On Wed, Apr 12, 2006, Robert Stober wrote:
> Good Afternoon,
>
> I solved one of my problems, and banged my head against the wall all day
> trying to figure out how to get the OS to select a port for my
> application. Every example I see shows the port being explicitly set,
> whereas I need the OS to do this so that I can be sure the port is free.
>
>
> I've determined that it just can't be done using BIO. So my plan is to
> create the socket and then attach the BIO to it. Here's the short
> version (the long version is below)::
>
> int listenfd;
> struct sockaddr_in server = {AF_INET, INADDR_ANY,
> INADDR_ANY};
>
> init_OpenSSL();
> logInfo("Initialized OpenSSL library\n");
>
> seed_prng();
>
> ctx = setup_server_ctx();
> /*
> * THIS IS THE PART I CHANGED TO TRY AND GET AN EPHEMERAL PORT
>
> */
>
> if ((listenfd = socket(AF_INET, SOCK_STREAM, 0)) == -1)
> log_error("Socket call failed\n");
>
> if (bind(listenfd, (struct sockaddr *)&server, SIZE) == -1)
> log_error("Bind call failed\n");
>
> acc = BIO_new_socket(listenfd, BIO_CLOSE);
>
> /*
> * THE ABOVE WAS WORKING WHEN I WAS USING acc =
> BIO_new_accept(PORT);
> * BUT THEN I WAS ASSIGNING THE PORT MANUALLY.
> */
>
> if (!acc)
> log_error("Error creating server socket\n");
> else
> logInfo("Created server socket\n");
>
> /* This wasn't working, and why should it? I already binded
> the socket above...
> if (BIO_do_accept(acc) <= 0)
> log_error("Error binding server socket\n");
> else
> logInfo("Binded server socket\n"); */
>
> portStr = BIO_get_accept_port(acc);
> logInfo("PortStr: %s\n", portStr);
>
> if (!(ssl = SSL_new(ctx)))
> log_error("Error creating SSL context\n");
> else
> logInfo("Created SSL context\n");
>
> SSL_set_bio(ssl, acc, acc);
>
> if (SSL_accept(ssl) <= 0)
> log_error("Error accepting SSL connection\n");
> else
> logInfo("Accepted SSL connection\n");
>
>
> This compiles but when I run it I get "Error accepting SSL connection".
> The eerror queue shows:
>
> SSL_ERROR_SYSCALL - which is what I get when the server is not running!
>
> Any pointers at all would be immensely helpful as I've found next to
> nothing on setting up an ephemeral port using SSL /BIO. I just want the
> OS to select an available ephemeral port for me.
>
I think the problem is that BIO_new_socket() is expecting a connected
socket. The calls to BIO_do_accept() only work for an accept BIO whereas you
have a socket BIO.
I'd suggest you use an accept BIO but set up the socket using the calls
similar to those above. Then call BIO_set_fd() on that accept BIO.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
