RE: Open SSL API's Support For IPv6.
From: owner-openssl-us...@openssl.org On Behalf Of Akanksha Shukla Sent: Thursday, 03 November, 2011 11:25 I want to summarize snip I am using the SSL API's for client application to get connect to server and that worked fine over IPv4. Now my requirement is to have the same client-server communication over IPv6. And this time I also used the same SSL API's to get connected to server using IPv6 address, but faced issue in that. snip Just to be clear: you are using OpenSSL APIs, but not SSL ones. BIO_s_connect, and BIO_s_socket, and BIO_s_accept, don't do SSL. BIO_f_SSL does, and so do SSL_*. Approach 1: int main() { Bio *conn; SSL_library_init(); SSL_load_error_strings(); ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); Aside: SSL_load_error_strings includes ERR_load_crypto_strings, and SSL_library_init loads all algorithms needed for SSL. conn = BIO_new_connect(250::56ff:feab:20:80); if(!conn) snip error /* Configure the BIO as a non-blocking one */ BIO_set_nbio(conn, 1); int retryCounter = 0; while(retryCounter CONNECT_MAX_TRY) // snip is 10 { int retVal = BIO_do_connect(conn); if(retVal = 0) { if(BIO_should_retry(conn)) sleep and continue else error } else success [BIO_do_connect fails] 02003000:system library:getservbyname:system library Approach 2: ... same except [250::56ff:feab:20]:80). [BIO_do_connect fails] 2006A066:BIO routines:BIO_get_host_ip:bad hostname lookup As expected. I thought you were told BIO_s_connect does not handle IPv6 addresses, and you can easily verify by looking at the code; it has AF_INET and gethostbyname not v6-capable getaddrinfo etc. Although, BIO_s_accept does have code for v6 that looks reasonable at least in 1.0.0e (I can't conveniently test). Approach 3: I followed the way suggested in forum and tried with IPv4 address. This time, I am not able to make connection on IPV4 and biggest issue is that nothing is coming in the error logs of SSL as well. int socket_desc = socket (AF_INET, SOCK_STREAM, 0); if (socket_desc == INVALID_SOCKET) { cout The error retuned by socket is errno endl; } If this condition occurs, which it almost never will, you should not proceed to the following code which uses socket_desc. cout The socket is created successfully. endl; struct sockaddr_in addrinfo; and fill in Aside: this name may become confusing. sockets-6 has a struct addrinfo which is different from sockaddr_in{,6}. int retval = connect(socket_desc, (struct sockaddr *)addrinfo, sizeof (addrinfo)); if (retval != 0) { cout The error returned by socket connect is errno endl; } cout The socket is connected successfully. endl; conn = BIO_new_socket(socket_desc,0); if(!conn) snip error /* Configure the BIO as a non-blocking one */ BIO_set_nbio(conn, 1); int retryCounter = 0; while(retryCounter CONNECT_MAX_TRY) // whose value is 10. { int retVal = BIO_do_connect(conn); if(retVal = 0) snip: _should_retry sleepcontinue else error else success After executing program, the outcome came: [Bio_do_connect() fails] :lib(0):func(0):reason(0) BIO_do_connect is documented only for BIO_s_connect, not BIO_s_socket. (Although it uses the same BIO_ctrl number as some other operations.) And in fact it is unsupported and meaningless on BIO_s_socket, which wraps (only) a socket that is already connected. It is somewhat unhelpful that unsupported BIO_ctrl's (at least here) return 0 with no ERR_ entry. So, my main queries or doubt are: 1) I wanted to have SSL API's which could have been used for both IPv4 and IPv6 (client side application). Is there support for IPv6 in any of the client side OpenSSl API or not? This has been my question from the first day when I posted my query in forum but till now I haven't got any concrete response on this. The SSL_ routines (both client and server) work fine with any socket, either v4 and v6. BIO_f_SSL/BIO_s_socket ditto. BIO_s_connect, and (thus) BIO_f_SSL/BIO_s_connect no. 2) Since I am getting error in the IPv4 only when I followed the way suggested in forum and nothing is coming in error logs. So, I don't know how to proceed further and my work is struck here. I don't think anyone suggested do_connect on BIO_s_socket. 3) I am also not clear why the error log is coming as 0 in approach 3 while in case 1 and case 2, I can see some error thrown by SSL API's. I don't think in case 3, I am missing something which could cause error as 0. Because it's an unsupported operation on this BIO, see above. snip __
RE: RE: Open SSL API's Support For IPv6.
Initialization code means code that runs before any other SSL code, not once you've already got an error. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Akanksha Shukla Sent: 31 October 2011 20:27 To: openssl-users@openssl.org; carlyo...@keycomm.co.uk Subject: RE: RE: Open SSL API's Support For IPv6. Hi, I am sorry if I misunderstood things. I went through the text quoted by him. Also, I did google search for that and what I understood was: ERR_load_crypto_strings() registers the error strings for all libcrypto functions. SSL_load_error_strings() does the same, but also registers the libssl error strings. One of these functions should be called before generating textual error messages. However, this is not required when memory usage is an issue. ERR_free_strings() frees all previously loaded error strings. So, I thought by calling SSL_load_error_strings() will register the SSL error strings automatically and once that is done, then probably SSL error string will get dumped in file. This is what I understood and also I am not much familiar with SSl API's. So, here it might be possible that I mis-interpreted things. Thanks Akanksha Shukla. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Jeremy Farrell Sent: Tuesday, November 01, 2011 1:39 AM To: openssl-users@openssl.org; carlyo...@keycomm.co.uk Subject: RE: RE: Open SSL API's Support For IPv6. From: Akanksha Shukla [mailto:akshu...@cisco.com] Hi Carl, I added the API's call as mentioned by you in the else part to get the dump of the error. But this time also, I am not successful. else { SSL_load_error_strings(); SSL_library_init(); FILE * pFile1; pFile1 = fopen (result.txt,a); if (pFile1!=NULL) { ERR_print_errors_fp(pFile1); fclose(pFile1); } cout The Bio_do_connect failed endl; break; } This time also, I got blank file without having any output in it. Am is missing something here or using them in incorrect way? Please suggest. Thanks Akanksha Shukla. -Original Message- From: carlyo...@keycomm.co.uk [mailto:carlyo...@keycomm.co.uk] On Mon 31/10/11 4:25 PM , Akanksha Shukla akshu...@cisco.com sent: Hi Michael, Thanks for the reply. But I think the issue is not from the C perspective. As I already mentioned, that if I use fputs to directly write a string to file, then I am able to do that successfully. But when I try to write the error code thrown by Bio_do_connect() API, then nothing is getting written in file and for that I have used the API suggested by Stephen in the forum (ERR_print_errors_fp(pFile)). Are you loading the strings? From:http://www.openssl.org/docs/ssl/SSL_library_init.htmlEXAMPLES A typical TLS/SSL application will start with the library initialization, and provide readable error messages. SSL_load_error_strings();/* readable error messages */ SSL_library_init(); /* initialize library */ Carl Did you read the page he referred you to? Did you read the text he quoted? Did you think about what it said at all? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org The information in this message is intended solely for the addressee and should be considered confidential. Publishing Technology does not accept legal responsibility for the contents of this message and any statements contained herein which do not relate to the official business of Publishing Technology are neither given nor endorsed by Publishing Technology and are those of the individual and not of Publishing Technology. This message has been scanned for viruses using the most current and reliable tools available and Publishing Technology excludes all liability related to any viruses that might exist in any attachment or which may have been acquired in transit. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Open SSL API's Support For IPv6.
