did you read the page he referred you to? Did you read the text he quoted? Did you think about what it said at all? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: RE: Open SSL API's Support For IPv6.
Hi Carl, I added the API's call as mentioned by you in the else part to get the dump of the error. But this time also, I am not successful. else { SSL_load_error_strings(); SSL_library_init(); FILE * pFile1; pFile1 = fopen ("result.txt","a"); if (pFile1!=NULL) { ERR_print_errors_fp(pFile1); fclose(pFile1); } cout << " The Bio_do_connect failed" << endl; break; } This time also, I got blank file without having any output in it. Am is missing something here or using them in incorrect way? Please suggest. Thanks Akanksha Shukla. -Original Message- From: carlyo...@keycomm.co.uk [mailto:carlyo...@keycomm.co.uk] Sent: Monday, October 31, 2011 10:07 PM To: openssl-users@openssl.org; Akanksha Shukla Subject: Re: RE: Open SSL API's Support For IPv6. > On Mon 31/10/11 4:25 PM , "Akanksha Shukla" akshu...@cisco.com sent: > Hi Michael, > > Thanks for the reply. But I think the issue is not from the C perspective. > As I already mentioned, that if I use fputs to directly write a string to > file, then I am able to do that successfully. But when I try to write the > error code thrown by Bio_do_connect() API, then nothing is getting written > in file and for that I have used the API suggested by Stephen in the forum > (ERR_print_errors_fp(pFile)). Are you loading the strings? From:http://www.openssl.org/docs/ssl/SSL_library_init.htmlEXAMPLES A typical TLS/SSL application will start with the library initialization, and provide readable error messages. SSL_load_error_strings();/* readable error messages */ SSL_library_init(); /* initialize library */ Carl __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Open SSL API's Support For IPv6.
Hi, This was what I tried today to isolate the issue. But if you look into earlier mail chains, then you would find that I have tried to write the error in pFile1. Please refer to that. Thanks Akanksha Shukla. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Michael S. Zick Sent: Monday, October 31, 2011 10:19 PM To: openssl-users@openssl.org Subject: Re: Open SSL API's Support For IPv6. On Mon October 31 2011, Akanksha Shukla wrote: > ERR_print_errors_fp(stderr); > Because your writing to stderr rather than pFile? Mike __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Open SSL API's Support For IPv6.
Hi Michael, Thanks for the reply. But I think the issue is not from the C perspective. As I already mentioned, that if I use fputs to directly write a string to file, then I am able to do that successfully. But when I try to write the error code thrown by Bio_do_connect() API, then nothing is getting written in file and for that I have used the API suggested by Stephen in the forum (ERR_print_errors_fp(pFile)). Do you still think, its programming fault. My point is that you all must have used these API's to get error dump in a file, then why it is not coming in my case. Please clarify. Thanks Akanksha Shukla. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Michael S. Zick Sent: Monday, October 31, 2011 6:49 PM To: openssl-users@openssl.org Subject: Re: Open SSL API's Support For IPv6. On Mon October 31 2011, Akanksha Shukla wrote: > > Could you please have a look and help me here. > I am not able to proceed further. > Sorry, I do not have the required experience in either "C" or "C like" languages to be of any help. And you really need the help of a beginner's coding forum. I am lucky that I can even read anything "C" or "C like". ;-) Whatever forum you find that can help you with your program structure and implementation, keep in mind they will probably want posts in 'plain text' form - not HTML. Mike __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Open SSL API's Support For IPv6.
