Interface selection BIO_do_connect

2008-03-06 Thread [EMAIL PROTECTED] 
With openSSL, what is the usual way to select a network interface on a
multihomed device?

I know that with a regular socket I could use ioctl SIOCSIFNAME.   But I
don't see a way to do that for a client SSL connection.   

   BIO* conn = BIO_new_connect(addr);
   BIO_do_connect(conn); // == socket gets created  connected;
 // interface selection is not under program
control
   ssl = SSL_new(ctx);
   SSL_set_bio(ssl, conn, conn);
   err = SSL_connect(ssl);

I hope I don't have to write my own BIO.

Any ideas?
--
Paul Wisner
 Research Staff, Nokia Research Center, Cambridge, Massachusetts, USA
 Nokia University Relations Representative, Eastern USA
 Research Affiliate, MIT Computer Science and Artificial Intelligence
Laboratory 
 http://research.nokia.com/people/paul_wisner

 

-Original Message-
From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of ext Goetz 
Babin-Ebell
Sent: Thursday, March 06, 2008 5:00 PM
To: openssl-users@openssl.org
Subject: Re: testing upgrade from 0.9.7e to 0.9.8g

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Victor Duchovni schrieb:
| On Thu, Mar 06, 2008 at 01:15:03PM -0600,
[EMAIL PROTECTED] wrote:
|
| So we're testing out an upgrade from OpenSSL 0.9.7e to 0.9.8g, and 
| we're mostly using the SSL network connection functionality, not the 
| crypto lib.
|
| I am supposed to help with a test plan to make sure our stuff works 
| properly, but I'm not sure what to test.  I imagine that it 
has to be 
| backward compatible, since everyone using HTTPS has to be, 
but am not 
| sure.
|
| Other than reading the NEWS page for changes, can anyone think of 
| something I should do or something specific I should test?
|
| I wasn't that familiar with OpenSSL but I'm in charge of our crypto 
| code now, so I have to become so quite quickly. :-)
|
| The two releases are binary and protocol compatible. You 
don't need to 
| recompile your applications, just deploy the new shared library and 
| header files (for building new applications).
|

0.9.7e and 0.9.8g are binary compatible ?
Who told you that ?

All code build for 0.9.7* has to be recompiled for use with 0.9.8*.

Besides certificate verification and session reconnect I don't 
know any details what you have to retest.

Goetz

- --
DMCA: The greed of the few outweights the freedom of the many 
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFH0Gln2iGqZUF3qPYRAutlAJ9CmsVIKB2ZcbaIdRHxtO9Vn1VHJACfdRMx
olZ2PA/q1zompRUx5jAR20g=
=G45N
-END PGP SIGNATURE-
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Interface selection BIO_do_connect

2008-03-06 Thread jimmy bahuleyan 

[EMAIL PROTECTED] wrote:

With openSSL, what is the usual way to select a network interface on a
multihomed device?

I know that with a regular socket I could use ioctl SIOCSIFNAME.   But I
don't see a way to do that for a client SSL connection.   


   BIO* conn = BIO_new_connect(addr);
   BIO_do_connect(conn); // == socket gets created  connected;
 // interface selection is not under program
control
   ssl = SSL_new(ctx);
   SSL_set_bio(ssl, conn, conn);
   err = SSL_connect(ssl);

I hope I don't have to write my own BIO.

Any ideas?


Why don't you use the regular socket creation method (using ioctl) that 
you have combined with BIO_new_socket()? Of course then you'd have do 
the connection part manually; but you don't have write a new BIO!


-jb
--
I used to think I was indecisive, but now I'm not so sure.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]