Hi, I tried with some different logic in the else part to get the dump of the error returned by Bio_do_connect() API, but no luck. File is getting created but nothing is getting written over there. else { FILE * pFile1; char mystring [500]; pFile1 = fopen (result.txt,a); if (pFile1!=NULL) { ERR_print_errors_fp(stderr); if ( fgets (mystring , 500 , stderr) != NULL ) { fputs (mystring, pFile); } fclose(pFile1); } cout The Bio_do_connect failed endl; break; } And also tried this one, but no luck. else { FILE * pFile1; char mystring [500]; pFile1 = fopen (result.txt,a); if (pFile1!=NULL) { ERR_print_errors_fp(stderr); fgets (mystring , 500 , stderr); fputs (mystring, pFile); fclose(pFile1); } cout The Bio_do_connect failed endl; break; } Could you please have a look and help me here. I am not able to proceed further. Thanks Akanksha Shukla. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Akanksha Shukla Sent: Saturday, October 29, 2011 11:47 PM To: openssl-users@openssl.org Subject: RE: Open SSL API's Support For IPv6. Hi Michael, Sorry for the confusion caused but the whole code sequence is like this: int retryCounter = 0; while(retryCounter CONNECT_MAX_TRY) { int retVal = BIO_do_connect(conn); if(retVal = 0) { if(BIO_should_retry(conn)) { retryCounter++; sleep(CONNECT_SLEEP_INTERVAL); FILE * pFile; pFile = fopen (result_retry.txt,a); if (pFile!=NULL) { ERR_print_errors_fp(pFile); fclose(pFile); } continue; } else { FILE * pFile1; pFile1 = fopen (result.txt,a); if (pFile1!=NULL) { ERR_print_errors_fp(pFile1); fclose(pFile1); } cout The Bio_do_connect failed endl; break; } } else { cout The Bio_do_connect passes endl; break; } } The retry counter is meant for Bio_should_retry() API and it should try for 10 times as the value of CONNECT_MAX_TRY is set to 10. But in this case, the Bio_should_retry() API is passed, hence value of retry counter is not incremented and control goes to the else part where I am trying to print the error in file. The break statement is else part will cause the control to move out of the while loop and hence the Bio_do_connect failed gets printed for one time only. But problem is that in the file result.txt, nothing is getting dumped as I explained you in the earlier mails also. But when I use fputs, I can see output in the file. So, please suggest here what mistake I am making in writing the error to the file. Any help would be really appreciable here as I am getting struck in IPv4 only case, while I wanted to have such logic which could have serve my purpose for both IPv4 as well as IPV6. Thanks Akanksha Shukla. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Michael S. Zick Sent: Wednesday, October 26, 2011 2:26 AM To: openssl-users@openssl.org Subject: Re: Open SSL API's Support For IPv6. On Tue October 25 2011, Akanksha Shukla wrote: Hi Stephen, I added debug code as: int retryCounter = 0; while(retryCounter CONNECT_MAX_TRY) { int retVal = BIO_do_connect(conn); if(retVal = 0) { if(BIO_should_retry(conn)) { retryCounter++; sleep(CONNECT_SLEEP_INTERVAL); FILE * pFile; pFile = fopen (result_retry.txt,a); if (pFile!=NULL) { ERR_print_errors_fp(pFile); } continue; } else { FILE * pFile1; pFile1 = fopen (result.txt,a); if (pFile1!=NULL) { ERR_print_errors_fp(pFile1); } cout The Bio_do_connect failed endl; } } } After execution of program, I saw that only result.txt file is getting created and not the result_retry.txt file
Re: Open SSL API's Support For IPv6.
On Mon October 31 2011, Akanksha Shukla wrote: Could you please have a look and help me here. I am not able to proceed further. Sorry, I do not have the required experience in either C or C like languages to be of any help. And you really need the help of a beginner's coding forum. I am lucky that I can even read anything C or C like. ;-) Whatever forum you find that can help you with your program structure and implementation, keep in mind they will probably want posts in 'plain text' form - not HTML. Mike __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Open SSL API's Support For IPv6.
Hi Michael, Thanks for the reply. But I think the issue is not from the C perspective. As I already mentioned, that if I use fputs to directly write a string to file, then I am able to do that successfully. But when I try to write the error code thrown by Bio_do_connect() API, then nothing is getting written in file and for that I have used the API suggested by Stephen in the forum (ERR_print_errors_fp(pFile)). Do you still think, its programming fault. My point is that you all must have used these API's to get error dump in a file, then why it is not coming in my case. Please clarify. Thanks Akanksha Shukla. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Michael S. Zick Sent: Monday, October 31, 2011 6:49 PM To: openssl-users@openssl.org Subject: Re: Open SSL API's Support For IPv6. On Mon October 31 2011, Akanksha Shukla wrote: Could you please have a look and help me here. I am not able to proceed further. Sorry, I do not have the required experience in either C or C like languages to be of any help. And you really need the help of a beginner's coding forum. I am lucky that I can even read anything C or C like. ;-) Whatever forum you find that can help you with your program structure and implementation, keep in mind they will probably want posts in 'plain text' form - not HTML. Mike __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Open SSL API's Support For IPv6.
