RE: Open SSL API's Support For IPv6.
From: owner-openssl-us...@openssl.org On Behalf Of Akanksha Shukla
Sent: Thursday, 03 November, 2011 11:25
I want to summarize snip
I am using the SSL API's for client application to get connect
to server and that worked fine over IPv4. Now my requirement is to
have the same client-server communication over IPv6. And this time
I also used the same SSL API's to get connected to server using
IPv6 address, but faced issue in that. snip
Just to be clear: you are using OpenSSL APIs, but not SSL ones.
BIO_s_connect, and BIO_s_socket, and BIO_s_accept, don't do SSL.
BIO_f_SSL does, and so do SSL_*.
Approach 1:
int main()
{
Bio *conn;
SSL_library_init();
SSL_load_error_strings();
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
Aside: SSL_load_error_strings includes ERR_load_crypto_strings,
and SSL_library_init loads all algorithms needed for SSL.
conn = BIO_new_connect(250::56ff:feab:20:80);
if(!conn) snip error
/* Configure the BIO as a non-blocking one */
BIO_set_nbio(conn, 1);
int retryCounter = 0;
while(retryCounter CONNECT_MAX_TRY) // snip is 10
{
int retVal = BIO_do_connect(conn);
if(retVal = 0)
{
if(BIO_should_retry(conn)) sleep and continue
else error
}
else success
[BIO_do_connect fails] 02003000:system library:getservbyname:system
library
Approach 2: ... same except [250::56ff:feab:20]:80).
[BIO_do_connect fails] 2006A066:BIO routines:BIO_get_host_ip:bad hostname
lookup
As expected. I thought you were told BIO_s_connect does not handle
IPv6 addresses, and you can easily verify by looking at the code;
it has AF_INET and gethostbyname not v6-capable getaddrinfo etc.
Although, BIO_s_accept does have code for v6 that looks reasonable
at least in 1.0.0e (I can't conveniently test).
Approach 3:
I followed the way suggested in forum and tried with IPv4 address.
This time, I am not able to make connection on IPV4 and biggest issue
is that nothing is coming in the error logs of SSL as well.
int socket_desc = socket (AF_INET, SOCK_STREAM, 0);
if (socket_desc == INVALID_SOCKET)
{
cout The error retuned by socket is errno endl;
}
If this condition occurs, which it almost never will, you should
not proceed to the following code which uses socket_desc.
cout The socket is created successfully. endl;
struct sockaddr_in addrinfo; and fill in
Aside: this name may become confusing. sockets-6 has a
struct addrinfo which is different from sockaddr_in{,6}.
int retval = connect(socket_desc, (struct sockaddr *)addrinfo, sizeof
(addrinfo));
if (retval != 0)
{
cout The error returned by socket connect is errno endl;
}
cout The socket is connected successfully. endl;
conn = BIO_new_socket(socket_desc,0);
if(!conn) snip error
/* Configure the BIO as a non-blocking one */
BIO_set_nbio(conn, 1);
int retryCounter = 0;
while(retryCounter CONNECT_MAX_TRY) // whose value is 10.
{
int retVal = BIO_do_connect(conn);
if(retVal = 0) snip: _should_retry sleepcontinue else error
else success
After executing program, the outcome came:
[Bio_do_connect() fails] :lib(0):func(0):reason(0)
BIO_do_connect is documented only for BIO_s_connect, not BIO_s_socket.
(Although it uses the same BIO_ctrl number as some other operations.)
And in fact it is unsupported and meaningless on BIO_s_socket,
which wraps (only) a socket that is already connected.
It is somewhat unhelpful that unsupported BIO_ctrl's
(at least here) return 0 with no ERR_ entry.
So, my main queries or doubt are:
1) I wanted to have SSL API's which could have been used
for both IPv4 and IPv6 (client side application). Is there support
for IPv6 in any of the client side OpenSSl API or not? This has been
my question from the first day when I posted my query in forum but
till now I haven't got any concrete response on this.
The SSL_ routines (both client and server) work fine with any socket,
either v4 and v6. BIO_f_SSL/BIO_s_socket ditto.
BIO_s_connect, and (thus) BIO_f_SSL/BIO_s_connect no.
2) Since I am getting error in the IPv4 only when I followed
the way suggested in forum and nothing is coming in error logs.
So, I don't know how to proceed further and my work is struck here.
I don't think anyone suggested do_connect on BIO_s_socket.
3) I am also not clear why the error log is coming as 0
in approach 3 while in case 1 and case 2, I can see some error thrown
by SSL API's. I don't think in case 3, I am missing something which
could cause error as 0.
Because it's an unsupported operation on this BIO, see above.
snip
__
RE: RE: Open SSL API's Support For IPv6.
Initialization code means code that runs before any other SSL code, not once
you've already got an error.
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Akanksha Shukla
Sent: 31 October 2011 20:27
To: openssl-users@openssl.org; carlyo...@keycomm.co.uk
Subject: RE: RE: Open SSL API's Support For IPv6.
Hi,
I am sorry if I misunderstood things. I went through the text quoted by him.
Also, I did google search for that and what I understood was:
ERR_load_crypto_strings() registers the error strings for all libcrypto
functions. SSL_load_error_strings() does the same, but also registers the
libssl error strings. One of these functions should be called before generating
textual error messages. However, this is not required when memory usage is an
issue. ERR_free_strings() frees all previously loaded error strings.
So, I thought by calling SSL_load_error_strings() will register the SSL error
strings automatically and once that is done, then probably SSL error string
will get dumped in file.
This is what I understood and also I am not much familiar with SSl API's.
So, here it might be possible that I mis-interpreted things.
Thanks
Akanksha Shukla.
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Jeremy Farrell
Sent: Tuesday, November 01, 2011 1:39 AM
To: openssl-users@openssl.org; carlyo...@keycomm.co.uk
Subject: RE: RE: Open SSL API's Support For IPv6.
From: Akanksha Shukla [mailto:akshu...@cisco.com]
Hi Carl,
I added the API's call as mentioned by you in the else part to get the
dump of the error. But this time also, I am not successful.
else
{
SSL_load_error_strings();
SSL_library_init();
FILE * pFile1;
pFile1 = fopen (result.txt,a);
if (pFile1!=NULL)
{
ERR_print_errors_fp(pFile1);
fclose(pFile1);
}
cout The Bio_do_connect failed endl;
break;
}
This time also, I got blank file without having any output in it. Am
is missing something here or using them in incorrect way?
