Re: [openssl.org #3343] [PATCH] implements name contraint for IP Address
Thanks Matt. Em 23/05/2014 19:36, Matt Caswell via RT r...@openssl.org escreveu: Hi Luiz Thanks for the patch. I've reviewed it and it looks good. With regards to your comments around X509_V_ERR_PERMITTED_VIOLATION vs X509_V_ERR_UNSUPPORTED_NAME_SYNTAX, I think you did it right. Therefore: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=dd36fce023a64d90058b8fefbd95dadaca98f9ca Many thanks for your contribution. Matt
Re: [openssl.org #3343] [PATCH] implements name contraint for IP Address
Thanks Matt. Em 23/05/2014 19:36, Matt Caswell via RT r...@openssl.org escreveu: Hi Luiz Thanks for the patch. I've reviewed it and it looks good. With regards to your comments around X509_V_ERR_PERMITTED_VIOLATION vs X509_V_ERR_UNSUPPORTED_NAME_SYNTAX, I think you did it right. Therefore: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=dd36fce023a64d90058b8fefbd95dadaca98f9ca Many thanks for your contribution. Matt __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3365] Wrong parameter types in SSL_set_msg_callback[_arg] man page
SSL_CTX_set_msg_callback.pod lists the first parameter to the SSL_set_msg_callback[_arg] functions as type SSL_CTX * when they are, in fact, SSL *. Geoff - Geoff Lowe Principal Engineer McAfee, Inc. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #2578] s_client bind ip
Hello,
This patch implements request for ticket 2578. I've also created pull
request in github that you can find here:
https://github.com/openssl/openssl/pull/108
Kris
From 853496476dd838958f438bd66df5725d3075de8e Mon Sep 17 00:00:00 2001
From: flowher krzys...@leeds.pl
Date: Wed, 14 May 2014 22:25:39 +0200
Subject: [PATCH 1/3] Possibility to bind to specific local IP in s_client
---
apps/s_apps.h | 2 +-
apps/s_client.c | 9 -
apps/s_socket.c | 23 ---
crypto/objects/obj_xref.h | 2 +-
4 files changed, 30 insertions(+), 6 deletions(-)
diff --git a/apps/s_apps.h b/apps/s_apps.h
index 9d16e45..55225fa 100644
--- a/apps/s_apps.h
+++ b/apps/s_apps.h
@@ -168,7 +168,7 @@ int ssl_print_point_formats(BIO *out, SSL *s);
int ssl_print_curves(BIO *out, SSL *s, int noshared);
#endif
int ssl_print_tmp_key(BIO *out, SSL *s);
-int init_client(int *sock, const char *server, int port, int type);
+int init_client(int *sock, char *server, int port, int type, char* localip);
#ifndef NO_SYS_UN_H
int init_client_unix(int *sock, const char *server);
#endif
diff --git a/apps/s_client.c b/apps/s_client.c
index eee0e2e..da41854 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -324,6 +324,7 @@ static void sc_usage(void)
BIO_printf(bio_err, -host host - use -connect instead\n);
BIO_printf(bio_err, -port port - use -connect instead\n);
BIO_printf(bio_err, -connect host:port - connect over TCP/IP (default
is %s:%s)\n,SSL_HOST_NAME,PORT_STR);
+ BIO_printf(bio_err, -localip arg - specify local address to use\n);
BIO_printf(bio_err, -unix path- connect over unix domain
sockets\n);
BIO_printf(bio_err, -verify arg - turn on peer certificate
verification\n);
BIO_printf(bio_err, -cert arg - certificate file to use, PEM
format assumed\n);
@@ -628,6 +629,7 @@ int MAIN(int argc, char **argv)
short port=PORT;
int full_log=1;
char *host=SSL_HOST_NAME;
+ char *localip=NULL;
const char *unix_path = NULL;
char *xmpphost = NULL;
char *cert_file=NULL,*key_file=NULL,*chain_file=NULL;
@@ -762,6 +764,11 @@ static char *jpake_secret = NULL;
if (!extract_host_port(*(++argv),host,NULL,port))
goto bad;
}
+ else if (strcmp(*argv,-localip) == 0)
+ {
