Hi,
Thanks Michael. I'll check if your proposal fits my requirement.
Regards,
Sanjaya
On Wed, Jan 10, 2018 at 7:55 PM, Michael Richardson <mcr@xxxxxxxxxxxx> wrote:
Sanjaya Joshi <joshi.sanjaya@xxxxxxxxx> wrote:
> Is there a BIO family of API that OpenSSL provides to bind to a
> specific source IP address before creating a socket connection (using
> for e.g. BIO_new_connect()) ?
I think not... BIO_new_connect() allocates the BIO, and so there isn't any
state to set up before you call that.
I've had to add a place to store the sockaddr to the DGRAM method in order to
make DTLS work the way I want it, and it could be extended to TCP sockets I
think, but not using the flow that you are using.
However, you can provide the FD to the SSL context using BIO_set_fd()
and SSL_set_bio():
BIO_set_fd(inbio, connectedfd, BIO_NOCLOSE);
SSL_set_bio(ssl, inbio, outbio);
Then you can set up the connectedfd any way you want, calling bind() before
connect. That means that you might have to parse the host/IP + port
yourself, but getaddrinfo() can do that for you, and
int BIO_lookup(const char *host, const char *service,
enum BIO_lookup_type lookup_type,
int family, int socktype, BIO_ADDRINFO **res);
wraps it all nicely for you.
> My application does not need to rely on the kernel-provided source IP
> address and hence the need for this.
Just remember to test with IPv6 Link-Local addresses, because they do
matter, and they are hard to get right from userspace.
(And if you aren't doing IPv6 testing, then you probably shouldn't be
creating new code)
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] mcr@xxxxxxxxxxxx http://www.sandelman.ca/ | ruby on rails [
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
