[openssl-users] Fwd: Information to detach a BIO from fd

Sat Jan 13 18:54:15 UTC 2018

I'm not 100% sure what you're doing
I'd imagine that if SSL was managing the fd's you wouldn't have this issue.
You hvae to call accept() to get a new FD... and you'll only get that once,
so when you accept() you should attach the bio and call ssl_accept(), no?

On Fri, Jan 12, 2018 at 5:52 PM, Priscilla Hero <grace.priscilla at gmail.com>
wrote:

>
>
> Hi Michael,
> Without doing ssl_accept on the ssl will getpeername work? Also using the
> existing ssl with ssl_accept for the first connection we don’t get the
> information of second peer. Thus we ended up creating new bio/ssl each time
> we get a request.
>
> Any suggestions?
>
> Thanks,
> Grace
>
> On 12-Jan-2018, at 6:45 PM, Michael Wojcik <Michael.Wojcik at microfocus.com>
> wrote:
>
> >> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On
> Behalf Of Grace Priscilla Jero
> >> Sent: Friday, January 12, 2018 07:04
> >
> >
> >> Whenever a connect is initiated from any client we need to know if it
> is already connected client or a new client.
> >> We are doing this by
> >> • creating bio/ssl each time a polling happens on the server fd
> >> • fetching the peer using BIO_dgram_get_peer after ssl_accept
> >> • Comparing it to the internally maintained list of peer
> >
> > Don't create the BIO immediately. Use getpeername on the socket
> descriptor and check that against the list. Only create a new SSL object
> and BIO if it's not an already-established client.
> >
> > --
> > Michael Wojcik
> > Distinguished Engineer, Micro Focus
> >
> >
> > --
> > openssl-users mailing list
> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180113/c57cfe86/attachment.html>