RE: How to determine if a ssl object is using a DTLS method?
Use getsockopt(SO_TYPE) on the underlying socket? -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of John Lane Schultz Sent: Monday, November 24, 2014 1:05 PM To: openssl-users@openssl.org Subject: How to determine if a ssl object is using a DTLS method? Hi all, I wrote generic wrappers for handling both TLS + DTLS accept and connect logic in a non-blocking manner. My problem is that with DTLS (but not TLS) ssl objects I need to set my own timers for implementing reliability of msgs by calling, for example, DTLSv1_get_timeout and DTLSv1_handle_timeout. (TCP handles this for TLS automatically) Therefore, I need to check if the ssl on which I’m operating is a DTLS or a TLS ssl object. Is there an easy and good way to do this? I can do a brute force method of calling SSL_get_ssl_method and then checking it against all the methods I know (e.g. - DTLSv1_method(), DTLSv1_client_method(), DTLSv1_server_method, etc.) but that seems ugly and fragile, especially as more methods are added in the future. Can anyone suggest a better way to figure out if I need to do special DTLS handling on a ssl object or not? Cheers! - John Lane Schultz Spread Concepts LLC Cell: 443 838 2200 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to determine if a ssl object is using a DTLS method?
Thanks! That will work. A system call is pretty heavy weight though, is there a cheaper OpenSSL way of determining the same? Cheers! - John Lane Schultz Spread Concepts LLC Cell: 443 838 2200 On Nov 24, 2014, at 4:23 PM, Scott Neugroschl scot...@xypro.com wrote: Use getsockopt(SO_TYPE) on the underlying socket? -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of John Lane Schultz Sent: Monday, November 24, 2014 1:05 PM To: openssl-users@openssl.org Subject: How to determine if a ssl object is using a DTLS method? Hi all, I wrote generic wrappers for handling both TLS + DTLS accept and connect logic in a non-blocking manner. My problem is that with DTLS (but not TLS) ssl objects I need to set my own timers for implementing reliability of msgs by calling, for example, DTLSv1_get_timeout and DTLSv1_handle_timeout. (TCP handles this for TLS automatically) Therefore, I need to check if the ssl on which Iâm operating is a DTLS or a TLS ssl object. Is there an easy and good way to do this? I can do a brute force method of calling SSL_get_ssl_method and then checking it against all the methods I know (e.g. - DTLSv1_method(), DTLSv1_client_method(), DTLSv1_server_method, etc.) but that seems ugly and fragile, especially as more methods are added in the future. Can anyone suggest a better way to figure out if I need to do special DTLS handling on a ssl object or not? Cheers! - John Lane Schultz Spread Concepts LLC Cell: 443 838 2200 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org :§IÏŪÞrØmķĸÃ (ĨéėēZ+K+ĐĶí1ĻĨxËhĨéėē[Žzŧ(ĨéėēZ+ĒfyŌâēÓĻŪfĢĒ·h)z{,ā __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to determine if a ssl object is using a DTLS method?
On Mon, Nov 24, 2014, John Lane Schultz wrote: Thanks! That will work. A system call is pretty heavy weight though, is there a cheaper OpenSSL way of determining the same? Well getting the version number is one way but you have to check more than one version if it can use the broken version number of for OpenSSL 1.0.2 (it supports DTLS 1.2 as well). A similar way to that already suggested is to check the type of BIO used. If it is a datagram BIO it's DTLS, if socket TLS but that avoids any system calls. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to determine if a ssl object is using a DTLS method?
Thank you, that worked just fine: int is_dtls(SSL *ssl) { return NULL != BIO_find_type(SSL_get_rbio(ssl), BIO_TYPE_DGRAM); } Cheers! - John Lane Schultz Spread Concepts LLC Cell: 443 838 2200 On Nov 24, 2014, at 8:04 PM, Dr. Stephen Henson st...@openssl.org wrote: On Mon, Nov 24, 2014, John Lane Schultz wrote: Thanks! That will work. A system call is pretty heavy weight though, is there a cheaper OpenSSL way of determining the same? Well getting the version number is one way but you have to check more than one version if it can use the broken version number of for OpenSSL 1.0.2 (it supports DTLS 1.2 as well). A similar way to that already suggested is to check the type of BIO used. If it is a datagram BIO it's DTLS, if socket TLS but that avoids any system calls. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org