[openssl-users] TLSv1_2_method

2017-03-24 Thread Lei Kong 
Can processes running with TLSv1_2_method talk to processes running with 
something older, e.g. TLSv1_1_method? Along the same lines, will new TLS 
versions be backward compatible with TLSv1_2_method ?

I would like to make my code proof, is there something like TLS_latest_method()?

I have a cluster of nodes that talk to each other with TLS, currently the 
version is hardcoded to TLSv1_2_method. Suppose TLSv1_2 is deprecated by 
TLS_new one day, I update my service to use TLS_new node by node, during this 
time, some old nodes are running with TLSv1_2, some new nodes are running with 
new TLS_new, will the communication between old and new nodes work?

Thanks.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] how to implement functions for STACK OF custom type?

2017-03-24 Thread Dr. Stephen Henson 
On Tue, Mar 21, 2017, lists wrote:

> Sorry, I first posted this on the -dev list, likely inappropriate... now with 
> an update:
> 
> I am exploring my options with OpenSSL and specifically I am trying to manage 
> the stacks for some custom objects.
> Currently, I have this code (sort of) in the headers:
> 
> typedef struct myThingA_st
> {
>  ASN1_OBJECT aID;
>  ASN1_OCTET_STRING aOCST;
> }
>  myThingA;
> 
> DECLARE_ASN1_ITEM(myThingA)
> DECLARE_ASN1_FUNCTIONS(myThingA)
> DECLARE_STACK_OF(myThingA)
> // the next one seems to be ininfluent for my purpose, is it?
> DECLARE_ASN1_SET_OF(myThingA)
> 
> typedef struct myThingB_st
> {
>  // SEQUENCE OF { ... }
>  STACK_OF(myThingA) myThingA_sk;
> }
>  myThingB;
> 
> // DECLARE_ASN1_ITEM(myThingB)
> DECLARE_STACK_OF(myThingB)
> // DECLARE_ASN1_FUNCTIONS(myThingB)
> // the next one seems to be ininfluent for my purpose, is it?
> DECLARE_ASN1_SET_OF(myThingB)
> 
> Then, in the .c file...
> 
> IMPLEMENT_STACK_OF(myThingA)
> IMPLEMENT_STACK_OF(myThingB)
> 
> I thought that the basic functions for the stacks to be available (such as 
> sk_myThingA_new, sk_myThingA_push...), yet by compiling a main, for 
> the first one that I try to use I get:
> 
>    undefined reference to `sk_myThingA_value'
> 
> What am I doing wrong here?

If you're using OpenSSL 1.1.0 you need to include:

DEFINE_STACK_OF(FOO)

in a header file and that should be it. That implements a set of inline
functions that do the right thing.

For OpenSSL versions before 1.1.0 it's a bit messier. The type specific
STACK_OF functions are actually macros which are generated by the mkstack.pl
script and appear in the safestack.h header file. If you want to create your
own one way is to extract a type specific section from safestack.h, copy it
to your own header file and do a search/replace for the new type.

So for example extract the sk_OPENSSL_BLOCK macros and replace OPENSSL_BLOCK
with FOO.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] OpenSSL sending close_notify right after responding to a heartbeat request

2017-03-24 Thread R Kaja Mohideen 
Hi,

We have a TLS Server (Written in C) and Client (Written in Java using
Netty + OpenSSL).

I see that when Server sends a TLS extension Heartbeat request to
client - OpenSSL responds to it and sends a close_notify alert right
after it - causing the server to close the session with client.

I don't have any callback registered in client (HB request recipient
side - Java/Netty doesn't really have that support) and so I'm sure
that it is OpenSSL by itself is responding to that heartbeat request.
But, who or what is making OpenSSL to send an alert & close the
session upon responding to heartbeat remains a mystery.

Any help / suggestions to investigate this issue is highly appreciated.

Thanks & regards,
R Kaja Mohideen
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users