NSS and SOCKS4/5 (Firewall support)
This may seem like a basic question, but I've been using NSS/NSPR for SSL support for my TCP/IP-based application and now I need to figure out how to traverse a firewall using SOCKS4/5. I've looked on mozilla.org and it appears that SOCKS4/5 is supported somewhere in the code, but I'm not exactly sure. Should I get the new netlib code (necko) - would this play nice w/ NSS/NSPR? And/Or, should I get the PSM code (where?). Or - I'm completely off-base. Would appreicate any insight/help. Regards, Mike Oliver Invertix
Re: NSS and SOCKS4/5 (Firewall support)
Okay - if I utilize necko for SOCKS4/5, however, would that conflict w/ NSS? Wan-Teh Chang [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Mike Oliver wrote: This may seem like a basic question, but I've been using NSS/NSPR for SSL support for my TCP/IP-based application and now I need to figure out how to traverse a firewall using SOCKS4/5. I've looked on mozilla.org and it appears that SOCKS4/5 is supported somewhere in the code, but I'm not exactly sure. Should I get the new netlib code (necko) - would this play nice w/ NSS/NSPR? And/Or, should I get the PSM code (where?). I believe that there is no SOCKS4/5 support in the current version of NSS. In the Mozilla browser, SOCKS4/5 support is probably implemented in necko, not PSM. I believe necko can be used independent of Mozilla. (There seems to be an Embedding toolkit containing Gecko and Necko that you can embed in your application.) This is all I know. Wan-Teh
Re: PR_IO_TIMEOUT_ERROR when doing a PR_Send with PR_INTERVAL_NO_TIMEOUT???
- Platform is Win2K/Win32 - Acting as a client - Blocking SSL Sockets Your speculation seems to make sense because I only get PR_INTERVAL_NO_TIMEOUT with the first call to PR_Send _sometimes_. And, if I happen to step through the socket creation/SSL handshake process w/ the debugger and then just run when the creation process is done, I never get this problem. So, it seems that one of the initialization functions says it's done, when it's not quite done, I would guess. Could I use PR_Poll in this case to ensure that the SSL socket is ready, 100% garaunteed?? Mike Nelson B. Bolyard [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Mike Oliver wrote: Nelson B. Bolyard [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... This can happen if you have set the SSL_ENABLE_FDX flag on the SSL socket, but do not have threads reading and writing simultaneously. Have you set SSL_ENABLE_FDX? No, I have not set SSL_ENABLE_FDX. W/r/t options, all I have set is: SSL_SECURITY SSL_HANDSHAKE_AS_CLIENT More questions: 1. What platform? 2. Is your program acting as an SSL server at any time? (The HANDSHAKE_AS_CLIENT would suggest not, but I have to ask) One way it could conceivably happen is as follows: SSL or NSPR might call some system function, other than send or recv, that normally does not block for a long time, but that is capable of retunring ETIMEDOUT (if Unix) or WSAETIMEDOUT (if Win32). The PR_INTERVAL_NO_TIMEOUT timeout value should prevent the underlying system send or recv call from returning ETIMEDOUT, but some other system call could unexpectedly return it, causing NSPR/NSS to return it as PR_IO_TIMEOUT_ERROR. This is just speculation, of course. Please continue to post any followup messages to this newsgroup. -- Nelson Bolyard Netscape Disclaimer: I speak for myself, not for Netscape
PR_Cleanup hangs
After closing a SSL blocking socket and preparing to shutdown, I call: NSS_Shutdown(); PR_Cleanup(); PR_Cleanup, however, never returns. Any thoughts? Running on Win2K. Thanks, Mike Oliver Invertix
Re: PR_IO_TIMEOUT_ERROR when doing a PR_Send with PR_INTERVAL_NO_TIMEOUT???