Please suggest.
Thanks
Akanksha Shukla.
-Original Message-
From: carlyo...@keycomm.co.uk [mailto:carlyo...@keycomm.co.uk]
On Mon 31/10/11 4:25 PM , Akanksha Shukla akshu...@cisco.com sent:
Hi Michael,
Thanks for the reply. But I think the issue is not from the C
perspective.
As I already mentioned, that if I use fputs to directly write a
string to
file, then I am able to do that successfully. But when I try to
write
the
error code thrown by Bio_do_connect() API, then nothing is getting
written
in file and for that I have used the API suggested by Stephen in the
forum
(ERR_print_errors_fp(pFile)).
Are you loading the strings?
From:http://www.openssl.org/docs/ssl/SSL_library_init.htmlEXAMPLES
A typical TLS/SSL application will start with the library
initialization, and provide readable error messages.
SSL_load_error_strings();/* readable error
messages
*/
SSL_library_init(); /* initialize library
*/
Carl
Did you read the page he referred you to? Did you read the text he quoted?
Did you think about what it said at all?
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
The information in this message is intended solely for the addressee and should
be considered confidential. Publishing Technology does not accept legal
responsibility for the contents of this message and any statements contained
herein which do not relate to the official business of Publishing Technology
are neither given nor endorsed by Publishing Technology and are those of the
individual and not of Publishing Technology. This message has been scanned for
viruses using the most current and reliable tools available and Publishing
Technology excludes all liability related to any viruses that might exist in
any attachment or which may have been acquired in transit.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
RE: Open SSL API's Support For IPv6.
Hi,
I tried with some different logic in the else part to get the dump of the
error returned by Bio_do_connect() API, but no luck. File is getting created
but nothing is getting written over there.
else
{
FILE * pFile1;
char mystring [500];
pFile1 = fopen (result.txt,a);
if (pFile1!=NULL)
{
ERR_print_errors_fp(stderr);
if ( fgets (mystring , 500 , stderr) != NULL )
{
fputs (mystring, pFile);
}
fclose(pFile1);
}
cout The Bio_do_connect failed endl;
break;
}
And also tried this one, but no luck.
else
{
FILE * pFile1;
char mystring [500];
pFile1 = fopen (result.txt,a);
if (pFile1!=NULL)
{
ERR_print_errors_fp(stderr);
fgets (mystring , 500 , stderr);
fputs (mystring, pFile);
fclose(pFile1);
}
cout The Bio_do_connect failed endl;
break;
}
Could you please have a look and help me here. I am not able to proceed
further.
Thanks
Akanksha Shukla.
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Akanksha Shukla
Sent: Saturday, October 29, 2011 11:47 PM
To: openssl-users@openssl.org
Subject: RE: Open SSL API's Support For IPv6.
Hi Michael,
Sorry for the confusion caused but the whole code sequence is like this:
int retryCounter = 0;
while(retryCounter CONNECT_MAX_TRY)
{
int retVal = BIO_do_connect(conn);
if(retVal = 0)
{
if(BIO_should_retry(conn))
{
retryCounter++;
sleep(CONNECT_SLEEP_INTERVAL);
FILE * pFile;
pFile = fopen (result_retry.txt,a);
if (pFile!=NULL)
{
ERR_print_errors_fp(pFile);
fclose(pFile);
}
continue;
}
else
{
FILE * pFile1;
pFile1 = fopen (result.txt,a);
if (pFile1!=NULL)
{
ERR_print_errors_fp(pFile1);
fclose(pFile1);
}
cout The Bio_do_connect failed endl;
break;
}
}
else
{
cout The Bio_do_connect passes endl;
break;
}
}
The retry counter is meant for Bio_should_retry() API and it should try for
10 times as the value of CONNECT_MAX_TRY is set to 10. But in this case, the
Bio_should_retry() API is passed, hence value of retry counter is not
incremented and control goes to the else part where I am trying to print the
error in file. The break statement is else part will cause the control to
move out of the while loop and hence the Bio_do_connect failed gets printed
for one time only.
But problem is that in the file result.txt, nothing is getting dumped as I
explained you in the earlier mails also. But when I use fputs, I can see
output in the file. So, please suggest here what mistake I am making in
writing the error to the file.
Any help would be really appreciable here as I am getting struck in IPv4
only case, while I wanted to have such logic which could have serve my
purpose for both IPv4 as well as IPV6.
Thanks
Akanksha Shukla.
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Michael S. Zick
Sent: Wednesday, October 26, 2011 2:26 AM
To: openssl-users@openssl.org
Subject: Re: Open SSL API's Support For IPv6.
On Tue October 25 2011, Akanksha Shukla wrote:
Hi Stephen,
I added debug code as:
int retryCounter = 0;
while(retryCounter CONNECT_MAX_TRY)
{
int retVal = BIO_do_connect(conn);
if(retVal = 0)
{
if(BIO_should_retry(conn))
{
retryCounter++;
sleep(CONNECT_SLEEP_INTERVAL);
FILE * pFile;
pFile = fopen (result_retry.txt,a);
if (pFile!=NULL)
{
ERR_print_errors_fp(pFile);
}
continue;
}
else
{
FILE * pFile1;
pFile1 = fopen (result.txt,a);
if (pFile1!=NULL)
{
ERR_print_errors_fp(pFile1);
}
cout The Bio_do_connect failed endl;
}
}
}
After execution of program, I saw that only result.txt file is getting
created and not the result_retry.txt file
Re: Open SSL API's Support For IPv6.
On Mon October 31 2011, Akanksha Shukla wrote: Could you please have a look and help me here. I am not able to proceed further. Sorry, I do not have the required experience in either C or C like languages to be of any help. And you really need the help of a beginner's coding forum. I am lucky that I can even read anything C or C like. ;-) Whatever forum you find that can help you with your program structure and implementation, keep in mind they will probably want posts in 'plain text' form - not HTML. Mike __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Open SSL API's Support For IPv6.