Hi, I tried with some different logic in the else part to get the dump of the error returned by Bio_do_connect() API, but no luck. File is getting created but nothing is getting written over there. else { FILE * pFile1; char mystring [500]; pFile1 = fopen ("result.txt","a"); if (pFile1!=NULL) { ERR_print_errors_fp(stderr); if ( fgets (mystring , 500 , stderr) != NULL ) { fputs (mystring, pFile); } fclose(pFile1); } cout << " The Bio_do_connect failed" << endl; break; } And also tried this one, but no luck. else { FILE * pFile1; char mystring [500]; pFile1 = fopen ("result.txt","a"); if (pFile1!=NULL) { ERR_print_errors_fp(stderr); fgets (mystring , 500 , stderr); fputs (mystring, pFile); fclose(pFile1); } cout << " The Bio_do_connect failed" << endl; break; } Could you please have a look and help me here. I am not able to proceed further. Thanks Akanksha Shukla. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Akanksha Shukla Sent: Saturday, October 29, 2011 11:47 PM To: openssl-users@openssl.org Subject: RE: Open SSL API's Support For IPv6. Hi Michael, Sorry for the confusion caused but the whole code sequence is like this: int retryCounter = 0; while(retryCounter < CONNECT_MAX_TRY) { int retVal = BIO_do_connect(conn); if(retVal <= 0) { if(BIO_should_retry(conn)) { retryCounter++; sleep(CONNECT_SLEEP_INTERVAL); FILE * pFile; pFile = fopen ("result_retry.txt","a"); if (pFile!=NULL) { ERR_print_errors_fp(pFile); fclose(pFile); } continue; } else { FILE * pFile1; pFile1 = fopen ("result.txt","a"); if (pFile1!=NULL) { ERR_print_errors_fp(pFile1); fclose(pFile1); } cout << " The Bio_do_connect failed" << endl; break; } } else { cout << " The Bio_do_connect passes" << endl; break; } } The retry counter is meant for Bio_should_retry() API and it should try for 10 times as the value of CONNECT_MAX_TRY is set to 10. But in this case, the Bio_should_retry() API is passed, hence value of retry counter is not incremented and control goes to the else part where I am trying to print the error in file. The break statement is else part will cause the control to move out of the while loop and hence the Bio_do_connect failed gets printed for one time only. But problem is that in the file "result.txt", nothing is getting dumped as I explained you in the earlier mails also. But when I use fputs, I can see output in the file. So, please suggest here what mistake I am making in writing the error to the file. Any help would be really appreciable here as I am getting struck in IPv4 only case, while I wanted to have such logic which could have serve my purpose for both IPv4 as well as IPV6. Thanks Akanksha Shukla. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Michael S. Zick Sent: Wednesday, October 26, 2011 2:26 AM To: openssl-users@openssl.org Subject: Re: Open SSL API's Support For IPv6. On Tue October 25 2011, Akanksha Shukla wrote: > Hi Stephen, > > > > I added debug code as: > > > > int retryCounter = 0; > > while(retryCounter < CONNECT_MAX_TRY) > > { > > int retVal = BIO_do_connect(conn); > > if(retVal <= 0) > > { > > if(BIO_should_retry(conn)) > > { > > retryCounter++; > > sleep(CONNECT_SLEEP_INTERVAL); > > FILE * pFile; > > pFile = fopen ("result_retry.txt","a"); > > if (pFile!=NULL) > > { > >ERR_print_errors_fp(pFile); > > } > > continue; > > } > &
RE: Open SSL API's Support For IPv6.
