> From: owner-openssl-us...@openssl.org On Behalf Of Akanksha Shukla
> Sent: Thursday, 03 November, 2011 11:25
> I want to summarize <snip>
> I am using the SSL API's for client application to get connect
> to server and that worked fine over IPv4. Now my requirement is to
> have the same client-server communication over IPv6. And this time
> I also used the same SSL API's to get connected to server using
> IPv6 address, but faced issue in that. <snip>
Just to be clear: you are using OpenSSL APIs, but not SSL ones.
BIO_s_connect, and BIO_s_socket, and BIO_s_accept, don't do SSL.
BIO_f_SSL does, and so do SSL_*.
> Approach 1:
> int main()
> {
> Bio *conn;
> SSL_library_init();
> SSL_load_error_strings();
> ERR_load_crypto_strings();
> OpenSSL_add_all_algorithms();
Aside: SSL_load_error_strings includes ERR_load_crypto_strings,
and SSL_library_init loads all algorithms needed for SSL.
> conn = BIO_new_connect("250::56ff:feab:20:80");
> if(!conn) <snip error>
> /* Configure the BIO as a non-blocking one */
> BIO_set_nbio(conn, 1);
> int retryCounter = 0;
> while(retryCounter < CONNECT_MAX_TRY) // <snip> is 10
> {
> int retVal = BIO_do_connect(conn);
> if(retVal <= 0)
> {
> if(BIO_should_retry(conn)) <sleep and continue>
> else <error>
> }
> else <success>
> [BIO_do_connect fails] 02003000:system library:getservbyname:system
library
> Approach 2: ... same except "[250::56ff:feab:20]:80").
> [BIO_do_connect fails] 2006A066:BIO routines:BIO_get_host_ip:bad hostname
lookup
As expected. I thought you were told BIO_s_connect does not handle
IPv6 addresses, and you can easily verify by looking at the code;
it has AF_INET and gethostbyname not v6-capable getaddrinfo etc.
Although, BIO_s_accept does have code for v6 that looks reasonable
at least in 1.0.0e (I can't conveniently test).
> Approach 3:
> I followed the way suggested in forum and tried with IPv4 address.
> This time, I am not able to make connection on IPV4 and biggest issue
> is that nothing is coming in the error logs of SSL as well.
> int socket_desc = socket (AF_INET, SOCK_STREAM, 0);
> if (socket_desc == INVALID_SOCKET)
> {
> cout << "The error retuned by socket is" << errno << endl;
> }
If this condition occurs, which it almost never will, you should
not proceed to the following code which uses socket_desc.
> cout << "The socket is created successfully." << endl;
> struct sockaddr_in addrinfo; <and fill in>
Aside: this name may become confusing. sockets-6 has a
struct addrinfo which is different from sockaddr_in{,6}.
> int retval = connect(socket_desc, (struct sockaddr *)&addrinfo, sizeof
(addrinfo));
> if (retval != 0)
> {
> cout << " The error returned by socket connect is" << errno << endl;
> }
> cout << "The socket is connected successfully." << endl;
>
> conn = BIO_new_socket(socket_desc,0);
> if(!conn) <snip error>
> /* Configure the BIO as a non-blocking one */
> BIO_set_nbio(conn, 1);
>
> int retryCounter = 0;
> while(retryCounter < CONNECT_MAX_TRY) // whose value is 10.
> {
> int retVal = BIO_do_connect(conn);
> if(retVal <= 0) <snip: _should_retry sleep&continue else error>
> else <success>
> After executing program, the outcome came:
> [Bio_do_connect() fails] 00000000:lib(0):func(0):reason(0)
BIO_do_connect is documented only for BIO_s_connect, not BIO_s_socket.
(Although it uses the same BIO_ctrl number as some other operations.)
And in fact it is unsupported and meaningless on BIO_s_socket,
which wraps (only) a socket that is already connected.
It is somewhat unhelpful that unsupported BIO_ctrl's
(at least here) return 0 with no ERR_ entry.
> So, my main queries or doubt are:
> 1) I wanted to have SSL API's which could have been used
> for both IPv4 and IPv6 (client side application). Is there support
> for IPv6 in any of the client side OpenSSl API or not? This has been
> my question from the first day when I posted my query in forum but
> till now I haven't got any concrete response on this.
The SSL_ routines (both client and server) work fine with any socket,
either v4 and v6. BIO_f_SSL/BIO_s_socket ditto.
BIO_s_connect, and (thus) BIO_f_SSL/BIO_s_connect no.
> 2) Since I am getting error in the IPv4 only when I followed
> the way suggested in forum and nothing is coming in error logs.
> So, I don't know how to proceed further and my work is struck here.
I don't think anyone suggested do_connect on BIO_s_socket.
> 3) I am also not clear why the error log is coming as 0
> in approach 3 while in case 1 and case 2, I can see some error thrown
> by SSL API's. I don't think in case 3, I am missing something which
> could cause error as 0.
Because it's an unsupported operation on this BIO, see above.
<snip>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