Hi Michael, Thanks for the reply. But I think the issue is not from the C perspective. As I already mentioned, that if I use fputs to directly write a string to file, then I am able to do that successfully. But when I try to write the error code thrown by Bio_do_connect() API, then nothing is getting written in file and for that I have used the API suggested by Stephen in the forum (ERR_print_errors_fp(pFile)). Do you still think, its programming fault. My point is that you all must have used these API's to get error dump in a file, then why it is not coming in my case. Please clarify. Thanks Akanksha Shukla. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Michael S. Zick Sent: Monday, October 31, 2011 6:49 PM To: openssl-users@openssl.org Subject: Re: Open SSL API's Support For IPv6. On Mon October 31 2011, Akanksha Shukla wrote: Could you please have a look and help me here. I am not able to proceed further. Sorry, I do not have the required experience in either C or C like languages to be of any help. And you really need the help of a beginner's coding forum. I am lucky that I can even read anything C or C like. ;-) Whatever forum you find that can help you with your program structure and implementation, keep in mind they will probably want posts in 'plain text' form - not HTML. Mike __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Open SSL API's Support For IPv6.
On Mon October 31 2011, Akanksha Shukla wrote: ERR_print_errors_fp(stderr); Because your writing to stderr rather than pFile? Mike __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Open SSL API's Support For IPv6.
Hi, This was what I tried today to isolate the issue. But if you look into earlier mail chains, then you would find that I have tried to write the error in pFile1. Please refer to that. Thanks Akanksha Shukla. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Michael S. Zick Sent: Monday, October 31, 2011 10:19 PM To: openssl-users@openssl.org Subject: Re: Open SSL API's Support For IPv6. On Mon October 31 2011, Akanksha Shukla wrote: ERR_print_errors_fp(stderr); Because your writing to stderr rather than pFile? Mike __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: RE: Open SSL API's Support For IPv6.
On Mon 31/10/11 4:25 PM , Akanksha Shukla akshu...@cisco.com sent: Hi Michael, Thanks for the reply. But I think the issue is not from the C perspective. As I already mentioned, that if I use fputs to directly write a string to file, then I am able to do that successfully. But when I try to write the error code thrown by Bio_do_connect() API, then nothing is getting written in file and for that I have used the API suggested by Stephen in the forum (ERR_print_errors_fp(pFile)). Are you loading the strings? From:http://www.openssl.org/docs/ssl/SSL_library_init.htmlEXAMPLES A typical TLS/SSL application will start with the library initialization, and provide readable error messages. SSL_load_error_strings();/* readable error messages */ SSL_library_init(); /* initialize library */ Carl __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: RE: Open SSL API's Support For IPv6.
Hi Carl,
I added the API's call as mentioned by you in the else part to get the dump
of the error. But this time also, I am not successful.
else
{
SSL_load_error_strings();
SSL_library_init();
FILE * pFile1;
pFile1 = fopen (result.txt,a);
if (pFile1!=NULL)
{
ERR_print_errors_fp(pFile1);
fclose(pFile1);
}
cout The Bio_do_connect failed endl;
break;
}
This time also, I got blank file without having any output in it. Am is
missing something here or using them in incorrect way?
Please suggest.
Thanks
Akanksha Shukla.
-Original Message-
From: carlyo...@keycomm.co.uk [mailto:carlyo...@keycomm.co.uk]
Sent: Monday, October 31, 2011 10:07 PM
To: openssl-users@openssl.org; Akanksha Shukla
Subject: Re: RE: Open SSL API's Support For IPv6.
On Mon 31/10/11 4:25 PM , Akanksha Shukla akshu...@cisco.com sent:
Hi Michael,
Thanks for the reply. But I think the issue is not from the C perspective.
As I already mentioned, that if I use fputs to directly write a string to
file, then I am able to do that successfully. But when I try to write the
error code thrown by Bio_do_connect() API, then nothing is getting written
in file and for that I have used the API suggested by Stephen in the forum
(ERR_print_errors_fp(pFile)).
Are you loading the strings?
From:http://www.openssl.org/docs/ssl/SSL_library_init.htmlEXAMPLES
A typical TLS/SSL application will start with the library
initialization, and provide readable error messages.
SSL_load_error_strings();/* readable error messages
*/
SSL_library_init(); /* initialize library */
Carl
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
RE: RE: Open SSL API's Support For IPv6.
From: Akanksha Shukla [mailto:akshu...@cisco.com]
Hi Carl,
I added the API's call as mentioned by you in the else part to get the
dump
of the error. But this time also, I am not successful.
else
{
SSL_load_error_strings();
SSL_library_init();
FILE * pFile1;
pFile1 = fopen (result.txt,a);
if (pFile1!=NULL)
{
ERR_print_errors_fp(pFile1);
fclose(pFile1);
}
cout The Bio_do_connect failed endl;
break;
}
This time also, I got blank file without having any output in it. Am is
missing something here or using them in incorrect way?
Please suggest.
Thanks
Akanksha Shukla.
-Original Message-
From: carlyo...@keycomm.co.uk [mailto:carlyo...@keycomm.co.uk]
On Mon 31/10/11 4:25 PM , Akanksha Shukla akshu...@cisco.com sent:
Hi Michael,
Thanks for the reply. But I think the issue is not from the C
perspective.
As I already mentioned, that if I use fputs to directly write a
string to
file, then I am able to do that successfully. But when I try to write
the
error code thrown by Bio_do_connect() API, then nothing is getting
written
in file and for that I have used the API suggested by Stephen in the
forum
(ERR_print_errors_fp(pFile)).
Are you loading the strings?
From:http://www.openssl.org/docs/ssl/SSL_library_init.htmlEXAMPLES
A typical TLS/SSL application will start with the library
initialization, and provide readable error messages.
SSL_load_error_strings();/* readable error
messages
*/
SSL_library_init(); /* initialize library
*/
Carl
Did you read the page he referred you to? Did you read the text he quoted? Did
you think about what it said at all?
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
RE: RE: Open SSL API's Support For IPv6.
Hi,
I am sorry if I misunderstood things. I went through the text quoted by him.
Also, I did google search for that and what I understood was:
ERR_load_crypto_strings() registers the error strings for all libcrypto
functions. SSL_load_error_strings() does the same, but also registers the
libssl error strings. One of these functions should be called before
generating textual error messages. However, this is not required when memory
usage is an issue. ERR_free_strings() frees all previously loaded error
strings.
So, I thought by calling SSL_load_error_strings() will register the SSL
error strings automatically and once that is done, then probably SSL error
string will get dumped in file.
This is what I understood and also I am not much familiar with SSl API's.
So, here it might be possible that I mis-interpreted things.
Thanks
Akanksha Shukla.
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Jeremy Farrell
Sent: Tuesday, November 01, 2011 1:39 AM
To: openssl-users@openssl.org; carlyo...@keycomm.co.uk
Subject: RE: RE: Open SSL API's Support For IPv6.
