Re: How to use a specific ip interface while testing TLS/SSL connectivity.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf Of Rajinder Pal Singh
> Sent: Friday, February 08, 2019 12:20

> I want to use a specific ip interface (out of several available ethernet interfaces available
> on my server) to test TLS/SSL connectivity to a remote server.

This isn't an OpenSSL question; it's a networking-API question.

For IPv4: Create your socket, bind it to the local interface you want to use (specifying a port of 0 if you want an ephemeral port assigned as in the usual case), then connect to the peer. You'll probably want to enable SO_REUSEADDR on the socket before calling bind. Once the connection is established, create the OpenSSL socket BIO and associate it with your socket.

For IPv6: You should be able to use a scope zone ID to force a particular local interface. The easiest way to do this is to specify the appropriate zone ID suffix (which might look like e.g. "%15" or "%eth1") on the text representation of the peer's address, then use getaddrinfo with the AI_NUMERICHOST hint to convert it to a sockaddr_in6 structure with the correct scope zone ID field value. Then connect using that, create BIO, etc.

Note that all of this will only work if the peer can actually be reached using that interface.

Another alternative is to configure your routing table with a host route to the peer using the desired interface.

--
Michael Wojcik
Distinguished Engineer, Micro Focus


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux