subject:"Running SSL on own socket code"

Re: Running SSL on own socket code

2011-06-03 Thread Jeff Saremi

Yes it was as straightforward as you mentioned.
Thanks to those who responded.
jeff

On 11-06-02 05:47 AM, Neo Liu wrote:

On Wed, Jun 1, 2011 at 10:22 PM, Victor Duchovni
victor.ducho...@morganstanley.com
mailto:victor.ducho...@morganstanley.com wrote:

On Tue, May 31, 2011 at 09:05:29AM -0400, Jeff Saremi wrote:

I'd like to know the feasibility or complexity around using my own
socket code with OpenSSL's ssl code. If I provide OpenSSL with a
pair of
BIOs to read and write would that be sufficient? How tightly
integrated
the code is with bio_connect and bio_socket? thanks
jeff

man BIO_new_bio_pair

Look at the example.

As Victor pointed that you can use BIO pair to handle data transmission
and separate data transmission procedure from SSL handshake and
encrypt/decrypt procedure.
Using BIO pair, the SSL structure only handle the data in SSL Record
layer but not any lower layer.

--
Viktor.
__
OpenSSL Project
http://www.openssl.org

http://console.mxlogic.com/redir/?nS6mkQm4PrapEVssoo76M0llLxix_00jt-psLuZXTLsTsTkN3UBWHv2B3OXtfzg5lm-5a7Y01dKc9zzqbdNRXL8Kf6Sm3obZ8Qg0JK49g8Cy0o60Gq8aMd45j43h1iJyLPd45GEurDUvf5zZB0SyrhdIFCzBNNdNwSXjFrmHp
User Support Mailing List
openssl-users@openssl.org mailto:openssl-users@openssl.org
Automated List Manager
majord...@openssl.org mailto:majord...@openssl.org

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org

Re: Running SSL on own socket code

2011-06-02 Thread Neo Liu

On Wed, Jun 1, 2011 at 10:22 PM, Victor Duchovni 
victor.ducho...@morganstanley.com wrote:

 On Tue, May 31, 2011 at 09:05:29AM -0400, Jeff Saremi wrote:

  I'd like to know the feasibility or complexity around using my own
  socket code with OpenSSL's ssl code. If I provide OpenSSL with a pair of
  BIOs to read and write would that be sufficient? How tightly integrated
  the code is with bio_connect and bio_socket? thanks
  jeff

 man BIO_new_bio_pair

 Look at the example.


As Victor pointed that you can use BIO pair to handle data transmission and
separate data transmission procedure from SSL handshake and encrypt/decrypt
procedure.
Using BIO pair, the SSL structure only handle the data in SSL Record layer
but not any lower layer.

--
Viktor.
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   majord...@openssl.org

Running SSL on own socket code

2011-06-01 Thread Jeff Saremi

I'd like to know the feasibility or complexity around using my own
socket code with OpenSSL's ssl code. If I provide OpenSSL with a pair of
BIOs to read and write would that be sufficient? How tightly integrated
the code is with bio_connect and bio_socket? thanks
jeff
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Running SSL on own socket code

2011-06-01 Thread Victor Duchovni

On Tue, May 31, 2011 at 09:05:29AM -0400, Jeff Saremi wrote:

 I'd like to know the feasibility or complexity around using my own
 socket code with OpenSSL's ssl code. If I provide OpenSSL with a pair of
 BIOs to read and write would that be sufficient? How tightly integrated
 the code is with bio_connect and bio_socket? thanks
 jeff

man BIO_new_bio_pair

Look at the example.

-- 
Viktor.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Running SSL on own socket code

2011-06-01 Thread Eric S. Eberhard

The way I do things like this is to slightly modify OpenSSL (and keep 
track of the mods!)


1) Hunt down the socket code
2) Set a new variable, a pointer to a function (for each function you 
replace)  (fptr in my example)

3) rename the routine to release_function
4) make a new function() which has the exact same args and a few lines of code
int function()
{
If (!fptr)
fptr = (int(*)())(release_function);
return(*ftpr());
}

In my code I put in the initialization routine:
extern  int (*fptr)();
fptr = (int(*)())(my_function);

Note that is pseudo code and needs fleshing out.

This is because often these functions are VERY tightly coupled 
including handshaking and things I don't really understand -- so I 
replace a low-level routine I do understand.  And with new releases 
it only takes moments to re-do the 3-4 functions I do this with.  It 
means that the OpenSSL code will still work as intended in all cases 
except where you chose to override.


