To get end point's IP address

Chethan Kumar Chethan.Kumar at toshiba-tsip.com
Wed May 22 08:41:23 UTC 2019


Thanks for the input.

>> If applications set this using SSL_set_tlsext_host_name(), is it 
>> correct to print hostname/IP in  tlsext_hostname.
>"correct" in what sense? "print" where?
> Maybe. You haven't explained what you're trying to do.
What we are trying to achieve is, if there is failure in connection between host and destination, then at the host side, log messages saying to which destination it got failed.
That's why, need to know the hostname/IP address of the destination.
Since many applications use openssl, we want to log messages from openssl side.
Is it ok if application set IP/hostname using SSL_set_tlsext_host_name() and at openssl side, we refer tlsext_hostname to log the message.?

Thanks in advance,
Chethan Kumar

-----Original Message-----
From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Michael Wojcik
Sent: Tuesday, May 21, 2019 8:30 PM
To: openssl-users at openssl.org
Subject: RE: To get end point's IP address

> From: Chethan Kumar [mailto:Chethan.Kumar at toshiba-tsip.com]
> Sent: Tuesday, May 21, 2019 03:53
>
> I researched more and found that tlsext_hostname member variable in 
> SSL structure can be used to to get host name.

That's the SNI hostname, which is set by the client to the hostname (or possibly some other string identifier, such as the text representation of an IP address) that it thinks it wants to connect to. It's used by the server to determine what certificate to send to the client. It's not a reliable indicator of the server's hostname, and has nothing to do with the client's hostname.

> If applications set this using SSL_set_tlsext_host_name(), is it 
> correct to print hostname/IP in  tlsext_hostname.

"correct" in what sense? "print" where?

Forget OpenSSL APIs and details of OpenSSL data structures. What problem are you trying to solve?

> Can I use this one to set hostname/Ip address.?

Maybe. You haven't explained what you're trying to do.

> Can applications acting as both server and client set this?

It's set by a client. It doesn't matter what else that client is doing.

--
Michael Wojcik
Distinguished Engineer, Micro Focus



The information contained in this e-mail message and in any
attachments/annexure/appendices is confidential to the 
recipient and may contain privileged information. 
If you are not the intended recipient, please notify the
sender and delete the message along with any 
attachments/annexure/appendices. You should not disclose,
copy or otherwise use the information contained in the
message or any annexure. Any views expressed in this e-mail 
are those of the individual sender except where the sender 
specifically states them to be the views of 
Toshiba Software India Pvt. Ltd. (TSIP),Bangalore.

Although this transmission and any attachments are believed to be
free of any virus or other defect that might affect any computer 
system into which it is received and opened, it is the responsibility
of the recipient to ensure that it is virus free and no responsibility 
is accepted by Toshiba Embedded Software India Pvt. Ltd, for any loss or
damage arising in any way from its use.



More information about the openssl-users mailing list