Matt,
The suggested workaround seems to be working. I say "seems to be" because I
have only tested it a little. it was tested using openssl s_client. Also, I
suppose this doesn't present a security breach?
Of course, if anyone manages to locate the origin of the issue, I would
like to hear from them.
Resent the mail so that everyone else can see it.
Best regards,
Nikola Milev
On Sep 2, 2016 11:31 AM, "Matt Caswell" <matt at openssl.org> wrote:
>
>
> On 02/09/16 10:16, Nikola Milev wrote:
> > Matt,
> >
> > I am not sure I understand.
> >
> > acc = BIO_new_accept(PORT);
> >
> >
> > BIO_set_bind_mode(acc, BIO_BIND_REUSEADDR_IF_UNUSED);
> > if(!acc)
> > {
> > server_error_("Error creating server socket");
> > }
> > if (BIO_do_accept(acc) <= 0)
> > {
> > server_error_("Error binding server socket");
> > }
> >
> > Looking at this chunk of code, I am a bit confused. Is not the socket
> > created with BIO in BIO_new_accept() call?
> >
> > Am I supposed to create acc BIO using the socket(), then
> > BIO_new_socket(), then BIO_set_port() and, afterwards, omit the first
> > BIO_do_accept() call?
>
> I'm suggesting you don't use BIO for that piece of your code. Just do
> regular "socket", "bind", "listen" and "accept" calls like you had in
> your simple server code. In that code you had a variable "connfd" which
> represented the incoming connection file descriptor. You can then wrap
> that "connfd" in a BIO:
>
> bio = BIO_new(BIO_s_socket());
>
> if (bio == NULL) {
> goto err;
> }
> BIO_set_fd(bio, connfd, BIO_NOCLOSE);
>
> Now you can just set that BIO on the SSL object:
>
> SSL_set_bio(ssl, bio, bio);
>
>
> Matt
>
>
> >
> >
> > On Sep 2, 2016 10:32 AM, "Matt Caswell" <matt at openssl.org
> > <mailto:matt at openssl.org>> wrote:
> >
> >
> >
> > On 02/09/16 09:15, Nikola Milev wrote:
> > > Matt,
> > >
> > > I have not compiled it myself. Compiling simpler applications for
> my
> > > Dragino Yun shield is complicated enough.
> > >
> > > One thing that did come to mind was: could the cross compilation
> for
> > > Dragino be messing with the program in any way? Also quite new in
> > all of it.
> >
> >
> > Possibly, but I'm not familiar with Dragino so I can't really
> comment.
> >
> > >
> > > Back to OpenSSL, are there any additional settings that could have
> > > caused the error?
> >
> > None that spring to mind.
> >
> > >
> > > Also, I have a question about this issue on Stack Overflow. If we
> > > resolve the issue, I think it would be good to post it there as an
> > > answer, if you agree.
> >
> > Sure.
> >
> > If you are unable to compile OpenSSL and it doesn't have debugging
> > symbols then its going to be difficult to take the diagnosis of this
> > problem much further.
> >
> > An alternative solution for you might be a "workaround". Rather than
> > calling BIO_do_accept(), you could create the socket yourself
> directly
> > (i.e. not using the BIO calls). Once you have the have the socket
> file
> > descriptor you can create a BIO from it using BIO_new_socket().
> >
> > Matt
> >
> >
> > > Best regards,
> > > Nikola
> > >
> > >
> > > On Sep 2, 2016 9:51 AM, "Matt Caswell" <matt at openssl.org
> > <mailto:matt at openssl.org>
> > > <mailto:matt at openssl.org <mailto:matt at openssl.org>>> wrote:
> > >
> > >
> > >
> > > On 01/09/16 12:36, Nikola Milev wrote:
> > > > listenfd = socket (AF_INET, SOCK_STREAM, PROTOCOL);
> > > > if(listenfd < 0)
> > > > {
> > > > exit_msg("socket() error");
> > > > }
> > >
> > > The fact that this worked suggests that maybe we aren't
> > sending what we
> > > think we are sending as the parameters to the equivalent
> > socket call in
> > > OpenSSL. Either that or something really weird is happening
> > that causes
> > > it to fail when called from OpenSSL, but not from a standalone
> > program!!
> > >
> > > Did you compile OpenSSL yourself, or are you using pre-built
> > binaries?
> > > If you compiled it yourself then I could provide you with a
> > small patch
> > > to instrument the code to figure out what parameters are being
> > sent to
> > > "socket"...either that or you could take a look at it in a
> > debugger if
> > > it has been compiled with debugging symbols.
> > >
> > > Matt
> > >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160902/b26984d0/attachment.html>