Using function pointers does have weird/odd/goofy syntax but works 
well.  I primarily use this to override error logging as I have my 
own logging functions and I need to use syslog() for the version 1.2 
PCI/PA-DSS compliance.  I have also replaced low-level TCP code on occasion.


In fact I would argue that all the logging functions should be 
released with this capability built in as that is one area I think a 
lot of people would like to customize, and if there is any interest I 
will modify the code and send it through channels to be 
included.  Error handling is tightly coupled -- everywhere -- in the 
code, so my system makes using my own logging very easy.


Eric










At 07:22 AM 6/1/2011, Victor Duchovni wrote:

On Tue, May 31, 2011 at 09:05:29AM -0400, Jeff Saremi wrote:

 I'd like to know the feasibility or complexity around using my own
 socket code with OpenSSL's ssl code. If I provide OpenSSL with a pair of
 BIOs to read and write would that be sufficient? How tightly integrated
 the code is with bio_connect and bio_socket? thanks
 jeff

man BIO_new_bio_pair

Look at the example.

--
Viktor.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org



Eric S. Eberhard
(928) 567-3727  Voice
(928) 567-6122  Fax
(928) 301-7537   Cell

Vertical Integrated Computer Systems, LLC
Metropolis Support, LLC

For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com

Pictures of Snake in Spring

http://www.facebook.com/album.php?aid=115547id=1409661701l=1c375e1f49

Pictures of Camp Verde

http://www.facebook.com/album.php?aid=12771id=1409661701l=fc0e0a2bcf

Pictures of Land Cruiser in Sedona

http://www.facebook.com/album.php?aid=50953id=1409661701

Pictures of Flagstaff area near our cabin

http://www.facebook.com/album.php?aid=12750id=1409661701

Pictures of Cheryl in a Horse Show

http://www.facebook.com/album.php?aid=32484id=1409661701


Pictures of the AZ Desert

http://www.facebook.com/album.php?aid=58827id=1409661701

(You can see why we love this state :-) )








__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Running SSL on own socket code

2011-06-01 Thread Victor Duchovni

On Wed, Jun 01, 2011 at 10:56:47AM -0700, Eric S. Eberhard wrote:

 The way I do things like this is to slightly modify OpenSSL (and keep track 
 of the mods!)

Completely unnecessary, OpenSSL supports custom I/O layers via BIO pairs.

-- 
Viktor.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Running SSL on own socket code

2011-06-01 Thread Eric S. Eberhard

Depends exactly what the person wants to do and also if he wants to 
use existing code and if he is familiar with the bio pairs.  My point 
was not specific to his needs as there was not a lot of detail, only 
that making changes to the code is better and easier when you 
override functions -- such as I must do with the error handling (and 
anyone else writing PCI compliant code BTW  -- MUST MUST -- do).  In 
the old days I was stupid and inserted my code in to open source code 
... making updates a nightmare.  This externalizes changes and makes 
updates a cinch. Eric


At 11:09 AM 6/1/2011, Victor Duchovni wrote:

On Wed, Jun 01, 2011 at 10:56:47AM -0700, Eric S. Eberhard wrote:

 The way I do things like this is to slightly modify OpenSSL (and 
keep track

 of the mods!)

Completely unnecessary, OpenSSL supports custom I/O layers via BIO pairs.

--
Viktor.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org



Eric S. Eberhard
(928) 567-3727  Voice
(928) 567-6122  Fax
(928) 301-7537   Cell

Vertical Integrated Computer Systems, LLC
Metropolis Support, LLC

For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com

Pictures of Snake in Spring

http://www.facebook.com/album.php?aid=115547id=1409661701l=1c375e1f49

Pictures of Camp Verde

http://www.facebook.com/album.php?aid=12771id=1409661701l=fc0e0a2bcf

Pictures of Land Cruiser in Sedona

http://www.facebook.com/album.php?aid=50953id=1409661701

Pictures of Flagstaff area near our cabin

http://www.facebook.com/album.php?aid=12750id=1409661701

Pictures of Cheryl in a Horse Show

http://www.facebook.com/album.php?aid=32484id=1409661701


Pictures of the AZ Desert

http://www.facebook.com/album.php?aid=58827id=1409661701

(You can see why we love this state :-) )








__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Running SSL on own socket code

Re: Running SSL on own socket code

Running SSL on own socket code

Re: Running SSL on own socket code

Re: Running SSL on own socket code

Re: Running SSL on own socket code

Re: Running SSL on own socket code

7 matches

Site Navigation

Mail list logo

Footer information