--redirected to -users
I think that is how it should work. I see no reason why another DNS lookup
should be made after the first one. I assume that a gethostbyname() is
called once.
BTW, you random seeding is totally insecure, but you probably already know
that.
====================
Greg Stark
[EMAIL PROTECTED]
====================
----- Original Message -----
From: "Jeff Ostrin" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, August 28, 2001 1:32 PM
Subject: IP renaming problem...
> Hi all,
>
> I am having some serious problems with a application I wrote using OpenSSL
> (0.9.5) as the communication device. This application currently sits on
> 300+ servers located around the world (almost none of which do I have
access
> to). Up until yesterday, everything was working great... then yesterday
we
> had to renumber our external ip addresses (our isp changed our ip's).
Since
> the change was made, the applications that were already running ceased to
> communicate with our central server - they do not seem to be picking up
the
> DNS changes.
>
> When the application starts up, it creates an SLLConnection object (see
> below) for the lifetime of the application). Then every 15 minutes it
> reports data back to our central processing server. The DNS changes have
> been properly propogated: for example, we restarted the application on one
> of the servers and it begin sending information to the new ip address.
> Unfortunately, we do not have access to all these machines and cannot
> restart the application.
>
> I have verified that the application still continues to send data to the
old
> ip address... our ISP is in the same building and late last night a tech
> was nice enough to let us plug a box into our old ip address and forward
the
> traffic to our new ip address - providing a temporary solution (for about
1
> day until our ISP gives up the ip block we used to be in).
>
> So I've included the object wrapper I wrote for the OpenSSL library. One
> instance of this object is created when the application starts, then the
> application simply calls sendMessage() every 15 min.
>
> (Any constructive criticism of this object is welcome, however I am
> currently most interested in if anyone knows why the OpenSSL library is
not
> picking up the DNS changes.)
>
> Thanks in advance
> Jeff
>
>
> SSLConnection.h
>
> #ifndef SSL_CONNECTION_H
> #define SSL_CONNECTION_H
>
> #include <string>
> typedef struct ssl_ctx_st SSL_CTX;
>
> class SSLConnection {
>
> public:
> SSLConnection();
> ~SSLConnection();
>
> void sendMessage(const std::string & toHost,
> const std::string & toPort,
> const std::string & message,
> std::string & response);
>
> private:
> SSL_CTX * m_pSSL_CTX;
> };
>
> #endif
>
>
> SSLConnection.cpp
>
> #include "SSLConnection.h"
> #include <openssl/ssl.h>
> #include <openssl/rand.h>
> #include <openssl/err.h>
>
> class AutoBIOFree {
> public:
> AutoBIOFree(BIO * in) : bio(in) {}
> ~AutoBIOFree() { BIO_free_all(bio); }
> private:
> BIO * bio;
> };
>
> MCAuditorSSLConnection::MCAuditorSSLConnection()
> : m_pSSL_CTX(NULL) {
>
> SSL_load_error_strings();
> SSL_library_init();
>
> // seed the random number generator
> long hibits = rand();
> long lowbits = rand();
> char random[64];
> memcpy(random, (void*)&hibits, sizeof(long));
> memcpy(random+sizeof(long), (void*)&lowbits, sizeof(long));
> RAND_seed( (const void *) &random, 64);
>
> m_pSSL_CTX = SSL_CTX_new(SSLv23_client_method());
> if(NULL == m_pSSL_CTX) {
> throw std::exception("Unable to create new SSLv23_client_method
> object");
> }
> }
>
> MCAuditorSSLConnection::~MCAuditorSSLConnection() {
>
> if(NULL != m_pSSL_CTX) {
> SSL_CTX_free(m_pSSL_CTX);
> m_pSSL_CTX = NULL;
> }
>
> RAND_cleanup();
> }
>
> void MCAuditorSSLConnection::sendMessage(const std::string & toHost,
> const std::string & toPort,
> const std::string & message,
> std::string & response) {
>
> BIO * bio = BIO_new_ssl_connect(m_pSSL_CTX);
> AutoBIOFree autoBIOFreeSSLConnection(bio);
>
> std::string hostName(toHost + ":" + toPort);
> BIO_set_conn_hostname(bio, hostName.c_str());
>
> int success = BIO_set_nbio(bio, 0);
> if(success < 0) {
> throw std::exception("Could not set blocking io for SSL
> communication.");
> }
>
> success = BIO_write(bio, (char *)message.data(), message.length());
> if(success <= 0) {
> throw std::exception("Error sending data to " + hostName);
> }
>
> char readBuffer[64];
> int charsRead = BIO_read(bio, readBuffer, sizeof(readBuffer)-1);
>
> // Check for error in the read
> if(0 > charsRead) {
> throw std::exception("Error reading reply.");
> }
>
> // Return the response
> readBuffer[charsRead] = '\0';
> response = readBuffer;
> }
>
>
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