On Mon October 31 2011, Akanksha Shukla wrote: ERR_print_errors_fp(stderr); Because your writing to stderr rather than pFile? Mike __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Open SSL API's Support For IPv6.
Hi, This was what I tried today to isolate the issue. But if you look into earlier mail chains, then you would find that I have tried to write the error in pFile1. Please refer to that. Thanks Akanksha Shukla. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Michael S. Zick Sent: Monday, October 31, 2011 10:19 PM To: openssl-users@openssl.org Subject: Re: Open SSL API's Support For IPv6. On Mon October 31 2011, Akanksha Shukla wrote: ERR_print_errors_fp(stderr); Because your writing to stderr rather than pFile? Mike __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: RE: Open SSL API's Support For IPv6.
On Mon 31/10/11 4:25 PM , Akanksha Shukla akshu...@cisco.com sent: Hi Michael, Thanks for the reply. But I think the issue is not from the C perspective. As I already mentioned, that if I use fputs to directly write a string to file, then I am able to do that successfully. But when I try to write the error code thrown by Bio_do_connect() API, then nothing is getting written in file and for that I have used the API suggested by Stephen in the forum (ERR_print_errors_fp(pFile)). Are you loading the strings? From:http://www.openssl.org/docs/ssl/SSL_library_init.htmlEXAMPLES A typical TLS/SSL application will start with the library initialization, and provide readable error messages. SSL_load_error_strings();/* readable error messages */ SSL_library_init(); /* initialize library */ Carl __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: RE: Open SSL API's Support For IPv6.
Hi Carl, I added the API's call as mentioned by you in the else part to get the dump of the error. But this time also, I am not successful. else { SSL_load_error_strings(); SSL_library_init(); FILE * pFile1; pFile1 = fopen (result.txt,a); if (pFile1!=NULL) { ERR_print_errors_fp(pFile1); fclose(pFile1); } cout The Bio_do_connect failed endl; break; } This time also, I got blank file without having any output in it. Am is missing something here or using them in incorrect way? Please suggest. Thanks Akanksha Shukla. -Original Message- From: carlyo...@keycomm.co.uk [mailto:carlyo...@keycomm.co.uk] Sent: Monday, October 31, 2011 10:07 PM To: openssl-users@openssl.org; Akanksha Shukla Subject: Re: RE: Open SSL API's Support For IPv6. On Mon 31/10/11 4:25 PM , Akanksha Shukla akshu...@cisco.com sent: Hi Michael, Thanks for the reply. But I think the issue is not from the C perspective. As I already mentioned, that if I use fputs to directly write a string to file, then I am able to do that successfully. But when I try to write the error code thrown by Bio_do_connect() API, then nothing is getting written in file and for that I have used the API suggested by Stephen in the forum (ERR_print_errors_fp(pFile)). Are you loading the strings? From:http://www.openssl.org/docs/ssl/SSL_library_init.htmlEXAMPLES A typical TLS/SSL application will start with the library initialization, and provide readable error messages. SSL_load_error_strings();/* readable error messages */ SSL_library_init(); /* initialize library */ Carl __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: RE: Open SSL API's Support For IPv6.
From: Akanksha Shukla [mailto:akshu...@cisco.com] Hi Carl, I added the API's call as mentioned by you in the else part to get the dump of the error. But this time also, I am not successful. else { SSL_load_error_strings(); SSL_library_init(); FILE * pFile1; pFile1 = fopen (result.txt,a); if (pFile1!=NULL) { ERR_print_errors_fp(pFile1); fclose(pFile1); } cout The Bio_do_connect failed endl; break; } This time also, I got blank file without having any output in it. Am is missing something here or using them in incorrect way? Please suggest. Thanks Akanksha Shukla. -Original Message- From: carlyo...@keycomm.co.uk [mailto:carlyo...@keycomm.co.uk] On Mon 31/10/11 4:25 PM , Akanksha Shukla akshu...@cisco.com sent: Hi Michael, Thanks for the reply. But I think the issue is not from the C perspective. As I already mentioned, that if I use fputs to directly write a string to file, then I am able to do that successfully. But when I try to write the error code thrown by Bio_do_connect() API, then nothing is getting written in file and for that I have used the API suggested by Stephen in the forum (ERR_print_errors_fp(pFile)). Are you loading the strings? From:http://www.openssl.org/docs/ssl/SSL_library_init.htmlEXAMPLES A typical TLS/SSL application will start with the library initialization, and provide readable error messages. SSL_load_error_strings();/* readable error messages */ SSL_library_init(); /* initialize library */ Carl Did you read the page he referred you to? Did you read the text he quoted? Did you think about what it said at all? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: RE: Open SSL API's Support For IPv6.
