To get end point's IP address

Chethan Kumar Chethan.Kumar at toshiba-tsip.com
Tue May 21 09:53:24 UTC 2019 

Thanks for the information.

I researched more and found that tlsext_hostname member variable in SSL structure can be used to to get host name.
If applications set this using SSL_set_tlsext_host_name(), is it correct to print hostname/IP in  tlsext_hostname.
Can I use this one to set hostname/Ip address.?
Can applications acting as both server and client set this?

Thanks in advance,
Chethan Kumar

-----Original Message-----
From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Michael Wojcik
Sent: Monday, May 20, 2019 7:35 PM
To: openssl-users at openssl.org
Subject: RE: To get end point's IP address

> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On 
> Behalf Of Chethan Kumar
> Sent: Monday, May 20, 2019 04:22

> I wanted to log end point's IP address during some errors in 
> communication using openssl.
> Initially when I tried getpeername() on SSL context, its giving proxy 
> server's IP and not destination IP.

The proxy server address *is* the peer address. Proxies terminate TLS conversations. The client has a TLS conversation with the proxy, and the proxy may have a separate TLS conversation with the origin server. (Or with whatever the next application-level node in the chain is; there can be multiple proxies, gateways, etc.)

If it didn't do TLS termination, it wouldn't be a proxy, but a router.

If you have a node that's doing routing at level 4 (copying data between two TCP connections) but not doing TLS termination, there's no way to get the IP addresses of the endpoints of the other connection from the stack. That information has to be provided at the application level.

(Techincal quibble: "Level 4 routing" is a somewhat dubious concept in TCP/IP, since TCP straddles OSI levels 4 and 5. But applications which forward data between TCP conversations are traditionally connsidered level-4 routers. Also, note some level-4 routing packages do TLS termination - stunnel in its base mode is an example. A level-4 router may or may not do TLS termination.)

--
Michael Wojcik
Distinguished Engineer, Micro Focus


The information contained in this e-mail message and in any
attachments/annexure/appendices is confidential to the 
recipient and may contain privileged information. 
If you are not the intended recipient, please notify the
sender and delete the message along with any 
attachments/annexure/appendices. You should not disclose,
copy or otherwise use the information contained in the
message or any annexure. Any views expressed in this e-mail 
are those of the individual sender except where the sender 
specifically states them to be the views of 
Toshiba Software India Pvt. Ltd. (TSIP),Bangalore.

Although this transmission and any attachments are believed to be
free of any virus or other defect that might affect any computer 
system into which it is received and opened, it is the responsibility
of the recipient to ensure that it is virus free and no responsibility 
is accepted by Toshiba Embedded Software India Pvt. Ltd, for any loss or
damage arising in any way from its use.

More information about the openssl-users mailing list