BIO failure
The following code fails on Windows but works perfectly on Solaris. The failure is PEM_read_bio_X509 return null. FYI, I am trying to avoid buffered I/O (FILE *) and hence i am using low-level file operation. Please help. Vijay BIO *data; char buf[1024*4]; memset(buf, 0, sizeof(buf) ); int fd; X509 *cert; fd= open(file, O_RDONLY|O_BINARY, 0644); data= BIO_new_fd(fd, BIO_NOCLOSE); BIO *buffer = BIO_new(BIO_f_buffer() ); BIO_push(buffer, data); cert= PEM_read_bio_X509(buffer, NULL, ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); res=SSL_CTX_use_certificate(ctx,cert); printf("Result = %d \b", res ); if ( fd) { close(fd); } BIO_free_all(buffer); __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
SSL_CTX_load_verify_locations
Is there any alternative API for SSL_CTX_load_verify_locations? SSL_CTX_load_verify_location ends up using STDIO calls and i am trying to avoid STDIO calls. I am stuck here and i need yr help to proceed further. Any help is appreicated. Thanks Vijay -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David Schwartz Sent: Tuesday, February 15, 2005 10:31 AM To: openssl-users@openssl.org Subject: RE: use os BIOs > I'm trying to implement an eap-tls server using openssl and > I've found only few examples about using memory BIOs to > perform a TLS handshake. > Can you give me some pointer to documentation about this or > to some examples? > > The code that I'm using is very simple: > > > <...> > SSL_set_accept_state(ssl); > > > BIO_write(in_BIO, packet data, datalen); > BIO_read(out_BIO, data, datalen); > > > > Can this approach work? Yes. > Sometimes the read returns -1 (no data available), but > it should give some data (e.g. the ServerHello). > What I'm missing? What you're missing is that the OpenSSL engine is the boss of what to do when. You have to do four things, and you must do each one when the OpenSSL engine tells you to: 1) You must receive encrypted data from the other end and hand it to OpenSSL. 2) You must take encrypted data from OpenSSL and send it to the other end. 3) You must take plaintext from the application and give it to OpenSSL to encryptd. 4) You must take plaintext from OpenSSL and process it. Do not ever assume that because you did 1, you will next do 4. This might happen, but it might not. Assumptions will lead to deadlock. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
SSL_CTX_load_verify_locations
Any alternative API instead of the above call? SSL_CTX_load_verify_location ends up using STDIO calls and i am trying to avoid STDIO calls. Any help is appreciated. Thanks Vijay -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David Schwartz Sent: Tuesday, February 15, 2005 10:31 AM To: openssl-users@openssl.org Subject: RE: use os BIOs > I'm trying to implement an eap-tls server using openssl and > I've found only few examples about using memory BIOs to > perform a TLS handshake. > Can you give me some pointer to documentation about this or > to some examples? > > The code that I'm using is very simple: > > > <...> > SSL_set_accept_state(ssl); > > > BIO_write(in_BIO, packet data, datalen); > BIO_read(out_BIO, data, datalen); > > > > Can this approach work? Yes. > Sometimes the read returns -1 (no data available), but > it should give some data (e.g. the ServerHello). > What I'm missing? What you're missing is that the OpenSSL engine is the boss of what to do when. You have to do four things, and you must do each one when the OpenSSL engine tells you to: 1) You must receive encrypted data from the other end and hand it to OpenSSL. 2) You must take encrypted data from OpenSSL and send it to the other end. 3) You must take plaintext from the application and give it to OpenSSL to encryptd. 4) You must take plaintext from OpenSSL and process it. Do not ever assume that because you did 1, you will next do 4. This might happen, but it might not. Assumptions will lead to deadlock. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
BIO failure with fd's
Here is my code snippet: int fd; BIO *bio; fd = open(file, "r" ); bio = BIO_new(BIO_s_fd() ); BIO_set_fd(bio,fd, BIO_NOCLOSE); X509 *x=null; x= PEM_read_bio_X509(data, NULL,ctx->default_password_callback, ctx->default_password_callback_userdata); PEM_read_bio_X509 call fails and it returns null. In the above code, if i change the fd BIO to FILE* BIO as mentioned below, everything works. FILE *fp = fopen(file, "r" ); bio= BIO_new(BIO_s_file() ); BIO_set_fp(data, fp, BIO_NOCLOSE); Am i missing anything? I am trying to avoid STDIO functions and hence i am operating on fds. Thanks for your help. Vijay
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_PrivateKey_file inturn uses stdio calls to read the key file. Since i want to avoid using stdio calls, Is there any other way of getting the key file to setup the context. Similarly for SSL_CTX_use_certificate_chain_file. Any help is appreciated. Thanks Vijay __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
OpenSSL With NO_STDIO
Has anybody tried compiling OpenSSL with NO_STDIO flag and successfully run without stdio library ? I don't want to use the stdio library since it does not recognize File descriptors > 256.. Hence i want to avoid stdio library and use the native OS calls. Any help is appreciated. Vijay __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]