Hi, I am sorry if I misunderstood things. I went through the text quoted by him. Also, I did google search for that and what I understood was: ERR_load_crypto_strings() registers the error strings for all libcrypto functions. SSL_load_error_strings() does the same, but also registers the libssl error strings. One of these functions should be called before generating textual error messages. However, this is not required when memory usage is an issue. ERR_free_strings() frees all previously loaded error strings. So, I thought by calling SSL_load_error_strings() will register the SSL error strings automatically and once that is done, then probably SSL error string will get dumped in file. This is what I understood and also I am not much familiar with SSl API's. So, here it might be possible that I mis-interpreted things. Thanks Akanksha Shukla. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Jeremy Farrell Sent: Tuesday, November 01, 2011 1:39 AM To: openssl-users@openssl.org; carlyo...@keycomm.co.uk Subject: RE: RE: Open SSL API's Support For IPv6. From: Akanksha Shukla [mailto:akshu...@cisco.com] Hi Carl, I added the API's call as mentioned by you in the else part to get the dump of the error. But this time also, I am not successful. else { SSL_load_error_strings(); SSL_library_init(); FILE * pFile1; pFile1 = fopen (result.txt,a); if (pFile1!=NULL) { ERR_print_errors_fp(pFile1); fclose(pFile1); } cout The Bio_do_connect failed endl; break; } This time also, I got blank file without having any output in it. Am is missing something here or using them in incorrect way? Please suggest. Thanks Akanksha Shukla. -Original Message- From: carlyo...@keycomm.co.uk [mailto:carlyo...@keycomm.co.uk] On Mon 31/10/11 4:25 PM , Akanksha Shukla akshu...@cisco.com sent: Hi Michael, Thanks for the reply. But I think the issue is not from the C perspective. As I already mentioned, that if I use fputs to directly write a string to file, then I am able to do that successfully. But when I try to write the error code thrown by Bio_do_connect() API, then nothing is getting written in file and for that I have used the API suggested by Stephen in the forum (ERR_print_errors_fp(pFile)). Are you loading the strings? From:http://www.openssl.org/docs/ssl/SSL_library_init.htmlEXAMPLES A typical TLS/SSL application will start with the library initialization, and provide readable error messages. SSL_load_error_strings();/* readable error messages */ SSL_library_init(); /* initialize library */ Carl Did you read the page he referred you to? Did you read the text he quoted? Did you think about what it said at all? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Open SSL API's Support For IPv6.
From: owner-openssl-us...@openssl.org On Behalf Of Akanksha Shukla Sent: Monday, 31 October, 2011 08:48 snip { FILE * pFile1; char mystring [500]; pFile1 = fopen (result.txt,a); if (pFile1!=NULL) { ERR_print_errors_fp(stderr); if ( fgets (mystring , 500 , stderr) != NULL ) { fputs (mystring, pFile); } fclose(pFile1); } snip And also tried this one, but no luck. snip: same thing but no if() on fgets return These will never work. First of all, there's no promise you can read from stderr (or stdout) at all. Even on systems and in situations (e.g. redirection) where you can read, you have to fseek or fsetpos first (or fflush if you are already positioned, which here you aren't). The approach I thought you had before, if( pFile1 != NULL ) ERR_print_errors_fp (pFile1) should work assuming the fopen succeeded. Could 'results.txt' be a pre-existing file that is not writable? (If this code is part of a bigger program/process, is everything run and owned by your userid, or is it more complicated?) I suggest divide and conquer -- just call ERR_print_errors_fp(stdout) You won't get the info to the file where you may want it, but you should get it somewhere you can see, assuming you are seeing the other cout stuff. And printf or cout retVal, just to make sure what it is. Then you can figure out writing to a file. Even if you get hex codes instead of friendly strings, because you didn't _load_error_strings, it's still better than nothing. You can decode them with commandline errstr. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Open SSL API's Support For IPv6.
Hi Michael, Sorry for the confusion caused but the whole code sequence is like this: int retryCounter = 0; while(retryCounter CONNECT_MAX_TRY) { int retVal = BIO_do_connect(conn); if(retVal = 0) { if(BIO_should_retry(conn)) { retryCounter++; sleep(CONNECT_SLEEP_INTERVAL); FILE * pFile; pFile = fopen (result_retry.txt,a); if (pFile!=NULL) { ERR_print_errors_fp(pFile); fclose(pFile); } continue; } else { FILE * pFile1; pFile1 = fopen (result.txt,a); if (pFile1!=NULL) { ERR_print_errors_fp(pFile1); fclose(pFile1); } cout The Bio_do_connect failed endl; break; } } else { cout The Bio_do_connect passes endl; break; } } The retry counter is meant for Bio_should_retry() API and it should try for 10 times as the value of CONNECT_MAX_TRY is set to 10. But in this case, the Bio_should_retry() API is passed, hence value of retry counter is not incremented and control goes to the else part where I am trying to print the error in file. The break statement is else part will cause the control to move out of the while loop and hence the Bio_do_connect failed gets printed for one time only. But problem is that in the file result.txt, nothing is getting dumped as I explained you in the earlier mails also. But when I use fputs, I can see output in the file. So, please suggest here what mistake I am making in writing the error to the file. Any help would be really appreciable here as I am getting struck in IPv4 only case, while I wanted to have such logic which could have serve my purpose for both IPv4 as well as IPV6. Thanks Akanksha Shukla. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Michael S. Zick Sent: Wednesday, October 26, 2011 2:26 AM To: openssl-users@openssl.org Subject: Re: Open SSL API's Support For IPv6. On Tue October 25 2011, Akanksha Shukla wrote: Hi Stephen, I added debug code as: int retryCounter = 0; while(retryCounter CONNECT_MAX_TRY) { int retVal = BIO_do_connect(conn); if(retVal = 0) { if(BIO_should_retry(conn)) { retryCounter++; sleep(CONNECT_SLEEP_INTERVAL); FILE * pFile; pFile = fopen (result_retry.txt,a); if (pFile!=NULL) { ERR_print_errors_fp(pFile); } continue; } else { FILE * pFile1; pFile1 = fopen (result.txt,a); if (pFile1!=NULL) { ERR_print_errors_fp(pFile1); } cout The Bio_do_connect failed endl; } } } After execution of program, I saw that only result.txt file is getting created and not the result_retry.txt file which clarifies that the retry logic is working fine. Problem comes when retry counter reaches its max value and Bio_do_connect() gets failed. Though my understanding might be wrong here. But the main problem which I encountered today is that nothing is being written in the file result.txt and I am also hoping that I am using the ERR_print_errors_fp() function in correct way. The file is blank. Then just to make sure that pFile1 handle returned as Not NULL and we are entering inside the if check, I added statement If(pfile1! = NULL) { fputs (fopen example,pFile); //ERR_print_errors_fp(pFile1); } And this time, I could see that fopen example is being written to result.txt file successfully. So, could you please suggest what mistake I am doing here that SSL errors are not being getting written in file and also any other suggestions to try out. Q? How many times do you intend to open that file inside of the while loop without ever flushing or closing it? Mike Thanks Akanksha Shukla. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Tuesday, October 25, 2011 4:34 AM To: openssl-users@openssl.org Subject: Re: Open SSL API's Support For IPv6. On Sun, Oct 23, 2011, Akanksha Shukla wrote: Hi Stephen, I tried with retry logic as well (though earlier
RE: Open SSL API's Support For IPv6.