From: Akanksha Shukla [mailto:akshu...@cisco.com]
Hi Carl,
I added the API's call as mentioned by you in the else part to get the
dump
of the error. But this time also, I am not successful.
else
{
SSL_load_error_strings();
SSL_library_init();
FILE * pFile1;
pFile1 = fopen (result.txt,a);
if (pFile1!=NULL)
{
ERR_print_errors_fp(pFile1);
fclose(pFile1);
}
cout The Bio_do_connect failed endl;
break;
}
This time also, I got blank file without having any output in it. Am is
missing something here or using them in incorrect way?
Please suggest.
Thanks
Akanksha Shukla.
-Original Message-
From: carlyo...@keycomm.co.uk [mailto:carlyo...@keycomm.co.uk]
On Mon 31/10/11 4:25 PM , Akanksha Shukla akshu...@cisco.com sent:
Hi Michael,
Thanks for the reply. But I think the issue is not from the C
perspective.
As I already mentioned, that if I use fputs to directly write a
string to
file, then I am able to do that successfully. But when I try to write
the
error code thrown by Bio_do_connect() API, then nothing is getting
written
in file and for that I have used the API suggested by Stephen in the
forum
(ERR_print_errors_fp(pFile)).
Are you loading the strings?
From:http://www.openssl.org/docs/ssl/SSL_library_init.htmlEXAMPLES
A typical TLS/SSL application will start with the library
initialization, and provide readable error messages.
SSL_load_error_strings();/* readable error
messages
*/
SSL_library_init(); /* initialize library
*/
Carl
Did you read the page he referred you to? Did you read the text he quoted?
Did you think about what it said at all?
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
RE: Open SSL API's Support For IPv6.
From: owner-openssl-us...@openssl.org On Behalf Of Akanksha Shukla
Sent: Monday, 31 October, 2011 08:48
snip
{
FILE * pFile1;
char mystring [500];
pFile1 = fopen (result.txt,a);
if (pFile1!=NULL)
{
ERR_print_errors_fp(stderr);
if ( fgets (mystring , 500 , stderr) != NULL )
{
fputs (mystring, pFile);
}
fclose(pFile1);
}
snip
And also tried this one, but no luck.
snip: same thing but no if() on fgets return
These will never work. First of all, there's no promise
you can read from stderr (or stdout) at all. Even on systems
and in situations (e.g. redirection) where you can read,
you have to fseek or fsetpos first (or fflush if you
are already positioned, which here you aren't).
The approach I thought you had before,
if( pFile1 != NULL ) ERR_print_errors_fp (pFile1)
should work assuming the fopen succeeded.
Could 'results.txt' be a pre-existing file that is not writable?
(If this code is part of a bigger program/process, is everything
run and owned by your userid, or is it more complicated?)
I suggest divide and conquer -- just call
ERR_print_errors_fp(stdout)
You won't get the info to the file where you may want it,
but you should get it somewhere you can see,
assuming you are seeing the other cout stuff.
And printf or cout retVal, just to make sure what it is.
Then you can figure out writing to a file.
Even if you get hex codes instead of friendly strings,
because you didn't _load_error_strings, it's still better
than nothing. You can decode them with commandline errstr.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
RE: Open SSL API's Support For IPv6.
Hi Michael,
Sorry for the confusion caused but the whole code sequence is like this:
int retryCounter = 0;
while(retryCounter CONNECT_MAX_TRY)
{
int retVal = BIO_do_connect(conn);
if(retVal = 0)
{
if(BIO_should_retry(conn))
{
retryCounter++;
sleep(CONNECT_SLEEP_INTERVAL);
FILE * pFile;
pFile = fopen (result_retry.txt,a);
if (pFile!=NULL)
{
ERR_print_errors_fp(pFile);
fclose(pFile);
}
continue;
}
else
{
FILE * pFile1;
pFile1 = fopen (result.txt,a);
if (pFile1!=NULL)
{
ERR_print_errors_fp(pFile1);
fclose(pFile1);
}
cout The Bio_do_connect failed endl;
break;
}
}
else
{
cout The Bio_do_connect passes endl;
break;
}
}
The retry counter is meant for Bio_should_retry() API and it should try for
10 times as the value of CONNECT_MAX_TRY is set to 10. But in this case, the
Bio_should_retry() API is passed, hence value of retry counter is not
incremented and control goes to the else part where I am trying to print the
error in file. The break statement is else part will cause the control to
move out of the while loop and hence the Bio_do_connect failed gets printed
for one time only.
But problem is that in the file result.txt, nothing is getting dumped as I
explained you in the earlier mails also. But when I use fputs, I can see
output in the file. So, please suggest here what mistake I am making in
writing the error to the file.
Any help would be really appreciable here as I am getting struck in IPv4
only case, while I wanted to have such logic which could have serve my
purpose for both IPv4 as well as IPV6.
Thanks
Akanksha Shukla.
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Michael S. Zick
Sent: Wednesday, October 26, 2011 2:26 AM
To: openssl-users@openssl.org
Subject: Re: Open SSL API's Support For IPv6.
On Tue October 25 2011, Akanksha Shukla wrote:
Hi Stephen,
I added debug code as:
int retryCounter = 0;
while(retryCounter CONNECT_MAX_TRY)
{
int retVal = BIO_do_connect(conn);
if(retVal = 0)
{
if(BIO_should_retry(conn))
{
retryCounter++;
sleep(CONNECT_SLEEP_INTERVAL);
FILE * pFile;
pFile = fopen (result_retry.txt,a);
if (pFile!=NULL)
{
ERR_print_errors_fp(pFile);
}
continue;
}
else
{
FILE * pFile1;
pFile1 = fopen (result.txt,a);
if (pFile1!=NULL)
{
ERR_print_errors_fp(pFile1);
}
cout The Bio_do_connect failed endl;
}
}
}
After execution of program, I saw that only result.txt file is getting
created and not the result_retry.txt file which clarifies that the retry
logic is working fine. Problem comes when retry counter reaches its max
value and Bio_do_connect() gets failed. Though my understanding might be
wrong here.
But the main problem which I encountered today is that nothing is being
written in the file result.txt and I am also hoping that I am using the
ERR_print_errors_fp() function in correct way. The file is blank. Then
just
to make sure that pFile1 handle returned as Not NULL and we are entering
inside the if check, I added statement
If(pfile1! = NULL)
{
fputs (fopen example,pFile);
//ERR_print_errors_fp(pFile1);
}
And this time, I could see that fopen example is being written to
result.txt file successfully.