+ if (--argc 1) goto bad;
+ localip=*(++argv);
+ }
else if (strcmp(*argv,-unix) == 0)
{
if (--argc 1) goto bad;
@@ -1511,7 +1518,7 @@ bad:
re_start:
- if ((!unix_path (init_client(s,host,port,socket_type) == 0)) ||
+ if ((!unix_path (init_client(s,host,port,socket_type,localip) ==
0)) ||
(unix_path (init_client_unix(s,unix_path) == 0)))
{
BIO_printf(bio_err,connect:errno=%d\n,get_last_socket_error());
diff --git a/apps/s_socket.c b/apps/s_socket.c
index e83baf4..8fe6967 100644
--- a/apps/s_socket.c
+++ b/apps/s_socket.c
@@ -97,7 +97,7 @@ static void ssl_sock_cleanup(void);
#endif
static int ssl_sock_init(void);
static int init_client_ip(int *sock, const unsigned char ip[4], int port,
- int type);
+ int type, char* localip);
static int init_server(int *sock, int port, int type);
static int init_server_long(int *sock, int port,char *ip, int type);
static int do_accept(int acc_sock, int *sock, char **host);
@@ -233,14 +233,14 @@ static int ssl_sock_init(void)
return(1);
}
-int init_client(int *sock, const char *host, int port, int type)
+int init_client(int *sock, const char *host, int port, int type, char *localip)
{
unsigned char ip[4];
ip[0] = ip[1] = ip[2] = ip[3] = 0;
if (!host_ip(host,(ip[0])))
return 0;
- return init_client_ip(sock,ip,port,type);
+ return init_client_ip(sock,ip,port,type,localip);
}
static int init_client_ip(int *sock, const unsigned char ip[4], int port,
@@ -277,7 +277,24 @@ static int init_client_ip(int *sock, const unsigned char
ip[4], int port,
if (i 0) { closesocket(s); perror(keepalive); return(0); }
}
#endif
+ if(NULL!=localip)
+ {
+ struct sockaddr_in me;
+ memset((char*)me,0,sizeof(me));
+ me.sin_family = AF_INET;
+ /* inet_addr because it seems to be more portable than
inet_aton */
+ me.sin_addr.s_addr = inet_addr(localip);
+ if( me.sin_addr.s_addr == INADDR_NONE )
+ {
+ BIO_printf(bio_err,Wrong format of local IP address:
%s\n,localip);
+ closesocket(s);
+ perror(inet_addr);
+
Re: [openssl.org #2578] s_client bind ip
Hello,
This patch implements request for ticket 2578. I've also created pull
request in github that you can find here:
https://github.com/openssl/openssl/pull/108
Kris
From 853496476dd838958f438bd66df5725d3075de8e Mon Sep 17 00:00:00 2001
From: flowher krzys...@leeds.pl
Date: Wed, 14 May 2014 22:25:39 +0200
Subject: [PATCH 1/3] Possibility to bind to specific local IP in s_client
---
apps/s_apps.h | 2 +-
apps/s_client.c | 9 -
apps/s_socket.c | 23 ---
crypto/objects/obj_xref.h | 2 +-
4 files changed, 30 insertions(+), 6 deletions(-)
diff --git a/apps/s_apps.h b/apps/s_apps.h
index 9d16e45..55225fa 100644
--- a/apps/s_apps.h
+++ b/apps/s_apps.h
@@ -168,7 +168,7 @@ int ssl_print_point_formats(BIO *out, SSL *s);
int ssl_print_curves(BIO *out, SSL *s, int noshared);
#endif
int ssl_print_tmp_key(BIO *out, SSL *s);
-int init_client(int *sock, const char *server, int port, int type);
+int init_client(int *sock, char *server, int port, int type, char* localip);
#ifndef NO_SYS_UN_H
int init_client_unix(int *sock, const char *server);
#endif
diff --git a/apps/s_client.c b/apps/s_client.c
index eee0e2e..da41854 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -324,6 +324,7 @@ static void sc_usage(void)
BIO_printf(bio_err, -host host - use -connect instead\n);
BIO_printf(bio_err, -port port - use -connect instead\n);
BIO_printf(bio_err, -connect host:port - connect over TCP/IP (default
is %s:%s)\n,SSL_HOST_NAME,PORT_STR);
+ BIO_printf(bio_err, -localip arg - specify local address to use\n);
BIO_printf(bio_err, -unix path- connect over unix domain