Hi Stephen, I added debug code as: int retryCounter = 0; while(retryCounter CONNECT_MAX_TRY) { int retVal = BIO_do_connect(conn); if(retVal = 0) { if(BIO_should_retry(conn)) { retryCounter++; sleep(CONNECT_SLEEP_INTERVAL); FILE * pFile; pFile = fopen (result_retry.txt,a); if (pFile!=NULL) { ERR_print_errors_fp(pFile); } continue; } else { FILE * pFile1; pFile1 = fopen (result.txt,a); if (pFile1!=NULL) { ERR_print_errors_fp(pFile1); } cout The Bio_do_connect failed endl; } } } After execution of program, I saw that only result.txt file is getting created and not the result_retry.txt file which clarifies that the retry logic is working fine. Problem comes when retry counter reaches its max value and Bio_do_connect() gets failed. Though my understanding might be wrong here. But the main problem which I encountered today is that nothing is being written in the file result.txt and I am also hoping that I am using the ERR_print_errors_fp() function in correct way. The file is blank. Then just to make sure that pFile1 handle returned as Not NULL and we are entering inside the if check, I added statement If(pfile1! = NULL) { fputs (fopen example,pFile); //ERR_print_errors_fp(pFile1); } And this time, I could see that fopen example is being written to result.txt file successfully. So, could you please suggest what mistake I am doing here that SSL errors are not being getting written in file and also any other suggestions to try out. Thanks Akanksha Shukla. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Tuesday, October 25, 2011 4:34 AM To: openssl-users@openssl.org Subject: Re: Open SSL API's Support For IPv6. On Sun, Oct 23, 2011, Akanksha Shukla wrote: Hi Stephen, I tried with retry logic as well (though earlier it was also same), but same result. int retryCounter = 0; while(retryCounter CONNECT_MAX_TRY) { int retVal = BIO_do_connect(conn); if(retVal = 0) { if(BIO_should_retry(conn)) { retryCounter++; sleep(CONNECT_SLEEP_INTERVAL); continue; } else { cout The Bio_do_connect failed endl; } } } Just wanted to let you know that this piece of code is same at time when I used BIO_new_connect() followed by BIO_set_nbio() and Bio_do_connect() with similar code mentioned above, then things were working fine. This time rather than using Bio_new_connect(), I used socket(), connect() and Bio_new_socket() API call followed by bio_set_nbio() and Bio_do_connect() (as suggested by you), then things started failing. Please let me know if you have any suggestions or help me in pointing out the issue. Try adding some more debugging code to see if it actually does retry and also if it fails call the OpenSSL ERR library to print out any useful message. For example ERR_print_errors_fp(stderr); Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Open SSL API's Support For IPv6.
On Tue October 25 2011, Akanksha Shukla wrote: Hi Stephen, I added debug code as: int retryCounter = 0; while(retryCounter CONNECT_MAX_TRY) { int retVal = BIO_do_connect(conn); if(retVal = 0) { if(BIO_should_retry(conn)) { retryCounter++; sleep(CONNECT_SLEEP_INTERVAL); FILE * pFile; pFile = fopen (result_retry.txt,a); if (pFile!=NULL) { ERR_print_errors_fp(pFile); } continue; } else { FILE * pFile1; pFile1 = fopen (result.txt,a); if (pFile1!=NULL) { ERR_print_errors_fp(pFile1); } cout The Bio_do_connect failed endl; } } } After execution of program, I saw that only result.txt file is getting created and not the result_retry.txt file which clarifies that the retry logic is working fine. Problem comes when retry counter reaches its max value and Bio_do_connect() gets failed. Though my understanding might be wrong here. But the main problem which I encountered today is that nothing is being written in the file result.txt and I am also hoping that I am using the ERR_print_errors_fp() function in correct way. The file is blank. Then just to make sure that pFile1 handle returned as Not NULL and we are entering inside the if check, I added statement If(pfile1! = NULL) { fputs (fopen example,pFile); //ERR_print_errors_fp(pFile1); } And this time, I could see that fopen example is being written to result.txt file successfully. So, could you please suggest what mistake I am doing here that SSL errors are not being getting written in file and also any other suggestions to try out. Q? How many times do you intend to open that file inside of the while loop without ever flushing or closing it? Mike Thanks Akanksha Shukla. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Tuesday, October 25, 2011 4:34 AM To: openssl-users@openssl.org Subject: Re: Open SSL API's Support For IPv6. On Sun, Oct 23, 2011, Akanksha Shukla wrote: Hi Stephen, I tried with retry logic as well (though earlier it was also same), but same result. int retryCounter = 0; while(retryCounter CONNECT_MAX_TRY) { int retVal = BIO_do_connect(conn); if(retVal = 0) { if(BIO_should_retry(conn)) { retryCounter++; sleep(CONNECT_SLEEP_INTERVAL); continue; } else { cout The Bio_do_connect failed endl; } } } Just wanted to let you know that this piece of code is same at time when I used BIO_new_connect() followed by BIO_set_nbio() and Bio_do_connect() with similar code mentioned above, then things were working fine. This time rather than using Bio_new_connect(), I used socket(), connect() and Bio_new_socket() API call followed by bio_set_nbio() and Bio_do_connect() (as suggested by you), then things started failing. Please let me know if you have any suggestions or help me in pointing out the issue. Try adding some more debugging code to see if it actually does retry and also if it fails call the OpenSSL ERR library to print out any useful message. For example ERR_print_errors_fp(stderr); Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Open SSL API's Support For IPv6.
