Hi all,
I am having some serious problems with a application I wrote using OpenSSL
(0.9.5) as the communication device. This application currently sits on
300+ servers located around the world (almost none of which do I have access
to). Up until yesterday, everything was working great... then yesterday we
had to renumber our external ip addresses (our isp changed our ip's). Since
the change was made, the applications that were already running ceased to
communicate with our central server - they do not seem to be picking up the
DNS changes.
When the application starts up, it creates an SLLConnection object (see
below) for the lifetime of the application). Then every 15 minutes it
reports data back to our central processing server. The DNS changes have
been properly propogated: for example, we restarted the application on one
of the servers and it begin sending information to the new ip address.
Unfortunately, we do not have access to all these machines and cannot
restart the application.
I have verified that the application still continues to send data to the old
ip address... our ISP is in the same building and late last night a tech
was nice enough to let us plug a box into our old ip address and forward the
traffic to our new ip address - providing a temporary solution (for about 1
day until our ISP gives up the ip block we used to be in).
So I've included the object wrapper I wrote for the OpenSSL library. One
instance of this object is created when the application starts, then the
application simply calls sendMessage() every 15 min.
(Any constructive criticism of this object is welcome, however I am
currently most interested in if anyone knows why the OpenSSL library is not
picking up the DNS changes.)
Thanks in advance
Jeff
SSLConnection.h
#ifndef SSL_CONNECTION_H
#define SSL_CONNECTION_H
#include <string>
typedef struct ssl_ctx_st SSL_CTX;
class SSLConnection {
public:
SSLConnection();
~SSLConnection();
void sendMessage(const std::string & toHost,
const std::string & toPort,
const std::string & message,
std::string & response);
private:
SSL_CTX * m_pSSL_CTX;
};
#endif
SSLConnection.cpp
#include "SSLConnection.h"
#include <openssl/ssl.h>
#include <openssl/rand.h>
#include <openssl/err.h>
class AutoBIOFree {
public:
AutoBIOFree(BIO * in) : bio(in) {}
~AutoBIOFree() { BIO_free_all(bio); }
private:
BIO * bio;
};
MCAuditorSSLConnection::MCAuditorSSLConnection()
: m_pSSL_CTX(NULL) {
SSL_load_error_strings();
SSL_library_init();
// seed the random number generator
long hibits = rand();
long lowbits = rand();
char random[64];
memcpy(random, (void*)&hibits, sizeof(long));
memcpy(random+sizeof(long), (void*)&lowbits, sizeof(long));
RAND_seed( (const void *) &random, 64);
m_pSSL_CTX = SSL_CTX_new(SSLv23_client_method());
if(NULL == m_pSSL_CTX) {
throw std::exception("Unable to create new SSLv23_client_method
object");
}
}
MCAuditorSSLConnection::~MCAuditorSSLConnection() {
if(NULL != m_pSSL_CTX) {
SSL_CTX_free(m_pSSL_CTX);
m_pSSL_CTX = NULL;
}
RAND_cleanup();
}
void MCAuditorSSLConnection::sendMessage(const std::string & toHost,
const std::string & toPort,
const std::string & message,
std::string & response) {
BIO * bio = BIO_new_ssl_connect(m_pSSL_CTX);
AutoBIOFree autoBIOFreeSSLConnection(bio);
std::string hostName(toHost + ":" + toPort);
BIO_set_conn_hostname(bio, hostName.c_str());
int success = BIO_set_nbio(bio, 0);
if(success < 0) {
throw std::exception("Could not set blocking io for SSL
communication.");
}
success = BIO_write(bio, (char *)message.data(), message.length());
if(success <= 0) {
throw std::exception("Error sending data to " + hostName);
}
char readBuffer[64];
int charsRead = BIO_read(bio, readBuffer, sizeof(readBuffer)-1);
// Check for error in the read
if(0 > charsRead) {
throw std::exception("Error reading reply.");
}
// Return the response
readBuffer[charsRead] = '\0';
response = readBuffer;
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