Hi Michael, Sorry for the confusion caused but the whole code sequence is like this: int retryCounter = 0; while(retryCounter < CONNECT_MAX_TRY) { int retVal = BIO_do_connect(conn); if(retVal <= 0) { if(BIO_should_retry(conn)) { retryCounter++; sleep(CONNECT_SLEEP_INTERVAL); FILE * pFile; pFile = fopen ("result_retry.txt","a"); if (pFile!=NULL) { ERR_print_errors_fp(pFile); fclose(pFile); } continue; } else { FILE * pFile1; pFile1 = fopen ("result.txt","a"); if (pFile1!=NULL) { ERR_print_errors_fp(pFile1); fclose(pFile1); } cout << " The Bio_do_connect failed" << endl; break; } } else { cout << " The Bio_do_connect passes" << endl; break; } } The retry counter is meant for Bio_should_retry() API and it should try for 10 times as the value of CONNECT_MAX_TRY is set to 10. But in this case, the Bio_should_retry() API is passed, hence value of retry counter is not incremented and control goes to the else part where I am trying to print the error in file. The break statement is else part will cause the control to move out of the while loop and hence the Bio_do_connect failed gets printed for one time only. But problem is that in the file "result.txt", nothing is getting dumped as I explained you in the earlier mails also. But when I use fputs, I can see output in the file. So, please suggest here what mistake I am making in writing the error to the file. Any help would be really appreciable here as I am getting struck in IPv4 only case, while I wanted to have such logic which could have serve my purpose for both IPv4 as well as IPV6. Thanks Akanksha Shukla. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Michael S. Zick Sent: Wednesday, October 26, 2011 2:26 AM To: openssl-users@openssl.org Subject: Re: Open SSL API's Support For IPv6. On Tue October 25 2011, Akanksha Shukla wrote: > Hi Stephen, > > > > I added debug code as: > > > > int retryCounter = 0; > > while(retryCounter < CONNECT_MAX_TRY) > > { > > int retVal = BIO_do_connect(conn); > > if(retVal <= 0) > > { > > if(BIO_should_retry(conn)) > > { > > retryCounter++; > > sleep(CONNECT_SLEEP_INTERVAL); > > FILE * pFile; > > pFile = fopen ("result_retry.txt","a"); > > if (pFile!=NULL) > > { > >ERR_print_errors_fp(pFile); > > } > > continue; > > } > > else > > { > > > > FILE * pFile1; > > pFile1 = fopen ("result.txt","a"); > > if (pFile1!=NULL) > > { > > ERR_print_errors_fp(pFile1); > > } > > cout << " The Bio_do_connect failed" << endl; > > > > } > >} > > } > > > > After execution of program, I saw that only "result.txt" file is getting > created and not the "result_retry.txt" file which clarifies that the retry > logic is working fine. Problem comes when retry counter reaches its max > value and Bio_do_connect() gets failed. Though my understanding might be > wrong here. > > > > But the main problem which I encountered today is that nothing is being > written in the file "result.txt" and I am also hoping that I am using the > ERR_print_errors_fp() function in correct way. The file is blank. Then just > to make sure that pFile1 handle returned as Not NULL and we are entering > inside the if check, I added statement > > If(pfile1! = NULL) > > { > > fputs ("fopen example",pFile); > > //ERR_print_errors_fp(pFile1); > > } > > > > And this time, I could see that "fopen example" is being written to > result.txt file successfully. > > > > So, could you please suggest what mistake I am doing here that SSL errors
RE: Open SSL API's Support For IPv6.
Hi Stephen, I added debug code as: int retryCounter = 0; while(retryCounter < CONNECT_MAX_TRY) { int retVal = BIO_do_connect(conn); if(retVal <= 0) { if(BIO_should_retry(conn)) { retryCounter++; sleep(CONNECT_SLEEP_INTERVAL); FILE * pFile; pFile = fopen ("result_retry.txt","a"); if (pFile!=NULL) { ERR_print_errors_fp(pFile); } continue; } else { FILE * pFile1; pFile1 = fopen ("result.txt","a"); if (pFile1!