Thanks for the information. I researched more and found that tlsext_hostname member variable in SSL structure can be used to to get host name. If applications set this using SSL_set_tlsext_host_name(), is it correct to print hostname/IP in tlsext_hostname. Can I use this one to set hostname/Ip address.? Can applications acting as both server and client set this? Thanks in advance, Chethan Kumar -----Original Message----- From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf Of Michael Wojcik Sent: Monday, May 20, 2019 7:35 PM To: openssl-users@xxxxxxxxxxx Subject: RE: To get end point's IP address > From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On > Behalf Of Chethan Kumar > Sent: Monday, May 20, 2019 04:22 > I wanted to log end point's IP address during some errors in > communication using openssl. > Initially when I tried getpeername() on SSL context, its giving proxy > server's IP and not destination IP. The proxy server address *is* the peer address. Proxies terminate TLS conversations. The client has a TLS conversation with the proxy, and the proxy may have a separate TLS conversation with the origin server. (Or with whatever the next application-level node in the chain is; there can be multiple proxies, gateways, etc.) If it didn't do TLS termination, it wouldn't be a proxy, but a router. If you have a node that's doing routing at level 4 (copying data between two TCP connections) but not doing TLS termination, there's no way to get the IP addresses of the endpoints of the other connection from the stack. That information has to be provided at the application level. (Techincal quibble: "Level 4 routing" is a somewhat dubious concept in TCP/IP, since TCP straddles OSI levels 4 and 5. But applications which forward data between TCP conversations are traditionally connsidered level-4 routers. Also, note some level-4 routing packages do TLS termination - stunnel in its base mode is an example. A level-4 router may or may not do TLS termination.) -- Michael Wojcik Distinguished Engineer, Micro Focus The information contained in this e-mail message and in any attachments/annexure/appendices is confidential to the recipient and may contain privileged information. If you are not the intended recipient, please notify the sender and delete the message along with any attachments/annexure/appendices. You should not disclose, copy or otherwise use the information contained in the message or any annexure. Any views expressed in this e-mail are those of the individual sender except where the sender specifically states them to be the views of Toshiba Software India Pvt. Ltd. (TSIP),Bangalore. Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by Toshiba Embedded Software India Pvt. Ltd, for any loss or damage arising in any way from its use.
