Re: SSL_CTX_set_psk_client_callback

[Holger Weiß]

* Leo Leo lafa...@yahoo.com.br [2013-07-17 13:57]:
 I haven't understood exactly the reason of this callback and I'd like to
 know if it's for what I need.

The purpose of this callback is to provide OpenSSL with the PSK identity
and the pre-shared key to use.

 could you explain how to use the parameters?

The man page explains it quite well.  Here's a real-world example:

https://www.nsca-ng.org/cgi-bin/repository/nsca-ng/tree/src/client/auth.c

 Last question, is this page actual?

 http://www.openssl.org/docs/ssl/SSL_CTX_set_psk_client_callback.html

It's accurate and up to date, yes.

Holger
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: How do session accept timeout with OpenSSL

[Holger Weiß]

* Charles Mills charl...@mcn.org [2012-08-15 17:31]:
 Every OpenSSL example I have seen uses BIO, but there is no need to use
 BIO, right (unless one wants I/O-type-independence).

That's right, though the socket BIO methods also abstract away quite a
few obscure platform specifics.

 I have eliminated all of my BIO usage. I'm using normal TCP/IP bind(),
 select(), accept(), and then SSL_set_fd(ssl, socket) and SSL_accept(); I
 then use SSL_read() to read data on the session. It seems to be working
 (with some loose ends, but I am getting farther than before).
 
 Is there anything wrong with this approach?

No.  However, SSL_set_fd() automatically creates a socket BIO, so you
don't save an abstraction layer by setting up the socket manually.

 What about the select? Is there some sort of BIO_select()?

There's no such thing, but you could retrieve the underlying socket
descriptor with BIO_get_fd() and call select() on that.

Holger
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org