=NULL) { ERR_print_errors_fp(pFile1); } cout << " The Bio_do_connect failed" << endl; } } } After execution of program, I saw that only "result.txt" file is getting created and not the "result_retry.txt" file which clarifies that the retry logic is working fine. Problem comes when retry counter reaches its max value and Bio_do_connect() gets failed. Though my understanding might be wrong here. But the main problem which I encountered today is that nothing is being written in the file "result.txt" and I am also hoping that I am using the ERR_print_errors_fp() function in correct way. The file is blank. Then just to make sure that pFile1 handle returned as Not NULL and we are entering inside the if check, I added statement If(pfile1! = NULL) { fputs ("fopen example",pFile); //ERR_print_errors_fp(pFile1); } And this time, I could see that "fopen example" is being written to result.txt file successfully. So, could you please suggest what mistake I am doing here that SSL errors are not being getting written in file and also any other suggestions to try out. Thanks Akanksha Shukla. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Tuesday, October 25, 2011 4:34 AM To: openssl-users@openssl.org Subject: Re: Open SSL API's Support For IPv6. On Sun, Oct 23, 2011, Akanksha Shukla wrote: > Hi Stephen, > > > > I tried with retry logic as well (though earlier it was also same), but same > result. > > > > int retryCounter = 0; > > while(retryCounter < CONNECT_MAX_TRY) > > { > > int retVal = BIO_do_connect(conn); > > if(retVal <= 0) > > { > > if(BIO_should_retry(conn)) > > { > > retryCounter++; > > sleep(CONNECT_SLEEP_INTERVAL); > > continue; > > } > > else > > { > > cout << " The Bio_do_connect failed" << endl; > > > > } > >} > > } > > > > Just wanted to let you know that this piece of code is same at time when I > used BIO_new_connect() followed by BIO_set_nbio() and Bio_do_connect() with > similar code mentioned above, then things were working fine. This time > rather than using Bio_new_connect(), I used socket(), connect() and > Bio_new_socket() API call followed by bio_set_nbio() and Bio_do_connect() > (as suggested by you), then things started failing. > > > > Please let me know if you have any suggestions or help me in pointing out > the issue. > > Try adding some more debugging code to see if it actually does retry and also if it fails call the OpenSSL ERR library to print out any useful message. For example ERR_print_errors_fp(stderr); Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Open SSL API's Support For IPv6.
Hi, Any suggestions here would be really helpful to us. So, please suggest. Thanks Akanksha Shukla. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Akanksha Shukla Sent: Sunday, October 23, 2011 3:47 AM To: openssl-users@openssl.org Subject: RE: Open SSL API's Support For IPv6. Hi Stephen, I tried with retry logic as well (though earlier it was also same), but same result. int retryCounter = 0; while(retryCounter < CONNECT_MAX_TRY) { int retVal = BIO_do_connect(conn); if(retVal <= 0) { if(BIO_should_retry(conn)) { retryCounter++; sleep(CONNECT_SLEEP_INTERVAL); continue; } else { cout << " The Bio_do_connect failed" << endl; } } } Just wanted to let you know that this piece of code is same at time when I used BIO_new_connect() followed by BIO_set_nbio() and Bio_do_connect() with similar code mentioned above, then things were working fine. This time rather than using Bio_new_connect(), I used socket(), connect() and Bio_new_socket() API call followed by bio_set_nbio() and Bio_do_connect() (as suggested by you), then things started failing. Please let me know if you have any suggestions or help me in pointing out the issue. Thanks Akanksha Shukla. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Sunday, October 23, 2011 1:45 AM To: openssl-users@openssl.org Subject: Re: Open SSL API's Support For IPv6. On Sat, Oct 22, 2011, Akanksha Shukla wrote: > > 5) BIO_set_nbio(conn, 1); > > 6) int retVal = BIO_do_connect(conn); > > if(retVal <= 0) > > { > > cout << " The Bio_do_connect failed" << endl; > > } > > > > After executing the program, I am getting output as : > > The socket is created successfully > > The socket is connected successfully > > Bio_do_connect failed > You aren't calling BIO_do_connect() correctly. A <= 0 return value isn't necessarily an error it may be a request to retry the operation. See the BIO manual pages for more information. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Open SSL API's Support For IPv6.
