<p dir="ltr">Matt,</p>
<p dir="ltr">The suggested workaround seems to be working. I say "seems to be" because I have only tested it a little. it was tested using openssl s_client. Also, I suppose this doesn't present a security breach?</p>
<p dir="ltr">Of course, if anyone manages to locate the origin of the issue, I would like to hear from them.</p>
<p dir="ltr">Resent the mail so that everyone else can see it.</p>
<p dir="ltr">Best regards, </p>
<p dir="ltr">Nikola Milev</p>
<div class="gmail_extra"><br><div class="gmail_quote">On Sep 2, 2016 11:31 AM, "Matt Caswell" <<a href="mailto:matt@openssl.org">matt@openssl.org</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
<br>
On 02/09/16 10:16, Nikola Milev wrote:<br>
> Matt,<br>
><br>
> I am not sure I understand.<br>
><br>
> acc = BIO_new_accept(PORT);<br>
><br>
><br>
> BIO_set_bind_mode(acc, BIO_BIND_REUSEADDR_IF_UNUSED);<br>
> if(!acc)<br>
> {<br>
> server_error_("Error creating server socket");<br>
> }<br>
> if (BIO_do_accept(acc) <= 0)<br>
> {<br>
> server_error_("Error binding server socket");<br>
> }<br>
><br>
> Looking at this chunk of code, I am a bit confused. Is not the socket<br>
> created with BIO in BIO_new_accept() call?<br>
><br>
> Am I supposed to create acc BIO using the socket(), then<br>
> BIO_new_socket(), then BIO_set_port() and, afterwards, omit the first<br>
> BIO_do_accept() call?<br>
<br>
I'm suggesting you don't use BIO for that piece of your code. Just do<br>
regular "socket", "bind", "listen" and "accept" calls like you had in<br>
your simple server code. In that code you had a variable "connfd" which<br>
represented the incoming connection file descriptor. You can then wrap<br>
that "connfd" in a BIO:<br>
<br>
bio = BIO_new(BIO_s_socket());<br>
<br>
if (bio == NULL) {<br>
goto err;<br>
}<br>
BIO_set_fd(bio, connfd, BIO_NOCLOSE);<br>
<br>
Now you can just set that BIO on the SSL object:<br>
<br>
SSL_set_bio(ssl, bio, bio);<br>
<br>
<br>
Matt<br>
<br>
<br>
><br>
><br>
> On Sep 2, 2016 10:32 AM, "Matt Caswell" <<a href="mailto:matt@openssl.org">matt@openssl.org</a><br>
> <mailto:<a href="mailto:matt@openssl.org">matt@openssl.org</a>>> wrote:<br>
><br>
><br>
><br>
> On 02/09/16 09:15, Nikola Milev wrote:<br>
> > Matt,<br>
> ><br>
> > I have not compiled it myself. Compiling simpler applications for my<br>
> > Dragino Yun shield is complicated enough.<br>
> ><br>
> > One thing that did come to mind was: could the cross compilation for<br>
> > Dragino be messing with the program in any way? Also quite new in<br>
> all of it.<br>
><br>
><br>
> Possibly, but I'm not familiar with Dragino so I can't really comment.<br>
><br>
> ><br>
> > Back to OpenSSL, are there any additional settings that could have<br>
> > caused the error?<br>
><br>
> None that spring to mind.<br>
><br>
> ><br>
> > Also, I have a question about this issue on Stack Overflow. If we<br>
> > resolve the issue, I think it would be good to post it there as an<br>
> > answer, if you agree.<br>
><br>
> Sure.<br>
><br>
> If you are unable to compile OpenSSL and it doesn't have debugging<br>
> symbols then its going to be difficult to take the diagnosis of this<br>
> problem much further.<br>
><br>
> An alternative solution for you might be a "workaround". Rather than<br>
> calling BIO_do_accept(), you could create the socket yourself directly<br>
> (i.e. not using the BIO calls). Once you have the have the socket file<br>
> descriptor you can create a BIO from it using BIO_new_socket().<br>
><br>
> Matt<br>
><br>
><br>
> > Best regards,<br>
> > Nikola<br>
> ><br>
> ><br>
> > On Sep 2, 2016 9:51 AM, "Matt Caswell" <<a href="mailto:matt@openssl.org">matt@openssl.org</a><br>
> <mailto:<a href="mailto:matt@openssl.org">matt@openssl.org</a>><br>
> > <mailto:<a href="mailto:matt@openssl.org">matt@openssl.org</a> <mailto:<a href="mailto:matt@openssl.org">matt@openssl.org</a>>>> wrote:<br>
> ><br>
> ><br>
> ><br>
> > On 01/09/16 12:36, Nikola Milev wrote:<br>
> > > listenfd = socket (AF_INET, SOCK_STREAM, PROTOCOL);<br>
> > > if(listenfd < 0)<br>
> > > {<br>
> > > exit_msg("socket() error");<br>
> > > }<br>
> ><br>
> > The fact that this worked suggests that maybe we aren't<br>
> sending what we<br>
> > think we are sending as the parameters to the equivalent<br>
> socket call in<br>
> > OpenSSL. Either that or something really weird is happening<br>
> that causes<br>
> > it to fail when called from OpenSSL, but not from a standalone<br>
> program!!<br>
> ><br>
> > Did you compile OpenSSL yourself, or are you using pre-built<br>
> binaries?<br>
> > If you compiled it yourself then I could provide you with a<br>
> small patch<br>
> > to instrument the code to figure out what parameters are being<br>
> sent to<br>
> > "socket"...either that or you could take a look at it in a<br>
> debugger if<br>
> > it has been compiled with debugging symbols.<br>
> ><br>
> > Matt<br>
> ><br>
><br>
</blockquote></div></div>