Re: Binding outgoing SSL connection to certain IP address

Mon, 19 Apr 2010 02:30:26 -0700 

On Sun, 18 Apr 2010 23:35:16 +0200 (CEST)
Ondrej Jombik <jom...@platon.org> wrote:

> [ Please Cc me in the answer as I'm not in the list. Thank you. ]
> 
> I was googlig for over two days and now I'm stuck. The thing I would
> like to accomplish is to bind outgoing SSL connection to certain IP
> address.
> 
> Our server has several IP addresses, but remote machine will accept
> connections only from certain address, which I need to bind client to.
> 
> What I have learned I need to create my own filedescriptor (socket)
> which will be binded to desired local IP address and connected to
> desired remote host.
> 
> But how to join this FD with BIO?  I know there is BIO_set_fd(), but
> this is simply not working well for me. It does nothing. Do someone
> have some working snippet of code with this? I would much appreciate
> it.

>From your description I don't understand if you're trying to bind a
particular IP address on client or server side.

Anyway, you need to use bind(2) system call AND set your IP address.
Then you can call SSL_set_fd() to set connected socket, this should
automatically create the needed BIO for SSL object. Below is a server
code example, which accepts connections only on IP address 192.168.1.1

#define SERV_ADDR "192.168.1.1"
#define SERV_PORT 8000

int listenfd, connfd;
socklen_t clilen;
struct sockaddr_in cliaddr, servaddr;

/* Create IPv4 socket */

if((listenfd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
{
        perror("socket() error");
        exit(1);
}

memset(&servaddr, 0, sizeof(servaddr));
servaddr.sin_family = AF_INET;
inet_pton(AF_INET, SERV_ADDR, &servaddr.sin_addr);
servaddr.sin_port = htons(SERV_PORT);

if(bind(listenfd, (struct sockaddr *)&servaddr, sizeof (servaddr)) < 0)
{
        perror("bind() error");
        exit(1);
}
if(listen(listenfd, BACKLOG) < 0)
{
        perror("listen() error");
        exit(1);
}

/* Accept client connections */

clilen = sizeof(cliaddr);
if((connfd = accept(listenfd, (struct sockaddr *)&cliaddr,
        &clilen)) < 0 )
{
        perror("accept() error");
        exit(1);
}

...

/* Handle SSL connections */

if((ssl = SSL_new(ssl_ctx)) == NULL)
{
        printf("SSL_new() error\n");
        exit(1);
}

if(SSL_set_fd(ssl, connfd) != 1)
{
        printf("SSL_set_fd() error\n");
        exit(1);
}

if(SSL_accept(ssl) != 1)
{
        printf("SSL_accept() error\n");
        ERR_error_string_n(ERR_get_error(), buf, 2048);
        printf("%s\n", buf);
        exit(1);
}
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to