So, could you please suggest what mistake I am doing here that SSL errors
are not being getting written in file and also any other suggestions to
try
out.
Q? How many times do you intend to open that file inside of the
while loop without ever flushing or closing it?
Mike
Thanks
Akanksha Shukla.
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson
Sent: Tuesday, October 25, 2011 4:34 AM
To: openssl-users@openssl.org
Subject: Re: Open SSL API's Support For IPv6.
On Sun, Oct 23, 2011, Akanksha Shukla wrote:
Hi Stephen,
I tried with retry logic as well (though earlier
RE: Open SSL API's Support For IPv6.
Hi Stephen,
I added debug code as:
int retryCounter = 0;
while(retryCounter CONNECT_MAX_TRY)
{
int retVal = BIO_do_connect(conn);
if(retVal = 0)
{
if(BIO_should_retry(conn))
{
retryCounter++;
sleep(CONNECT_SLEEP_INTERVAL);
FILE * pFile;
pFile = fopen (result_retry.txt,a);
if (pFile!=NULL)
{
ERR_print_errors_fp(pFile);
}
continue;
}
else
{
FILE * pFile1;
pFile1 = fopen (result.txt,a);
if (pFile1!=NULL)
{
ERR_print_errors_fp(pFile1);
}
cout The Bio_do_connect failed endl;
}
}
}
After execution of program, I saw that only result.txt file is getting
created and not the result_retry.txt file which clarifies that the retry
logic is working fine. Problem comes when retry counter reaches its max
value and Bio_do_connect() gets failed. Though my understanding might be
wrong here.
But the main problem which I encountered today is that nothing is being
written in the file result.txt and I am also hoping that I am using the
ERR_print_errors_fp() function in correct way. The file is blank. Then just
to make sure that pFile1 handle returned as Not NULL and we are entering
inside the if check, I added statement
If(pfile1! = NULL)
{
fputs (fopen example,pFile);
//ERR_print_errors_fp(pFile1);
}
And this time, I could see that fopen example is being written to
result.txt file successfully.
So, could you please suggest what mistake I am doing here that SSL errors
are not being getting written in file and also any other suggestions to try
out.
Thanks
Akanksha Shukla.
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson
Sent: Tuesday, October 25, 2011 4:34 AM
To: openssl-users@openssl.org
Subject: Re: Open SSL API's Support For IPv6.
On Sun, Oct 23, 2011, Akanksha Shukla wrote:
Hi Stephen,
I tried with retry logic as well (though earlier it was also same), but
same
result.
int retryCounter = 0;
while(retryCounter CONNECT_MAX_TRY)
{
int retVal = BIO_do_connect(conn);
if(retVal = 0)
{
if(BIO_should_retry(conn))
{
retryCounter++;
sleep(CONNECT_SLEEP_INTERVAL);
continue;
}
else
{
cout The Bio_do_connect failed endl;
}
}
}
Just wanted to let you know that this piece of code is same at time when I
used BIO_new_connect() followed by BIO_set_nbio() and Bio_do_connect()
with
similar code mentioned above, then things were working fine. This time
rather than using Bio_new_connect(), I used socket(), connect() and
Bio_new_socket() API call followed by bio_set_nbio() and Bio_do_connect()
(as suggested by you), then things started failing.
Please let me know if you have any suggestions or help me in pointing out
the issue.
Try adding some more debugging code to see if it actually does retry and
also
if it fails call the OpenSSL ERR library to print out any useful message.
For
example ERR_print_errors_fp(stderr);
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: Open SSL API's Support For IPv6.
On Tue October 25 2011, Akanksha Shukla wrote:
Hi Stephen,
I added debug code as:
int retryCounter = 0;
while(retryCounter CONNECT_MAX_TRY)
{
int retVal = BIO_do_connect(conn);
if(retVal = 0)
{
if(BIO_should_retry(conn))
{
retryCounter++;
sleep(CONNECT_SLEEP_INTERVAL);
FILE * pFile;
pFile = fopen (result_retry.txt,a);
if (pFile!=NULL)
{
ERR_print_errors_fp(pFile);
}
continue;
}
else
{
FILE * pFile1;
pFile1 = fopen (result.txt,a);
if (pFile1!=NULL)
{
ERR_print_errors_fp(pFile1);
}
cout The Bio_do_connect failed endl;
}
}
}
After execution of program, I saw that only result.txt file is getting
created and not the result_retry.txt file which clarifies that the retry
logic is working fine. Problem comes when retry counter reaches its max
value and Bio_do_connect() gets failed. Though my understanding might be
wrong here.
But the main problem which I encountered today is that nothing is being
written in the file result.txt and I am also hoping that I am using the
ERR_print_errors_fp() function in correct way. The file is blank. Then just
to make sure that pFile1 handle returned as Not NULL and we are entering
inside the if check, I added statement
If(pfile1! = NULL)
{
fputs (fopen example,pFile);
//ERR_print_errors_fp(pFile1);
}
And this time, I could see that fopen example is being written to
result.txt file successfully.
So, could you please suggest what mistake I am doing here that SSL errors
are not being getting written in file and also any other suggestions to try
out.
Q? How many times do you intend to open that file inside of the
while loop without ever flushing or closing it?
Mike
Thanks
Akanksha Shukla.
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson
Sent: Tuesday, October 25, 2011 4:34 AM
To: openssl-users@openssl.org
Subject: Re: Open SSL API's Support For IPv6.
On Sun, Oct 23, 2011, Akanksha Shukla wrote:
Hi Stephen,
I tried with retry logic as well (though earlier it was also same), but
same
result.
int retryCounter = 0;
while(retryCounter CONNECT_MAX_TRY)
{
int retVal = BIO_do_connect(conn);
if(retVal = 0)
{
if(BIO_should_retry(conn))
{
retryCounter++;
sleep(CONNECT_SLEEP_INTERVAL);
continue;
}
else
{
cout The Bio_do_connect failed endl;
}
}
}
Just wanted to let you know that this piece of code is same at time when I
used BIO_new_connect() followed by BIO_set_nbio() and Bio_do_connect()
with
similar code mentioned above, then things were working fine. This time
rather than using Bio_new_connect(), I used socket(), connect() and
Bio_new_socket() API call followed by bio_set_nbio() and Bio_do_connect()
(as suggested by you), then things started failing.
Please let me know if you have any suggestions or help me in pointing out
the issue.
