I do need this for client side. Machine where connection is originating
has several IP addresses and the remote machine will accept connection
only from one of those. So I need to choose exactly one source IP
address when creating connection.
Can your example be modified for this?
Also I noticed that in your example there is no BIO used at all. Now I'm
even more confused, since I thought that BIO is something like must-have
when dealing with SSL connections.
If I ever properly create socket with desired properties, ie. correct
originating source address and correct destination address and port,
should I pass this socket to SSL with SSL_set_fd() or to BIO with
BIO_set_fd() ?
Anyway thank you for your help.
Ondrej
On Mon, 19 Apr 2010, Sad Clouds wrote:
On Sun, 18 Apr 2010 23:35:16 +0200 (CEST)
Ondrej Jombik <jom...@platon.org> wrote:
[ Please Cc me in the answer as I'm not in the list. Thank you. ]
I was googlig for over two days and now I'm stuck. The thing I would
like to accomplish is to bind outgoing SSL connection to certain IP
address.
Our server has several IP addresses, but remote machine will accept
connections only from certain address, which I need to bind client to.
What I have learned I need to create my own filedescriptor (socket)
which will be binded to desired local IP address and connected to
desired remote host.
But how to join this FD with BIO? I know there is BIO_set_fd(), but
this is simply not working well for me. It does nothing. Do someone
have some working snippet of code with this? I would much appreciate
it.
From your description I don't understand if you're trying to bind a
particular IP address on client or server side.
Anyway, you need to use bind(2) system call AND set your IP address.
Then you can call SSL_set_fd() to set connected socket, this should
automatically create the needed BIO for SSL object. Below is a server
code example, which accepts connections only on IP address 192.168.1.1
#define SERV_ADDR "192.168.1.1"
#define SERV_PORT 8000
int listenfd, connfd;
socklen_t clilen;
struct sockaddr_in cliaddr, servaddr;
/* Create IPv4 socket */
if((listenfd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
{
perror("socket() error");
exit(1);
}
memset(&servaddr, 0, sizeof(servaddr));
servaddr.sin_family = AF_INET;
inet_pton(AF_INET, SERV_ADDR, &servaddr.sin_addr);
servaddr.sin_port = htons(SERV_PORT);
if(bind(listenfd, (struct sockaddr *)&servaddr, sizeof (servaddr)) < 0)
{
perror("bind() error");
exit(1);
}
if(listen(listenfd, BACKLOG) < 0)
{
perror("listen() error");
exit(1);
}
/* Accept client connections */
clilen = sizeof(cliaddr);
if((connfd = accept(listenfd, (struct sockaddr *)&cliaddr,
&clilen)) < 0 )
{
perror("accept() error");
exit(1);
}
...
/* Handle SSL connections */
if((ssl = SSL_new(ssl_ctx)) == NULL)
{
printf("SSL_new() error\n");
exit(1);
}
if(SSL_set_fd(ssl, connfd) != 1)
{
printf("SSL_set_fd() error\n");
exit(1);
}
if(SSL_accept(ssl) != 1)
{
printf("SSL_accept() error\n");
ERR_error_string_n(ERR_get_error(), buf, 2048);
printf("%s\n", buf);
exit(1);
}
--
Ondrej JOMBIK
Platon Technologies Ltd., Hlavna 3, Sala SK-92701
+421 903 PLATON - i...@platon.org - http://platon.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