Hi Stephen, I tried with retry logic as well (though earlier it was also same), but same result. int retryCounter = 0; while(retryCounter < CONNECT_MAX_TRY) { int retVal = BIO_do_connect(conn); if(retVal <= 0) { if(BIO_should_retry(conn)) { retryCounter++; sleep(CONNECT_SLEEP_INTERVAL); continue; } else { cout << " The Bio_do_connect failed" << endl; } } } Just wanted to let you know that this piece of code is same at time when I used BIO_new_connect() followed by BIO_set_nbio() and Bio_do_connect() with similar code mentioned above, then things were working fine. This time rather than using Bio_new_connect(), I used socket(), connect() and Bio_new_socket() API call followed by bio_set_nbio() and Bio_do_connect() (as suggested by you), then things started failing. Please let me know if you have any suggestions or help me in pointing out the issue. Thanks Akanksha Shukla. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Sunday, October 23, 2011 1:45 AM To: openssl-users@openssl.org Subject: Re: Open SSL API's Support For IPv6. On Sat, Oct 22, 2011, Akanksha Shukla wrote: > > 5) BIO_set_nbio(conn, 1); > > 6) int retVal = BIO_do_connect(conn); > > if(retVal <= 0) > > { > > cout << " The Bio_do_connect failed" << endl; > > } > > > > After executing the program, I am getting output as : > > The socket is created successfully > > The socket is connected successfully > > Bio_do_connect failed > You aren't calling BIO_do_connect() correctly. A <= 0 return value isn't necessarily an error it may be a request to retry the operation. See the BIO manual pages for more information. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Open SSL API's Support For IPv6.
Hi Stephen, As suggested by you, I tried following things for IPv4 only but still facing the issue. 1) char address[INET_ADDRSTRLEN+1] = "10.65.156.197"; 2) int socket_desc = socket (AF_INET, SOCK_STREAM, 0); if (socket_desc == INVALID_SOCKET) { cout << "The error retuned by socket is" << errno << endl; } cout << "The socket is created successfully" << endl; 3) struct sockaddr_in addrinfo; addrinfo.sin_family = AF_INET; addrinfo.sin_port = htons(80); inet_pton(AF_INET, address, &(addrinfo.sin_addr.s_addr)); int retval = connect(socket_desc, (struct sockaddr *)&addrinfo, sizeof (addrinfo)); if (retval != 0) { cout << " The error returned by socket connect is" << errno << endl; } cout << "The socket is connected successfully" << endl; 4) BIO * conn; conn = BIO_new_socket(socket_desc,0); if(!conn) { cout << " The Bio_new_socket failed" << endl; } 5) BIO_set_nbio(conn, 1); 6) int retVal = BIO_do_connect(conn); if(retVal <= 0) { cout << " The Bio_do_connect failed" << endl; } After executing the program, I am getting output as : The socket is created successfully The socket is connected successfully Bio_do_connect failed Now I am not sure what I am missing here due to which it is getting failed for IPv4 itself. Please suggest. Though I wanted to have API's support for both IPv4 and IPv6 but situation seems to be complex here. I am not able to execute SSL API's successfully for both IPv4 and IPv6. I am facing same error in both the cases. I would request to please have a look and suggest something. Thanks Akanksha Shukla. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Thursday, September 29, 2011 11:09 PM To: openssl-users@openssl.org Subject: Re: Open SSL API's Support For IPv6. On Thu, Sep 29, 2011, Akanksha Shukla wrote: > Hi All, > > I tried following things: > > > > 1) Made socket() system call with AF_INET6 family type. > > 2) Made connect() system call to get connected to destination address > using the socket created above. > > 3) Then made call to Bio_new_socket() and passed the connected socket > descriptor. > > 4) Thereafter made call to Bio_set_nbio() and Bio_do_connect() on the > socket BIO, and this time I got error from the Bio_do_connect() call. > > > > Though I have added diags if Bio_new_socket() call gets failed. But those > diags were not getting hit. So, I am assuming that step 1 to step 3 are > working fine. Problem is coming at the time of Bio_do_connect(). > > > > Now the next questions which come in my mind are: > > > > 1) Bio_set_nbio() and Bio_do_connect() API's are IPv6 compatible? > > 2) If yes, then what am I missing here because of which I am getting > error from Bio_do_connect() API? > > 3) If no, then how can I proceed further because I need to use API > which are both (IPv6 as well as IPv4) compatible. > What error are you getting? Have you tried exactly the same steps with an IPv4 socket to see if it is a problem with you code and/or not specific to IPv6? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Open SSL API's Support For IPv6.