Try adding some more debugging code to see if it actually does retry and
also
if it fails call the OpenSSL ERR library to print out any useful message.
For
example ERR_print_errors_fp(stderr);
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
RE: Open SSL API's Support For IPv6.
Hi,
Any suggestions here would be really helpful to us. So, please suggest.
Thanks
Akanksha Shukla.
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Akanksha Shukla
Sent: Sunday, October 23, 2011 3:47 AM
To: openssl-users@openssl.org
Subject: RE: Open SSL API's Support For IPv6.
Hi Stephen,
I tried with retry logic as well (though earlier it was also same), but same
result.
int retryCounter = 0;
while(retryCounter CONNECT_MAX_TRY)
{
int retVal = BIO_do_connect(conn);
if(retVal = 0)
{
if(BIO_should_retry(conn))
{
retryCounter++;
sleep(CONNECT_SLEEP_INTERVAL);
continue;
}
else
{
cout The Bio_do_connect failed endl;
}
}
}
Just wanted to let you know that this piece of code is same at time when I
used BIO_new_connect() followed by BIO_set_nbio() and Bio_do_connect() with
similar code mentioned above, then things were working fine. This time
rather than using Bio_new_connect(), I used socket(), connect() and
Bio_new_socket() API call followed by bio_set_nbio() and Bio_do_connect()
(as suggested by you), then things started failing.
Please let me know if you have any suggestions or help me in pointing out
the issue.
Thanks
Akanksha Shukla.
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson
Sent: Sunday, October 23, 2011 1:45 AM
To: openssl-users@openssl.org
Subject: Re: Open SSL API's Support For IPv6.
On Sat, Oct 22, 2011, Akanksha Shukla wrote:
5) BIO_set_nbio(conn, 1);
6) int retVal = BIO_do_connect(conn);
if(retVal = 0)
{
cout The Bio_do_connect failed endl;
}
After executing the program, I am getting output as :
The socket is created successfully
The socket is connected successfully
Bio_do_connect failed
You aren't calling BIO_do_connect() correctly. A = 0 return value isn't
necessarily an error it may be a request to retry the operation. See the BIO
manual pages for more information.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: Open SSL API's Support For IPv6.
On Sun, Oct 23, 2011, Akanksha Shukla wrote:
Hi Stephen,
I tried with retry logic as well (though earlier it was also same), but same
result.
int retryCounter = 0;
while(retryCounter CONNECT_MAX_TRY)
{
int retVal = BIO_do_connect(conn);
if(retVal = 0)
{
if(BIO_should_retry(conn))
{
retryCounter++;
sleep(CONNECT_SLEEP_INTERVAL);
continue;
}
else
{
cout The Bio_do_connect failed endl;
}
}
}
Just wanted to let you know that this piece of code is same at time when I
used BIO_new_connect() followed by BIO_set_nbio() and Bio_do_connect() with
similar code mentioned above, then things were working fine. This time
rather than using Bio_new_connect(), I used socket(), connect() and
Bio_new_socket() API call followed by bio_set_nbio() and Bio_do_connect()
(as suggested by you), then things started failing.
Please let me know if you have any suggestions or help me in pointing out
the issue.
Try adding some more debugging code to see if it actually does retry and also
if it fails call the OpenSSL ERR library to print out any useful message. For
example ERR_print_errors_fp(stderr);
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
RE: Open SSL API's Support For IPv6.
Hi Stephen,
As suggested by you, I tried following things for IPv4 only but still facing
the issue.
1) char address[INET_ADDRSTRLEN+1] = 10.65.156.197;
2) int socket_desc = socket (AF_INET, SOCK_STREAM, 0);
if (socket_desc == INVALID_SOCKET)
{
cout The error retuned by socket is errno endl;
}
cout The socket is created successfully endl;
3) struct sockaddr_in addrinfo;
addrinfo.sin_family = AF_INET;
addrinfo.sin_port = htons(80);
inet_pton(AF_INET, address, (addrinfo.sin_addr.s_addr));
int retval = connect(socket_desc, (struct sockaddr *)addrinfo, sizeof
(addrinfo));
if (retval != 0)
{
cout The error returned by socket connect is errno endl;
}
cout The socket is connected successfully endl;
4) BIO * conn;
conn = BIO_new_socket(socket_desc,0);
if(!conn)
{
cout The Bio_new_socket failed endl;
}
5) BIO_set_nbio(conn, 1);
6) int retVal = BIO_do_connect(conn);
if(retVal = 0)
{
cout The Bio_do_connect failed endl;
}
After executing the program, I am getting output as :
The socket is created successfully
The socket is connected successfully
Bio_do_connect failed
Now I am not sure what I am missing here due to which it is getting failed
for IPv4 itself. Please suggest. Though I wanted to have API's support for
both IPv4 and IPv6 but situation seems to be complex here. I am not able to
execute SSL API's successfully for both IPv4 and IPv6. I am facing same
error in both the cases.
I would request to please have a look and suggest something.
Thanks
Akanksha Shukla.
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson
Sent: Thursday, September 29, 2011 11:09 PM
To: openssl-users@openssl.org
Subject: Re: Open SSL API's Support For IPv6.
On Thu, Sep 29, 2011, Akanksha Shukla wrote:
Hi All,
I tried following things:
1) Made socket() system call with AF_INET6 family type.
2) Made connect() system call to get connected to destination address
using the socket created above.
3) Then made call to Bio_new_socket() and passed the connected socket
descriptor.
4) Thereafter made call to Bio_set_nbio() and Bio_do_connect() on the
socket BIO, and this time I got error from the Bio_do_connect() call.
Though I have added diags if Bio_new_socket() call gets failed. But those
diags were not getting hit. So, I am assuming that step 1 to step 3 are
working fine. Problem is coming at the time of Bio_do_connect().
Now the next questions which come in my mind are:
1) Bio_set_nbio() and Bio_do_connect() API's are IPv6 compatible?
2) If yes, then what am I missing here because of which I am getting
error from Bio_do_connect() API?
3) If no, then how can I proceed further because I need to use API
which are both (IPv6 as well as IPv4) compatible.
What error are you getting? Have you tried exactly the same steps with an
IPv4
socket to see if it is a problem with you code and/or not specific to IPv6?
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: Open SSL API's Support For IPv6.
