RE: differentiate incoming data

Fri, 06 Jun 2003 01:46:14 -0700 

> Hi everyone,
>
> when BIO_puts writes data after a handshake, is the data encrypted during
> the send?

        Yes. You *can't* send unencrypted data over an SSL connection (unless you
negotiate a null cipher).

> I want to write a server to run to accept data from one
> connection(insecure) and encrypt it and send it to a process waiting on
> another server and from there decrypt it and send it to another
> process(port forwarding?) Now in that case each of the two servers will
> need to accept data from two sources and also depending on which source
> the data appears to come from needs to encrypt/decrypt data and send it
> accordingly.

        Okay.

> How can i differentiate between encrypted and unencrypted
> data. or can i identify sources from the data hearders? What are the
> api's i can use.

        You're writing the server, so you should know which connection is which.
You can keep, for each connection, a flag indicating whether it's encrypted
or not and a pointer to the associated peer connection.

> also which api's can be used to write/read such data.?

        For encrypted data, just use the OpenSSL APIs. For unencrypted data, use
the normal network APIs.

        Your question is one of those questions where what you're trying to do is
so simple that there's no way in general to answer your question to your
satisfaction. I have no idea what part of the problem you're having
difficulty with.

        As you described things, if you make the connection outbound, it's SSL. If
you received the connection inbound, it's plaintext. So just keep track.
Maybe:

typedef struct
{
 int peer_fd;
 SSL *ssl;
} connection;

        Just use an array of these indexed off the file descriptor. You can use a
'peer_fd' of -1 to indicate inactive and you can use an 'ssl' of NULL to
indicate an unencrypted connection.

        If you need to *receive* both SSL and plaintext connections inbound, the
simplest solution is to use two different ports.

        DS


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to