Hi, Any suggestions here would be really helpful to us. So, please suggest. Thanks Akanksha Shukla. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Akanksha Shukla Sent: Sunday, October 23, 2011 3:47 AM To: openssl-users@openssl.org Subject: RE: Open SSL API's Support For IPv6. Hi Stephen, I tried with retry logic as well (though earlier it was also same), but same result. int retryCounter = 0; while(retryCounter CONNECT_MAX_TRY) { int retVal = BIO_do_connect(conn); if(retVal = 0) { if(BIO_should_retry(conn)) { retryCounter++; sleep(CONNECT_SLEEP_INTERVAL); continue; } else { cout The Bio_do_connect failed endl; } } } Just wanted to let you know that this piece of code is same at time when I used BIO_new_connect() followed by BIO_set_nbio() and Bio_do_connect() with similar code mentioned above, then things were working fine. This time rather than using Bio_new_connect(), I used socket(), connect() and Bio_new_socket() API call followed by bio_set_nbio() and Bio_do_connect() (as suggested by you), then things started failing. Please let me know if you have any suggestions or help me in pointing out the issue. Thanks Akanksha Shukla. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Sunday, October 23, 2011 1:45 AM To: openssl-users@openssl.org Subject: Re: Open SSL API's Support For IPv6. On Sat, Oct 22, 2011, Akanksha Shukla wrote: 5) BIO_set_nbio(conn, 1); 6) int retVal = BIO_do_connect(conn); if(retVal = 0) { cout The Bio_do_connect failed endl; } After executing the program, I am getting output as : The socket is created successfully The socket is connected successfully Bio_do_connect failed You aren't calling BIO_do_connect() correctly. A = 0 return value isn't necessarily an error it may be a request to retry the operation. See the BIO manual pages for more information. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Open SSL API's Support For IPv6.
On Sun, Oct 23, 2011, Akanksha Shukla wrote: Hi Stephen, I tried with retry logic as well (though earlier it was also same), but same result. int retryCounter = 0; while(retryCounter CONNECT_MAX_TRY) { int retVal = BIO_do_connect(conn); if(retVal = 0) { if(BIO_should_retry(conn)) { retryCounter++; sleep(CONNECT_SLEEP_INTERVAL); continue; } else { cout The Bio_do_connect failed endl; } } } Just wanted to let you know that this piece of code is same at time when I used BIO_new_connect() followed by BIO_set_nbio() and Bio_do_connect() with similar code mentioned above, then things were working fine. This time rather than using Bio_new_connect(), I used socket(), connect() and Bio_new_socket() API call followed by bio_set_nbio() and Bio_do_connect() (as suggested by you), then things started failing. Please let me know if you have any suggestions or help me in pointing out the issue. Try adding some more debugging code to see if it actually does retry and also if it fails call the OpenSSL ERR library to print out any useful message. For example ERR_print_errors_fp(stderr); Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Open SSL API's Support For IPv6.
Hi Stephen, As suggested by you, I tried following things for IPv4 only but still facing the issue. 1) char address[INET_ADDRSTRLEN+1] = 10.65.156.197; 2) int socket_desc = socket (AF_INET, SOCK_STREAM, 0); if (socket_desc == INVALID_SOCKET) { cout The error retuned by socket is errno endl; } cout The socket is created successfully endl; 3) struct sockaddr_in addrinfo; addrinfo.sin_family = AF_INET; addrinfo.sin_port = htons(80); inet_pton(AF_INET, address, (addrinfo.sin_addr.s_addr)); int retval = connect(socket_desc, (struct sockaddr *)addrinfo, sizeof (addrinfo)); if (retval != 0) { cout The error returned by socket connect is errno endl; } cout The socket is connected successfully endl; 4) BIO * conn; conn = BIO_new_socket(socket_desc,0); if(!conn) { cout The Bio_new_socket failed endl; } 5) BIO_set_nbio(conn, 1); 6) int retVal = BIO_do_connect(conn); if(retVal = 0) { cout The Bio_do_connect failed endl; } After executing the program, I am getting output as : The socket is created successfully The socket is connected successfully Bio_do_connect failed Now I am not sure what I am missing here due to which it is getting failed for IPv4 itself. Please suggest. Though I wanted to have API's support for both IPv4 and IPv6 but situation seems to be complex here. I am not able to execute SSL API's successfully for both IPv4 and IPv6. I am facing same error in both the cases. I would request to please have a look and suggest something. Thanks Akanksha Shukla. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Thursday, September 29, 2011 11:09 PM To: openssl-users@openssl.org Subject: Re: Open SSL API's Support For IPv6. On Thu, Sep 29, 2011, Akanksha Shukla wrote: Hi All, I tried following things: 1) Made socket() system call with AF_INET6 family type. 2) Made connect() system call to get connected to destination address using the socket created above. 3) Then made call to Bio_new_socket() and passed the connected socket descriptor. 4) Thereafter made call to Bio_set_nbio() and Bio_do_connect() on the socket BIO, and this time I got error from the Bio_do_connect() call. Though I have added diags if Bio_new_socket() call gets failed. But those diags were not getting hit. So, I am assuming that step 1 to step 3 are working fine. Problem is coming at the time of Bio_do_connect(). Now the next questions which come in my mind are: 1) Bio_set_nbio() and Bio_do_connect() API's are IPv6 compatible? 2) If yes, then what am I missing here because of which I am getting error from Bio_do_connect() API? 3) If no, then how can I proceed further because I need to use API which are both (IPv6 as well as IPv4) compatible. What error are you getting? Have you tried exactly the same steps with an IPv4 socket to see if it is a problem with you code and/or not specific to IPv6? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Open SSL API's Support For IPv6.
On Sat, Oct 22, 2011, Akanksha Shukla wrote: 5) BIO_set_nbio(conn, 1); 6) int retVal = BIO_do_connect(conn); if(retVal = 0) { cout The Bio_do_connect failed endl; } After executing the program, I am getting output as : The socket is created successfully The socket is connected successfully Bio_do_connect failed You aren't calling BIO_do_connect() correctly. A = 0 return value isn't necessarily an error it may be a request to retry the operation. See the BIO manual pages for more information. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Open SSL API's Support For IPv6.
