I'm not 100% sure what you're doing
I'd imagine that if SSL was managing the fd's you wouldn't have this issue.
You hvae to call accept() to get a new FD... and you'll only get that once, so when you accept() you should attach the bio and call ssl_accept(), no?
On Fri, Jan 12, 2018 at 5:52 PM, Priscilla Hero <grace.priscilla@xxxxxxxxx> wrote:
Hi Michael,
Without doing ssl_accept on the ssl will getpeername work? Also using the existing ssl with ssl_accept for the first connection we don’t get the information of second peer. Thus we ended up creating new bio/ssl each time we get a request.
Any suggestions?
Thanks,
Grace
On 12-Jan-2018, at 6:45 PM, Michael Wojcik <Michael.Wojcik@xxxxxxxxxxxxxx> wrote:
>> From: openssl-users [mailto:openssl-users-bounces@openssl.org ] On Behalf Of Grace Priscilla Jero
>> Sent: Friday, January 12, 2018 07:04
>
>
>> Whenever a connect is initiated from any client we need to know if it is already connected client or a new client.
>> We are doing this by
>> • creating bio/ssl each time a polling happens on the server fd
>> • fetching the peer using BIO_dgram_get_peer after ssl_accept
>> • Comparing it to the internally maintained list of peer
>
> Don't create the BIO immediately. Use getpeername on the socket descriptor and check that against the list. Only create a new SSL object and BIO if it's not an already-established client.
>
> --
> Michael Wojcik
> Distinguished Engineer, Micro Focus
>
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