Hi All, Can anyone please help me out here in resolving my queries ? Any help would be great. Thanks Akanksha Shukla. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Akanksha Shukla Sent: Tuesday, September 27, 2011 6:50 PM To: openssl-users@openssl.org Subject: RE: Open SSL API's Support For IPv6. Hi Nilotpal, I tried following things: 1) Made socket() system call with AF_INET6 family type. 2) Made connect() system call to get connected to destination address using the socket created above. 3) Then made call to Bio_new_socket() and passed the connected socket descriptor. 4) Thereafter made call to Bio_set_nbio() and Bio_do_connect() on the socket BIO, and this time I got error from the Bio_do_connect() call. Though I have added diags if Bio_new_socket() call gets failed. But those diags were not getting hit. So, I am assuming that step 1 to step 3 are working fine. Problem is coming at the time of Bio_do_connect(). Now the next questions which come in my mind are: 1) Bio_set_nbio() and Bio_do_connect() API's are IPv6 compatible? 2) If yes, then what am I missing here because of which I am getting error from Bio_do_connect() API? 3) If no, then how can I proceed further because I need to use API which are both (IPv6 as well as IPv4) compatible. Please suggest. Thanks Akanksha Shukla. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Nilotpal De Sent: Thursday, September 22, 2011 2:59 PM To: openssl-users@openssl.org Subject: Re: Open SSL API's Support For IPv6. Hi, You can try this once. Use socket library connect() to get the connected socket. Then use BIO_new_socket() and pass the connected socket descriptor. Then, on the socket BIO you can try BIO_set_nbio() and BIO_do_connect(). With regards, Nilotpal On Thu, Sep 22, 2011 at 2:15 PM, Akanksha Shukla wrote: Hi Wim, Thanks a lot for your reply. But I am still left with few queries: 1) From your reply, what I understood is that Bio_new_connect() doesn't support IPv6. But what about other two API's BIO_set_nbio() and BIO_do_connect() ??. Do these API's support IPv6? 2) Are there any OpenSSL API which can be used to work on both IPv4 as well as IPv6 so rather than using the legacy one which supports only IPv4. 3) Moreover my application is acting like a client server which will send request. So, I need such API's which has support over IPv6. Thanks Akanksha Shukla. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Wim Lewis Sent: Thursday, September 22, 2011 1:25 AM To: openssl-users@openssl.org Subject: Re: Open SSL API's Support For IPv6. On 21 Sep 2011, at 6:17 AM, Akanksha Shukla wrote: > Currently we are using OpenSSL 0.9.8 version. I have question about few of > the API's support for IPV6. > > 1) BIO_new_connect() [...] > > Queries : > 1) Do the above mentioned API's support IPv6? I don't think so. BIO_new_connect() (and BIO_get_host_ip() which it calls) only deal in IPv4 addresses. As far as I know, though, you should be able to make an IPv6 socket connection yourself, pass it to BIO_new_socket(), and have it work. It's just the hostname/address lookup that is address-family specific. (Oddly, the server side of things (accept() etc.) seems to have been extended to support IPv6 already.) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- With regards, Nilotpal
RE: Open SSL API's Support For IPv6.