sockets\n);
BIO_printf(bio_err, -verify arg - turn on peer certificate
verification\n);
BIO_printf(bio_err, -cert arg - certificate file to use, PEM
format assumed\n);
@@ -628,6 +629,7 @@ int MAIN(int argc, char **argv)
short port=PORT;
int full_log=1;
char *host=SSL_HOST_NAME;
+ char *localip=NULL;
const char *unix_path = NULL;
char *xmpphost = NULL;
char *cert_file=NULL,*key_file=NULL,*chain_file=NULL;
@@ -762,6 +764,11 @@ static char *jpake_secret = NULL;
if (!extract_host_port(*(++argv),host,NULL,port))
goto bad;
}
+ else if (strcmp(*argv,-localip) == 0)
+ {
+ if (--argc 1) goto bad;
+ localip=*(++argv);
+ }
else if (strcmp(*argv,-unix) == 0)
{
if (--argc 1) goto bad;
@@ -1511,7 +1518,7 @@ bad:
re_start:
- if ((!unix_path (init_client(s,host,port,socket_type) == 0)) ||
+ if ((!unix_path (init_client(s,host,port,socket_type,localip) ==
0)) ||
(unix_path (init_client_unix(s,unix_path) == 0)))
{
BIO_printf(bio_err,connect:errno=%d\n,get_last_socket_error());
diff --git a/apps/s_socket.c b/apps/s_socket.c
index e83baf4..8fe6967 100644
--- a/apps/s_socket.c
+++ b/apps/s_socket.c
@@ -97,7 +97,7 @@ static void ssl_sock_cleanup(void);
#endif
static int ssl_sock_init(void);
static int init_client_ip(int *sock, const unsigned char ip[4], int port,
- int type);
+ int type, char* localip);
static int init_server(int *sock, int port, int type);
static int init_server_long(int *sock, int port,char *ip, int type);
static int do_accept(int acc_sock, int *sock, char **host);
@@ -233,14 +233,14 @@ static int ssl_sock_init(void)
return(1);
}
-int init_client(int *sock, const char *host, int port, int type)
+int init_client(int *sock, const char *host, int port, int type, char *localip)
{
unsigned char ip[4];
ip[0] = ip[1] = ip[2] = ip[3] = 0;
if (!host_ip(host,(ip[0])))
return 0;
- return init_client_ip(sock,ip,port,type);
+ return init_client_ip(sock,ip,port,type,localip);
}
static int init_client_ip(int *sock, const unsigned char ip[4], int port,
@@ -277,7 +277,24 @@ static int init_client_ip(int *sock, const unsigned char
ip[4], int port,
if (i 0) { closesocket(s); perror(keepalive); return(0); }
}
#endif
+ if(NULL!=localip)
+ {
+ struct sockaddr_in me;
+ memset((char*)me,0,sizeof(me));
+ me.sin_family = AF_INET;
+ /* inet_addr because it seems to be more portable than
inet_aton */
+ me.sin_addr.s_addr = inet_addr(localip);
+ if( me.sin_addr.s_addr == INADDR_NONE )
+ {
+ BIO_printf(bio_err,Wrong format of local IP address:
%s\n,localip);
+ closesocket(s);
+ perror(inet_addr);
+
Re: [openssl.org #2578] s_client bind ip
On Sat, May 24, 2014 at 03:06:51PM +0200, Krzysztof Kwiatkowski via RT wrote: Hello, This patch implements request for ticket 2578. I've also created pull request in github that you can find here: https://github.com/openssl/openssl/pull/108 Thanks. Shouldn't this also support IPv6? -- Viktor. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3360] Error building openssl with TLS_DEBUG
Fixed. http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=955376fde3c60999b27deeebb41d82ad17dca3da Thanks for the report. Matt __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #2578] s_client bind ip
On 24/05/2014 11:06 PM, Krzysztof Kwiatkowski via RT wrote: Hello, This patch implements request for ticket 2578. I've also created pull request in github that you can find here: https://github.com/openssl/openssl/pull/108 Why is there a crypto/objects/obj_xref.h change mixed in with this patch? It does not belong there. Thanks, Tim. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