Hi Stephen, I tried with retry logic as well (though earlier it was also same), but same result. int retryCounter = 0; while(retryCounter CONNECT_MAX_TRY) { int retVal = BIO_do_connect(conn); if(retVal = 0) { if(BIO_should_retry(conn)) { retryCounter++; sleep(CONNECT_SLEEP_INTERVAL); continue; } else { cout The Bio_do_connect failed endl; } } } Just wanted to let you know that this piece of code is same at time when I used BIO_new_connect() followed by BIO_set_nbio() and Bio_do_connect() with similar code mentioned above, then things were working fine. This time rather than using Bio_new_connect(), I used socket(), connect() and Bio_new_socket() API call followed by bio_set_nbio() and Bio_do_connect() (as suggested by you), then things started failing. Please let me know if you have any suggestions or help me in pointing out the issue. Thanks Akanksha Shukla. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Sunday, October 23, 2011 1:45 AM To: openssl-users@openssl.org Subject: Re: Open SSL API's Support For IPv6. On Sat, Oct 22, 2011, Akanksha Shukla wrote: 5) BIO_set_nbio(conn, 1); 6) int retVal = BIO_do_connect(conn); if(retVal = 0) { cout The Bio_do_connect failed endl; } After executing the program, I am getting output as : The socket is created successfully The socket is connected successfully Bio_do_connect failed You aren't calling BIO_do_connect() correctly. A = 0 return value isn't necessarily an error it may be a request to retry the operation. See the BIO manual pages for more information. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Open SSL API's Support For IPv6.
Hi All, Can anyone please help me out here in resolving my queries ? Any help would be great. Thanks Akanksha Shukla. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Akanksha Shukla Sent: Tuesday, September 27, 2011 6:50 PM To: openssl-users@openssl.org Subject: RE: Open SSL API's Support For IPv6. Hi Nilotpal, I tried following things: 1) Made socket() system call with AF_INET6 family type. 2) Made connect() system call to get connected to destination address using the socket created above. 3) Then made call to Bio_new_socket() and passed the connected socket descriptor. 4) Thereafter made call to Bio_set_nbio() and Bio_do_connect() on the socket BIO, and this time I got error from the Bio_do_connect() call. Though I have added diags if Bio_new_socket() call gets failed. But those diags were not getting hit. So, I am assuming that step 1 to step 3 are working fine. Problem is coming at the time of Bio_do_connect(). Now the next questions which come in my mind are: 1) Bio_set_nbio() and Bio_do_connect() API's are IPv6 compatible? 2) If yes, then what am I missing here because of which I am getting error from Bio_do_connect() API? 3) If no, then how can I proceed further because I need to use API which are both (IPv6 as well as IPv4) compatible. Please suggest. Thanks Akanksha Shukla. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Nilotpal De Sent: Thursday, September 22, 2011 2:59 PM To: openssl-users@openssl.org Subject: Re: Open SSL API's Support For IPv6. Hi, You can try this once. Use socket library connect() to get the connected socket. Then use BIO_new_socket() and pass the connected socket descriptor. Then, on the socket BIO you can try BIO_set_nbio() and BIO_do_connect(). With regards, Nilotpal On Thu, Sep 22, 2011 at 2:15 PM, Akanksha Shukla akshu...@cisco.com wrote: Hi Wim, Thanks a lot for your reply. But I am still left with few queries: 1) From your reply, what I understood is that Bio_new_connect() doesn't support IPv6. But what about other two API's BIO_set_nbio() and BIO_do_connect() ??. Do these API's support IPv6? 2) Are there any OpenSSL API which can be used to work on both IPv4 as well as IPv6 so rather than using the legacy one which supports only IPv4. 3) Moreover my application is acting like a client server which will send request. So, I need such API's which has support over IPv6. Thanks Akanksha Shukla. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Wim Lewis Sent: Thursday, September 22, 2011 1:25 AM To: openssl-users@openssl.org Subject: Re: Open SSL API's Support For IPv6. On 21 Sep 2011, at 6:17 AM, Akanksha Shukla wrote: Currently we are using OpenSSL 0.9.8 version. I have question about few of the API's support for IPV6. 1) BIO_new_connect() [...] Queries : 1) Do the above mentioned API's support IPv6? I don't think so. BIO_new_connect() (and BIO_get_host_ip() which it calls) only deal in IPv4 addresses. As far as I know, though, you should be able to make an IPv6 socket connection yourself, pass it to BIO_new_socket(), and have it work. It's just the hostname/address lookup that is address-family specific. (Oddly, the server side of things (accept() etc.) seems to have been extended to support IPv6 already.) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- With regards, Nilotpal
Re: Open SSL API's Support For IPv6.
On Thu, Sep 29, 2011, Akanksha Shukla wrote: Hi All, I tried following things: 1) Made socket() system call with AF_INET6 family type. 2) Made connect() system call to get connected to destination address using the socket created above. 3) Then made call to Bio_new_socket() and passed the connected socket descriptor. 4) Thereafter made call to Bio_set_nbio() and Bio_do_connect() on the socket BIO, and this time I got error from the Bio_do_connect() call. Though I have added diags if Bio_new_socket() call gets failed. But those diags were not getting hit. So, I am assuming that step 1 to step 3 are working fine. Problem is coming at the time of Bio_do_connect(). Now the next questions which come in my mind are: 1) Bio_set_nbio() and Bio_do_connect() API's are IPv6 compatible? 2) If yes, then what am I missing here because of which I am getting error from Bio_do_connect() API? 3) If no, then how can I proceed further because I need to use API which are both (IPv6 as well as IPv4) compatible. What error are you getting? Have you tried exactly the same steps with an IPv4 socket to see if it is a problem with you code and/or not specific to IPv6? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Open SSL API's Support For IPv6.