Hi Nilotpal, I tried following things: 1) Made socket() system call with AF_INET6 family type. 2) Made connect() system call to get connected to destination address using the socket created above. 3) Then made call to Bio_new_socket() and passed the connected socket descriptor. 4) Thereafter made call to Bio_set_nbio() and Bio_do_connect() on the socket BIO, and this time I got error from the Bio_do_connect() call. Though I have added diags if Bio_new_socket() call gets failed. But those diags were not getting hit. So, I am assuming that step 1 to step 3 are working fine. Problem is coming at the time of Bio_do_connect(). Now the next questions which come in my mind are: 1) Bio_set_nbio() and Bio_do_connect() API's are IPv6 compatible? 2) If yes, then what am I missing here because of which I am getting error from Bio_do_connect() API? 3) If no, then how can I proceed further because I need to use API which are both (IPv6 as well as IPv4) compatible. Please suggest. Thanks Akanksha Shukla. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Nilotpal De Sent: Thursday, September 22, 2011 2:59 PM To: openssl-users@openssl.org Subject: Re: Open SSL API's Support For IPv6. Hi, You can try this once. Use socket library connect() to get the connected socket. Then use BIO_new_socket() and pass the connected socket descriptor. Then, on the socket BIO you can try BIO_set_nbio() and BIO_do_connect(). With regards, Nilotpal On Thu, Sep 22, 2011 at 2:15 PM, Akanksha Shukla wrote: Hi Wim, Thanks a lot for your reply. But I am still left with few queries: 1) From your reply, what I understood is that Bio_new_connect() doesn't support IPv6. But what about other two API's BIO_set_nbio() and BIO_do_connect() ??. Do these API's support IPv6? 2) Are there any OpenSSL API which can be used to work on both IPv4 as well as IPv6 so rather than using the legacy one which supports only IPv4. 3) Moreover my application is acting like a client server which will send request. So, I need such API's which has support over IPv6. Thanks Akanksha Shukla. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Wim Lewis Sent: Thursday, September 22, 2011 1:25 AM To: openssl-users@openssl.org Subject: Re: Open SSL API's Support For IPv6. On 21 Sep 2011, at 6:17 AM, Akanksha Shukla wrote: > Currently we are using OpenSSL 0.9.8 version. I have question about few of > the API's support for IPV6. > > 1) BIO_new_connect() [...] > > Queries : > 1) Do the above mentioned API's support IPv6? I don't think so. BIO_new_connect() (and BIO_get_host_ip() which it calls) only deal in IPv4 addresses. As far as I know, though, you should be able to make an IPv6 socket connection yourself, pass it to BIO_new_socket(), and have it work. It's just the hostname/address lookup that is address-family specific. (Oddly, the server side of things (accept() etc.) seems to have been extended to support IPv6 already.) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- With regards, Nilotpal
RE: Open SSL API's Support For IPv6.
Hi Wim, Thanks a lot for your reply. But I am still left with few queries: 1) From your reply, what I understood is that Bio_new_connect() doesn't support IPv6. But what about other two API's BIO_set_nbio() and BIO_do_connect() ??. Do these API's support IPv6? 2) Are there any OpenSSL API which can be used to work on both IPv4 as well as IPv6 so rather than using the legacy one which supports only IPv4. 3) Moreover my application is acting like a client server which will send request. So, I need such API's which has support over IPv6. Thanks Akanksha Shukla. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Wim Lewis Sent: Thursday, September 22, 2011 1:25 AM To: openssl-users@openssl.org Subject: Re: Open SSL API's Support For IPv6. On 21 Sep 2011, at 6:17 AM, Akanksha Shukla wrote: > Currently we are using OpenSSL 0.9.8 version. I have question about few of > the API's support for IPV6. > > 1) BIO_new_connect() [...] > > Queries : > 1) Do the above mentioned API's support IPv6? I don't think so. BIO_new_connect() (and BIO_get_host_ip() which it calls) only deal in IPv4 addresses. As far as I know, though, you should be able to make an IPv6 socket connection yourself, pass it to BIO_new_socket(), and have it work. It's just the hostname/address lookup that is address-family specific. (Oddly, the server side of things (accept() etc.) seems to have been extended to support IPv6 already.) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Open SSL API's Support For IPv6.
Hi, Currently we are using OpenSSL 0.9.8 version. I have question about few of the API's support for IPV6. 1) BIO_new_connect() 2) BIO_set_nbio() 3) BIO_do_connect() Queries : 1) Do the above mentioned API's support IPv6? 2) If yes, then is there any specific syntax for mentioning the IPv6 address and port (e.g. [IPv6 Address]:Port or IPv6 Address:Port)? 3) If not, then are there any alternate API's which support IPv6 functionality and we can use them for both IPv4 as well as IPv6 (rather than using these API)? Waiting for inputs. Any help would be great. Thanks Akanksha Shukla. -- View this message in context: http://old.nabble.com/Open-SSL-API%27s-Support-For-IPv6.-tp32503747p32503747.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org