Query on non blocking sockets
Hello Team, In our application we open non blocking socket for read and write operation and pass the fd to openssl through BOI API's like this bio = BIO_new(BIO_s_socket()); BIO_set_fd(bio, socket_fd, BIO_NOCLOSE); And we update this bio to SSL using SSL_set_bio() function. My query is do we need to update SSL_CTX with these modes when we use non blocking sockets? SSL_CTX_set_mode(ctx, SSL_MODE_ENABLE_PARTIAL_WRITE); SSL_CTX_set_mode(ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); Or without setting this also non blocking sockets work? Please provide your inputs at Earliest. Thanks Regards, Rajeswari.
[openssl.org #3241] Patch: Constify openssl tables.
On Mon Jan 20 20:45:43 2014, sl.ostape...@samsung.com wrote: Moves more than 10k from .data to .rodata . Reduces RAM usage when openssl is used in multiple process instances: http://code.google.com/p/chromium/issues/detail?id=249746 Also might help compiler optimizer. Thank you for the contribution. However this patch introduces a couple of warnings about discarded const in crypto/srp/* which aren't trivial fixes. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Add version information to OpenSSL DLLs [patch]
Currently when one builds OpenSSL DLLs for Windows CE targets the resulting DLLs do not have any version information in them, or any other resource based information either as version.rc isn't used. I implemented a simple patch that fixes this. Per the README I want to ask if there is any reason I shouldn't submit that patch. Only two files are changed: * Configure * Util/mk1mf.pl -Ike- John Eichenberger Principal Engineer: Sustaining Engineering: Intermec by Honeywell 425.265.2108 john.eichenber...@intermec.com This message is intended only for the named recipient. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action based on the contents of this information is strictly prohibited. VersionDLLs.patch Description: VersionDLLs.patch
Define a method to rename dynamic libraries [patch]
This patch was developed for use with Windows Mobile Dlls, but I think it either works or is close to working for any OS build. The patch itself only enables the ability to rename dynamic libraries using an environment variable named CRYPTO_PREFIX. Unless that environment variable is defined, nothing is really different. When it is defined it is prepended to the names of the libraries, effectively creating uniquely named libraries. This solves the problem of applications not being able to uniquely select a specific instance of OpenSSL libraries. -Ike- John Eichenberger Principal Engineer: Sustaining Engineering: Intermec by Honeywell 425.265.2108 john.eichenber...@intermec.com This message is intended only for the named recipient. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action based on the contents of this information is strictly prohibited. RenameDLLs.patch Description: RenameDLLs.patch
[openssl.org #3247] Suspected bug in openssl ssl3_ciphers array.
Hi, I have server code using openssl 1.0.0e that is intended to only support two cipher types, as selected by this sttatement: SSL_CTX_set_cipher_list(ctx, ECDH-ECDSA-AES256-SHA384:AES256-SHA); However when connecting using openssl s_client it reports that the session is using a different cipher: SSL-Session: Protocol : TLSv1.2 Cipher: ECDH-RSA-AES256-SHA384 ... To narrow this down, I tried just listing a single cipher suite as follows: #openssl ciphers ECDH-ECDSA-AES256-SHA384 ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384 As you can see, I requested one cipher, but two are listed. Looking in ssl/s3_lib.c, the ssl3_ciphers array has entries for the above two ciphers that are the same. I think this is a bug. In fact, it looks like a number of entries are incorrect, namely C00B, C00C, C00D, C00E, C00F, C029, C02A, C031, and C032. All contain SSL_aECDH where I think it should be SSL_aRSA. regards Steve Taylor __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3247] Suspected bug in openssl ssl3_ciphers array.
On Tue Jan 28 22:49:18 2014, stay...@vormetric.com wrote: Hi, I have server code using openssl 1.0.0e that is intended to only support two cipher types, as selected by this sttatement: SSL_CTX_set_cipher_list(ctx, ECDH-ECDSA-AES256-SHA384:AES256-SHA); However when connecting using openssl s_client it reports that the session is using a different cipher: SSL-Session: Protocol : TLSv1.2 Cipher : ECDH-RSA-AES256-SHA384 ... To narrow this down, I tried just listing a single cipher suite as follows: #openssl ciphers ECDH-ECDSA-AES256-SHA384 ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384 As you can see, I requested one cipher, but two are listed. Looking in ssl/s3_lib.c, the ssl3_ciphers array has entries for the above two ciphers that are the same. I think this is a bug. In fact, it looks like a number of entries are incorrect, namely C00B, C00C, C00D, C00E, C00F, C029, C02A, C031, and C032. All contain SSL_aECDH where I think it should be SSL_aRSA. I think you mean OpenSSL 1.0.1e as TLS v1.2 isn't supported in 1.0.0 releases. Please try the recently released 1.0.1f which should fix this. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Define a method to rename dynamic libraries [patch]
This solves the problem of applications not being able to uniquely select a specific instance of OpenSSL libraries. That isn't sufficient for anything except possibly windows. On Unix you'll also need to change SONAME (or the equivalent), prefix all the public entry points to the libraries and massage the OpenSSL headers to match to avoid crashes with a mix of OpenSSL binaries in the same process. On the Unix's symbol resolution is something of a lottery and varies even between releases of the same OS. Since the OpenSSL data objects change in size between releases of OpenSSL calling the wrong entry point with data structure that isn't exactly what was expected causes some interesting problems. It's not an impossible problem to solve, but it does require a lot more than a simple rename of the libs. Peter From: Eichenberger, John john.eichenber...@intermec.com To: openssl-dev@openssl.org openssl-dev@openssl.org, Date: 29/01/2014 07:55 Subject:Define a method to rename dynamic libraries [patch] Sent by:owner-openssl-...@openssl.org This patch was developed for use with Windows Mobile Dlls, but I think it either works or is close to working for any OS build. The patch itself only enables the ability to rename dynamic libraries using an environment variable named CRYPTO_PREFIX. Unless that environment variable is defined, nothing is really different. When it is defined it is prepended to the names of the libraries, effectively creating uniquely named libraries. This solves the problem of applications not being able to uniquely select a specific instance of OpenSSL libraries. -Ike- John Eichenberger Principal Engineer: Sustaining Engineering: Intermec by Honeywell 425.265.2108 john.eichenber...@intermec.com This message is intended only for the named recipient. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action based on the contents of this information is strictly prohibited. [attachment RenameDLLs.patch deleted by Peter Waltenberg/Australia/IBM] __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org