RE: How to determine if a ssl object is using a DTLS method?
Use getsockopt(SO_TYPE) on the underlying socket? -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of John Lane Schultz Sent: Monday, November 24, 2014 1:05 PM To: openssl-users@openssl.org Subject: How to determine if a ssl object is using a DTLS method? Hi all, I wrote generic wrappers for handling both TLS + DTLS accept and connect logic in a non-blocking manner. My problem is that with DTLS (but not TLS) ssl objects I need to set my own timers for implementing reliability of msgs by calling, for example, DTLSv1_get_timeout and DTLSv1_handle_timeout. (TCP handles this for TLS automatically) Therefore, I need to check if the ssl on which I’m operating is a DTLS or a TLS ssl object. Is there an easy and good way to do this? I can do a brute force method of calling SSL_get_ssl_method and then checking it against all the methods I know (e.g. - DTLSv1_method(), DTLSv1_client_method(), DTLSv1_server_method, etc.) but that seems ugly and fragile, especially as more methods are added in the future. Can anyone suggest a better way to figure out if I need to do special DTLS handling on a ssl object or not? Cheers! - John Lane Schultz Spread Concepts LLC Cell: 443 838 2200 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to determine if a ssl object is using a DTLS method?
Thanks! That will work.
A system call is pretty heavy weight though, is there a cheaper OpenSSL way of
determining the same?
Cheers!
-
John Lane Schultz
Spread Concepts LLC
Cell: 443 838 2200
On Nov 24, 2014, at 4:23 PM, Scott Neugroschl scot...@xypro.com wrote:
Use getsockopt(SO_TYPE) on the underlying socket?
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of John Lane Schultz
Sent: Monday, November 24, 2014 1:05 PM
To: openssl-users@openssl.org
Subject: How to determine if a ssl object is using a DTLS method?
Hi all,
I wrote generic wrappers for handling both TLS + DTLS accept and connect logic
in a non-blocking manner.
My problem is that with DTLS (but not TLS) ssl objects I need to set my own
timers for implementing reliability of msgs by calling, for example,
DTLSv1_get_timeout and DTLSv1_handle_timeout. (TCP handles this for TLS
automatically)
Therefore, I need to check if the ssl on which Iâm operating is a DTLS or a
TLS ssl object. Is there an easy and good way to do this?
I can do a brute force method of calling SSL_get_ssl_method and then checking
it against all the methods I know (e.g. - DTLSv1_method(),
DTLSv1_client_method(), DTLSv1_server_method, etc.) but that seems ugly and
fragile, especially as more methods are added in the future.
Can anyone suggest a better way to figure out if I need to do special DTLS
handling on a ssl object or not?
Cheers!
-
John Lane Schultz
Spread Concepts LLC
Cell: 443 838 2200
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
:§IÏŪÞrØmķĸÃ
(ĨéėēZ+K
+ĐĶí1ĻĨx
ËhĨéėē[Žzŧ(ĨéėēZ+
ĒfyŌâēÓĻ
ŪfĢĒ·h)z{,ā
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: How to determine if a ssl object is using a DTLS method?
On Mon, Nov 24, 2014, John Lane Schultz wrote: Thanks! That will work. A system call is pretty heavy weight though, is there a cheaper OpenSSL way of determining the same? Well getting the version number is one way but you have to check more than one version if it can use the broken version number of for OpenSSL 1.0.2 (it supports DTLS 1.2 as well). A similar way to that already suggested is to check the type of BIO used. If it is a datagram BIO it's DTLS, if socket TLS but that avoids any system calls. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to determine if a ssl object is using a DTLS method?
Thank you, that worked just fine:
int is_dtls(SSL *ssl)
{
return NULL != BIO_find_type(SSL_get_rbio(ssl), BIO_TYPE_DGRAM);
}
Cheers!
-
John Lane Schultz
Spread Concepts LLC
Cell: 443 838 2200
On Nov 24, 2014, at 8:04 PM, Dr. Stephen Henson st...@openssl.org wrote:
On Mon, Nov 24, 2014, John Lane Schultz wrote:
Thanks! That will work.
A system call is pretty heavy weight though, is there a cheaper OpenSSL way
of determining the same?
Well getting the version number is one way but you have to check more than one
version if it can use the broken version number of for OpenSSL 1.0.2
(it supports DTLS 1.2 as well).
A similar way to that already suggested is to check the type of BIO used. If
it is a datagram BIO it's DTLS, if socket TLS but that avoids any system
calls.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