No, I have not set SSL_ENABLE_FDX. W/r/t options, all I have set is: SSL_SECURITY SSL_HANDSHAKE_AS_CLIENT Mike Oliver Invertix Nelson B. Bolyard [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... This can happen if you have set the SSL_ENABLE_FDX flag on the SSL socket, but do not have threads reading and writing simultaneously. Have you set SSL_ENABLE_FDX? -- Nelson Bolyard Netscape Disclaimer: I speak for myself, not for Netscape
Re: PR_Cleanup hangs
I have two other threads running, but I did not create them using NSPR, but rather as Win32 ::CreateThread calls. Could this be causing the problem? Any other thoughts? Would you recommend that I download all the source and step into PR_Cleanup w/ the debugger? Thanks for all your help. Mike Oliver Invertix Wan-Teh Chang [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Mike Oliver wrote: After closing a SSL blocking socket and preparing to shutdown, I call: NSS_Shutdown(); PR_Cleanup(); PR_Cleanup, however, never returns. Any thoughts? Running on Win2K. It would be nice to use the debugger to see where PR_Cleanup is waiting. I suspect that it is waiting for all the user threads to terminate. Because of NSPR's past as the underpinnings of Netscape's port of Sun JVM, NSPR has the notion of user threads and system threads. This is the first argument to PR_CreateThread. If you call PR_Cleanup(), it will wait until all the threads created as PR_USER_THREAD have terminated. Wan-Teh
PR_IO_TIMEOUT_ERROR when doing a PR_Send with PR_INTERVAL_NO_TIMEOUT???
What does it mean when I get a PR_IO_TIMEOUT_ERROR error when I do a PR_Send with PR_INTERVAL_NO_TIMEOUT? Shouldn't the call wait forever? I'm using non-blocking sockets over an SSL connection. This happens randomly. Thanks in advance. Mike Oliver Invertix
Re: PR_IO_TIMEOUT_ERROR when doing a PR_Send with PR_INTERVAL_NO_TIMEOUT???
I apologize, but I actually mis-typed. I'm using BLOCKING sockets over an SSL connection... Does this make any sense now? Mike Oliver Invertix Wan-Teh Chang [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Mike Oliver wrote: What does it mean when I get a PR_IO_TIMEOUT_ERROR error when I do a PR_Send with PR_INTERVAL_NO_TIMEOUT? Shouldn't the call wait forever? I'm using non-blocking sockets over an SSL connection. This happens randomly. For non-blocking sockets, the 'timeout' argument to NSPR I/O functions is ignored. Calls on non-blocking sockets do not wait forever, and they should not fail with the PR_IO_TIMEOUT_ERROR error either. What you reported is a bug. Wan-Teh
PR_Poll vs. PR_Available vs. SSL_DataPending
I'm using NSPR and NSS to do SSL sockets. My sockets are blocking, so I don't want to do a PR_Read until I know that there is data to be read. If I try PR_Poll, it seems to return an out flag of PR_POLL_READ even when there is nothing to read. If I try PR_Available or SSL_DataPending, then they never return any bytes to be read, even when I know there are bytes that have just been sent. How do I do this? What is the best way of doing a PR_Read only for blocking sockets only when I know there is data to be read? (So PR_Read will in fact return immediately). Thanks for the help in advance... Mike Oliver Invertix
Re: PR_Poll vs. PR_Available vs. SSL_DataPending
Thanks for your patience. But, this is what I'm trying to say. I know that PR_Read will always block until complete if it's a blocking socket. If I were working w/ Win32 sockets or Berkley sockets directly, I could call: ioctrlsocket (WinSock) or ioctl (Berkley) on the socket to determine the amount of data that needs to be read, if any. That way, I know that when I call recv, even though it will block, it will return in a finite amount of time because there is data in the socket to be read. So - is there an NSPR equivalent of ioctrlsocket or ioctl? I thought it would be PR_Poll or PR_Available, but I was wrong. Separately, assuming that there isn't an alternative above, I'll have to use non-blocking sockets. What is the correct way of doing a PR_Read and PR_Write with non-blocking sockets? When I switch to using PR_Read w/ a non-blocking socket, it doesn't seem to clear to socket, I get the same data over and over again. One last question: What's the difference between PR_Read/PR_Write and PR_Recv/PR_Send when working w/ a socket? Sorry for the basic questions - thanks in advance. Mike Oliver Invertix John Gardiner Myers [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Mike Oliver wrote: That doesn't make sense to me. With blocking sockets, you still should be able to query the socket first for data before doing the actual blocking read That is not the case. If you don't want to block, make the socket nonblocking. I don't know how I can make this concept simpler. - Also, I noticed that PR_Available returns a NOT_IMPLEMENTED error code - anyone know about that? (using latest NSPR release) The SSL code indeed does not implement the available operation. The SSL code cannot tell how much data it can return to the caller until it has read and decoded an entire SSL record from the lower layer socket. - SSL_DataPending seems to return 0 always regards of blocking/non-blocking. SSL_DataPending returns the amount of data buffered in the SSL layer itself. In order to be nonzero, a previous read operation would have had to decode an SSL record that had more data than could be returned to the caller.