With openSSL, what is the usual way to select a network interface on a
multihomed device?
I know that with a regular socket I could use ioctl SIOCSIFNAME. But I
don't see a way to do that for a client SSL connection.
BIO* conn = BIO_new_connect(addr);
BIO_do_connect(conn); // == socket gets created connected;
// interface selection is not under program
control
ssl = SSL_new(ctx);
SSL_set_bio(ssl, conn, conn);
err = SSL_connect(ssl);
I hope I don't have to write my own BIO.
Any ideas?
--
Paul Wisner
Research Staff, Nokia Research Center, Cambridge, Massachusetts, USA
Nokia University Relations Representative, Eastern USA
Research Affiliate, MIT Computer Science and Artificial Intelligence
Laboratory
http://research.nokia.com/people/paul_wisner
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of ext Goetz
Babin-Ebell
Sent: Thursday, March 06, 2008 5:00 PM
To: openssl-users@openssl.org
Subject: Re: testing upgrade from 0.9.7e to 0.9.8g
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Victor Duchovni schrieb:
| On Thu, Mar 06, 2008 at 01:15:03PM -0600,
[EMAIL PROTECTED] wrote:
|
| So we're testing out an upgrade from OpenSSL 0.9.7e to 0.9.8g, and
| we're mostly using the SSL network connection functionality, not the
| crypto lib.
|
| I am supposed to help with a test plan to make sure our stuff works
| properly, but I'm not sure what to test. I imagine that it
has to be
| backward compatible, since everyone using HTTPS has to be,
but am not
| sure.
|
| Other than reading the NEWS page for changes, can anyone think of
| something I should do or something specific I should test?
|
| I wasn't that familiar with OpenSSL but I'm in charge of our crypto
| code now, so I have to become so quite quickly. :-)
|
| The two releases are binary and protocol compatible. You
don't need to
| recompile your applications, just deploy the new shared library and
| header files (for building new applications).
|
0.9.7e and 0.9.8g are binary compatible ?
Who told you that ?
All code build for 0.9.7* has to be recompiled for use with 0.9.8*.
Besides certificate verification and session reconnect I don't
know any details what you have to retest.
Goetz
- --
DMCA: The greed of the few outweights the freedom of the many
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFH0Gln2iGqZUF3qPYRAutlAJ9CmsVIKB2ZcbaIdRHxtO9Vn1VHJACfdRMx
olZ2PA/q1zompRUx5jAR20g=
=G45N
-END PGP SIGNATURE-
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]