On Sat, Oct 22, 2011, Akanksha Shukla wrote:
5) BIO_set_nbio(conn, 1);
6) int retVal = BIO_do_connect(conn);
if(retVal = 0)
{
cout The Bio_do_connect failed endl;
}
After executing the program, I am getting output as :
The socket is created successfully
The socket is connected successfully
Bio_do_connect failed
You aren't calling BIO_do_connect() correctly. A = 0 return value isn't
necessarily an error it may be a request to retry the operation. See the BIO
manual pages for more information.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
RE: Open SSL API's Support For IPv6.
Hi Stephen,
I tried with retry logic as well (though earlier it was also same), but same
result.
int retryCounter = 0;
while(retryCounter CONNECT_MAX_TRY)
{
int retVal = BIO_do_connect(conn);
if(retVal = 0)
{
if(BIO_should_retry(conn))
{
retryCounter++;
sleep(CONNECT_SLEEP_INTERVAL);
continue;
}
else
{
cout The Bio_do_connect failed endl;
}
}
}
Just wanted to let you know that this piece of code is same at time when I
used BIO_new_connect() followed by BIO_set_nbio() and Bio_do_connect() with
similar code mentioned above, then things were working fine. This time
rather than using Bio_new_connect(), I used socket(), connect() and
Bio_new_socket() API call followed by bio_set_nbio() and Bio_do_connect()
(as suggested by you), then things started failing.
Please let me know if you have any suggestions or help me in pointing out
the issue.
Thanks
Akanksha Shukla.
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson
Sent: Sunday, October 23, 2011 1:45 AM
To: openssl-users@openssl.org
Subject: Re: Open SSL API's Support For IPv6.
On Sat, Oct 22, 2011, Akanksha Shukla wrote:
5) BIO_set_nbio(conn, 1);
6) int retVal = BIO_do_connect(conn);
if(retVal = 0)
{
cout The Bio_do_connect failed endl;
}
After executing the program, I am getting output as :
The socket is created successfully
The socket is connected successfully
Bio_do_connect failed
You aren't calling BIO_do_connect() correctly. A = 0 return value isn't
necessarily an error it may be a request to retry the operation. See the BIO
manual pages for more information.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
RE: Open SSL API's Support For IPv6.
Hi All, Can anyone please help me out here in resolving my queries ? Any help would be great. Thanks Akanksha Shukla. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Akanksha Shukla Sent: Tuesday, September 27, 2011 6:50 PM To: openssl-users@openssl.org Subject: RE: Open SSL API's Support For IPv6. Hi Nilotpal, I tried following things: 1) Made socket() system call with AF_INET6 family type. 2) Made connect() system call to get connected to destination address using the socket created above. 3) Then made call to Bio_new_socket() and passed the connected socket descriptor. 4) Thereafter made call to Bio_set_nbio() and Bio_do_connect() on the socket BIO, and this time I got error from the Bio_do_connect() call. Though I have added diags if Bio_new_socket() call gets failed. But those diags were not getting hit. So, I am assuming that step 1 to step 3 are working fine. Problem is coming at the time of Bio_do_connect(). Now the next questions which come in my mind are: 1) Bio_set_nbio() and Bio_do_connect() API's are IPv6 compatible? 2) If yes, then what am I missing here because of which I am getting error from Bio_do_connect() API? 3) If no, then how can I proceed further because I need to use API which are both (IPv6 as well as IPv4) compatible. Please suggest. Thanks Akanksha Shukla. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Nilotpal De Sent: Thursday, September 22, 2011 2:59 PM To: openssl-users@openssl.org Subject: Re: Open SSL API's Support For IPv6. Hi, You can try this once. Use socket library connect() to get the connected socket. Then use BIO_new_socket() and pass the connected socket descriptor. Then, on the socket BIO you can try BIO_set_nbio() and BIO_do_connect(). With regards, Nilotpal On Thu, Sep 22, 2011 at 2:15 PM, Akanksha Shukla akshu...@cisco.com wrote: Hi Wim, Thanks a lot for your reply. But I am still left with few queries: 1) From your reply, what I understood is that Bio_new_connect() doesn't support IPv6. But what about other two API's BIO_set_nbio() and BIO_do_connect() ??. Do these API's support IPv6? 2) Are there any OpenSSL API which can be used to work on both IPv4 as well as IPv6 so rather than using the legacy one which supports only IPv4. 3) Moreover my application is acting like a client server which will send request. So, I need such API's which has support over IPv6. Thanks Akanksha Shukla. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Wim Lewis Sent: Thursday, September 22, 2011 1:25 AM To: openssl-users@openssl.org Subject: Re: Open SSL API's Support For IPv6. On 21 Sep 2011, at 6:17 AM, Akanksha Shukla wrote: Currently we are using OpenSSL 0.9.8 version. I have question about few of the API's support for IPV6. 1) BIO_new_connect() [...] Queries : 1) Do the above mentioned API's support IPv6? I don't think so. BIO_new_connect() (and BIO_get_host_ip() which it calls) only deal in IPv4 addresses. As far as I know, though, you should be able to make an IPv6 socket connection yourself, pass it to BIO_new_socket(), and have it work. It's just the hostname/address lookup that is address-family specific. (Oddly, the server side of things (accept() etc.) seems to have been extended to support IPv6 already.) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- With regards, Nilotpal
Re: Open SSL API's Support For IPv6.
On Thu, Sep 29, 2011, Akanksha Shukla wrote: Hi All, I tried following things: 1) Made socket() system call with AF_INET6 family type. 2) Made connect() system call to get connected to destination address using the socket created above. 3) Then made call to Bio_new_socket() and passed the connected socket descriptor. 4) Thereafter made call to Bio_set_nbio() and Bio_do_connect() on the socket BIO, and this time I got error from the Bio_do_connect() call. Though I have added diags if Bio_new_socket() call gets failed. But those diags were not getting hit. So, I am assuming that step 1 to step 3 are working fine. Problem is coming at the time of Bio_do_connect(). Now the next questions which come in my mind are: 1) Bio_set_nbio() and Bio_do_connect() API's are IPv6 compatible? 2) If yes, then what am I missing here because of which I am getting error from Bio_do_connect() API? 3) If no, then how can I proceed further because I need to use API which are both (IPv6 as well as IPv4) compatible. What error are you getting? Have you tried exactly the same steps with an IPv4 socket to see if it is a problem with you code and/or not specific to IPv6? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Open SSL API's Support For IPv6.