Hi Nilotpal, I tried following things: 1) Made socket() system call with AF_INET6 family type. 2) Made connect() system call to get connected to destination address using the socket created above. 3) Then made call to Bio_new_socket() and passed the connected socket descriptor. 4) Thereafter made call to Bio_set_nbio() and Bio_do_connect() on the socket BIO, and this time I got error from the Bio_do_connect() call. Though I have added diags if Bio_new_socket() call gets failed. But those diags were not getting hit. So, I am assuming that step 1 to step 3 are working fine. Problem is coming at the time of Bio_do_connect(). Now the next questions which come in my mind are: 1) Bio_set_nbio() and Bio_do_connect() API's are IPv6 compatible? 2) If yes, then what am I missing here because of which I am getting error from Bio_do_connect() API? 3) If no, then how can I proceed further because I need to use API which are both (IPv6 as well as IPv4) compatible. Please suggest. Thanks Akanksha Shukla. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Nilotpal De Sent: Thursday, September 22, 2011 2:59 PM To: openssl-users@openssl.org Subject: Re: Open SSL API's Support For IPv6. Hi, You can try this once. Use socket library connect() to get the connected socket. Then use BIO_new_socket() and pass the connected socket descriptor. Then, on the socket BIO you can try BIO_set_nbio() and BIO_do_connect(). With regards, Nilotpal On Thu, Sep 22, 2011 at 2:15 PM, Akanksha Shukla akshu...@cisco.com wrote: Hi Wim, Thanks a lot for your reply. But I am still left with few queries: 1) From your reply, what I understood is that Bio_new_connect() doesn't support IPv6. But what about other two API's BIO_set_nbio() and BIO_do_connect() ??. Do these API's support IPv6? 2) Are there any OpenSSL API which can be used to work on both IPv4 as well as IPv6 so rather than using the legacy one which supports only IPv4. 3) Moreover my application is acting like a client server which will send request. So, I need such API's which has support over IPv6. Thanks Akanksha Shukla. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Wim Lewis Sent: Thursday, September 22, 2011 1:25 AM To: openssl-users@openssl.org Subject: Re: Open SSL API's Support For IPv6. On 21 Sep 2011, at 6:17 AM, Akanksha Shukla wrote: Currently we are using OpenSSL 0.9.8 version. I have question about few of the API's support for IPV6. 1) BIO_new_connect() [...] Queries : 1) Do the above mentioned API's support IPv6? I don't think so. BIO_new_connect() (and BIO_get_host_ip() which it calls) only deal in IPv4 addresses. As far as I know, though, you should be able to make an IPv6 socket connection yourself, pass it to BIO_new_socket(), and have it work. It's just the hostname/address lookup that is address-family specific. (Oddly, the server side of things (accept() etc.) seems to have been extended to support IPv6 already.) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- With regards, Nilotpal
RE: Open SSL API's Support For IPv6.
Hi Wim, Thanks a lot for your reply. But I am still left with few queries: 1) From your reply, what I understood is that Bio_new_connect() doesn't support IPv6. But what about other two API's BIO_set_nbio() and BIO_do_connect() ??. Do these API's support IPv6? 2) Are there any OpenSSL API which can be used to work on both IPv4 as well as IPv6 so rather than using the legacy one which supports only IPv4. 3) Moreover my application is acting like a client server which will send request. So, I need such API's which has support over IPv6. Thanks Akanksha Shukla. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Wim Lewis Sent: Thursday, September 22, 2011 1:25 AM To: openssl-users@openssl.org Subject: Re: Open SSL API's Support For IPv6. On 21 Sep 2011, at 6:17 AM, Akanksha Shukla wrote: Currently we are using OpenSSL 0.9.8 version. I have question about few of the API's support for IPV6. 1) BIO_new_connect() [...] Queries : 1) Do the above mentioned API's support IPv6? I don't think so. BIO_new_connect() (and BIO_get_host_ip() which it calls) only deal in IPv4 addresses. As far as I know, though, you should be able to make an IPv6 socket connection yourself, pass it to BIO_new_socket(), and have it work. It's just the hostname/address lookup that is address-family specific. (Oddly, the server side of things (accept() etc.) seems to have been extended to support IPv6 already.) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Open SSL API's Support For IPv6.
Hi, You can try this once. Use socket library connect() to get the connected socket. Then use BIO_new_socket() and pass the connected socket descriptor. Then, on the socket BIO you can try BIO_set_nbio() and BIO_do_connect(). With regards, Nilotpal On Thu, Sep 22, 2011 at 2:15 PM, Akanksha Shukla akshu...@cisco.com wrote: Hi Wim, Thanks a lot for your reply. But I am still left with few queries: 1) From your reply, what I understood is that Bio_new_connect() doesn't support IPv6. But what about other two API's BIO_set_nbio() and BIO_do_connect() ??. Do these API's support IPv6? 2) Are there any OpenSSL API which can be used to work on both IPv4 as well as IPv6 so rather than using the legacy one which supports only IPv4. 3) Moreover my application is acting like a client server which will send request. So, I need such API's which has support over IPv6. Thanks Akanksha Shukla. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Wim Lewis Sent: Thursday, September 22, 2011 1:25 AM To: openssl-users@openssl.org Subject: Re: Open SSL API's Support For IPv6. On 21 Sep 2011, at 6:17 AM, Akanksha Shukla wrote: Currently we are using OpenSSL 0.9.8 version. I have question about few of the API's support for IPV6. 1) BIO_new_connect() [...] Queries : 1) Do the above mentioned API's support IPv6? I don't think so. BIO_new_connect() (and BIO_get_host_ip() which it calls) only deal in IPv4 addresses. As far as I know, though, you should be able to make an IPv6 socket connection yourself, pass it to BIO_new_socket(), and have it work. It's just the hostname/address lookup that is address-family specific. (Oddly, the server side of things (accept() etc.) seems to have been extended to support IPv6 already.) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- With regards, Nilotpal
Re: Open SSL API's Support For IPv6.
On 21 Sep 2011, at 6:17 AM, Akanksha Shukla wrote: Currently we are using OpenSSL 0.9.8 version. I have question about few of the API's support for IPV6. 1) BIO_new_connect() [...] Queries : 1) Do the above mentioned API's support IPv6? I don't think so. BIO_new_connect() (and BIO_get_host_ip() which it calls) only deal in IPv4 addresses. As far as I know, though, you should be able to make an IPv6 socket connection yourself, pass it to BIO_new_socket(), and have it work. It's just the hostname/address lookup that is address-family specific. (Oddly, the server side of things (accept() etc.) seems to have been extended to support IPv6 already.) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org