Hi Nilotpal, I tried following things: 1) Made socket() system call with AF_INET6 family type. 2) Made connect() system call to get connected to destination address using the socket created above. 3) Then made call to Bio_new_socket() and passed the connected socket descriptor. 4) Thereafter made call to Bio_set_nbio() and Bio_do_connect() on the socket BIO, and this time I got error from the Bio_do_connect() call. Though I have added diags if Bio_new_socket() call gets failed. But those diags were not getting hit. So, I am assuming that step 1 to step 3 are working fine. Problem is coming at the time of Bio_do_connect(). Now the next questions which come in my mind are: 1) Bio_set_nbio() and Bio_do_connect() API's are IPv6 compatible? 2) If yes, then what am I missing here because of which I am getting error from Bio_do_connect() API? 3) If no, then how can I proceed further because I need to use API which are both (IPv6 as well as IPv4) compatible. Please suggest. Thanks Akanksha Shukla. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Nilotpal De Sent: Thursday, September 22, 2011 2:59 PM To: openssl-users@openssl.org Subject: Re: Open SSL API's Support For IPv6. Hi, You can try this once. Use socket library connect() to get the connected socket. Then use BIO_new_socket() and pass the connected socket descriptor. Then, on the socket BIO you can try BIO_set_nbio() and BIO_do_connect(). With regards, Nilotpal On Thu, Sep 22, 2011 at 2:15 PM, Akanksha Shukla akshu...@cisco.com wrote: Hi Wim, Thanks a lot for your reply. But I am still left with few queries: 1) From your reply, what I understood is that Bio_new_connect() doesn't support IPv6. But what about other two API's BIO_set_nbio() and BIO_do_connect() ??. Do these API's support IPv6? 2) Are there any OpenSSL API which can be used to work on both IPv4 as well as IPv6 so rather than using the legacy one which supports only IPv4. 3) Moreover my application is acting like a client server which will send request. So, I need such API's which has support over IPv6. Thanks Akanksha Shukla. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Wim Lewis Sent: Thursday, September 22, 2011 1:25 AM To: openssl-users@openssl.org Subject: Re: Open SSL API's Support For IPv6. On 21 Sep 2011, at 6:17 AM, Akanksha Shukla wrote: Currently we are using OpenSSL 0.9.8 version. I have question about few of the API's support for IPV6. 1) BIO_new_connect() [...] Queries : 1) Do the above mentioned API's support IPv6? I don't think so. BIO_new_connect() (and BIO_get_host_ip() which it calls) only deal in IPv4 addresses. As far as I know, though, you should be able to make an IPv6 socket connection yourself, pass it to BIO_new_socket(), and have it work. It's just the hostname/address lookup that is address-family specific. (Oddly, the server side of things (accept() etc.) seems to have been extended to support IPv6 already.) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- With regards, Nilotpal
RE: Open SSL API's Support For IPv6.
Hi Wim, Thanks a lot for your reply. But I am still left with few queries: 1) From your reply, what I understood is that Bio_new_connect() doesn't support IPv6. But what about other two API's BIO_set_nbio() and BIO_do_connect() ??. Do these API's support IPv6? 2) Are there any OpenSSL API which can be used to work on both IPv4 as well as IPv6 so rather than using the legacy one which supports only IPv4. 3) Moreover my application is acting like a client server which will send request. So, I need such API's which has support over IPv6. Thanks Akanksha Shukla. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Wim Lewis Sent: Thursday, September 22, 2011 1:25 AM To: openssl-users@openssl.org Subject: Re: Open SSL API's Support For IPv6. On 21 Sep 2011, at 6:17 AM, Akanksha Shukla wrote: Currently we are using OpenSSL 0.9.8 version. I have question about few of the API's support for IPV6. 1) BIO_new_connect() [...] Queries : 1) Do the above mentioned API's support IPv6? I don't think so. BIO_new_connect() (and BIO_get_host_ip() which it calls) only deal in IPv4 addresses. As far as I know, though, you should be able to make an IPv6 socket connection yourself, pass it to BIO_new_socket(), and have it work. It's just the hostname/address lookup that is address-family specific. (Oddly, the server side of things (accept() etc.) seems to have been extended to support IPv6 already.) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Open SSL API's Support For IPv6.
Hi, You can try this once. Use socket library connect() to get the connected socket. Then use BIO_new_socket() and pass the connected socket descriptor. Then, on the socket BIO you can try BIO_set_nbio() and BIO_do_connect(). With regards, Nilotpal On Thu, Sep 22, 2011 at 2:15 PM, Akanksha Shukla akshu...@cisco.com wrote: Hi Wim, Thanks a lot for your reply. But I am still left with few queries: 1) From your reply, what I understood is that Bio_new_connect() doesn't support IPv6. But what about other two API's BIO_set_nbio() and BIO_do_connect() ??. Do these API's support IPv6? 2) Are there any OpenSSL API which can be used to work on both IPv4 as well as IPv6 so rather than using the legacy one which supports only IPv4. 3) Moreover my application is acting like a client server which will send request. So, I need such API's which has support over IPv6. Thanks Akanksha Shukla. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Wim Lewis Sent: Thursday, September 22, 2011 1:25 AM To: openssl-users@openssl.org Subject: Re: Open SSL API's Support For IPv6. On 21 Sep 2011, at 6:17 AM, Akanksha Shukla wrote: Currently we are using OpenSSL 0.9.8 version. I have question about few of the API's support for IPV6. 1) BIO_new_connect() [...] Queries : 1) Do the above mentioned API's support IPv6? I don't think so. BIO_new_connect() (and BIO_get_host_ip() which it calls) only deal in IPv4 addresses. As far as I know, though, you should be able to make an IPv6 socket connection yourself, pass it to BIO_new_socket(), and have it work. It's just the hostname/address lookup that is address-family specific. (Oddly, the server side of things (accept() etc.) seems to have been extended to support IPv6 already.) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- With regards, Nilotpal
Re: Open SSL API's Support For IPv6.
On 21 Sep 2011, at 6:17 AM, Akanksha Shukla wrote: Currently we are using OpenSSL 0.9.8 version. I have question about few of the API's support for IPV6. 1) BIO_new_connect() [...] Queries : 1) Do the above mentioned API's support IPv6? I don't think so. BIO_new_connect() (and BIO_get_host_ip() which it calls) only deal in IPv4 addresses. As far as I know, though, you should be able to make an IPv6 socket connection yourself, pass it to BIO_new_socket(), and have it work. It's just the hostname/address lookup that is address-family specific. (Oddly, the server side of things (accept() etc.) seems to have been extended to support IPv6 already.) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
