OpenSSL
 » 
OpenSSL - User

 « Return to Thread: function BIO_set_ssl_renegotiate_timeout() not working

function BIO_set_ssl_renegotiate_timeout() not working

by lakshmi-10 :: Rate this Message:

Reply to Author | View in Thread

Some parts of this message have been removed. Learn more about Nabble's security policy.
Hi all,
 
I am trying to implement renegotiation on server after a certain amount of time.
Using BIO_set_ssl_renegotiate_timeout() function to implement the renegotiation on timeout.
Renegotiation is not happening after the specified timeout.
 
I have written a small server program to test the renegotiation on timeout. The server merely reads the data sent by the client, it does not write any data. The server code is attached. 
 
Used "s_client -connect host:port -tls1"
as the client to send data.
 
I am implementing non-blocking IO on the server.
Am I doing anything wrong or missing something?
 
*****Server code**********

#include <assert.h>

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

#include <netinet/in.h>

#include <sys/socket.h>

#include <arpa/inet.h>

#include <fcntl.h>

#include <sys/stat.h>

#include <openssl/e_os2.h>

#include <openssl/engine.h>

#include <openssl/conf.h>

#include <openssl/crypto.h>

#include <asm/ioctls.h>

#include <sys/types.h>

#include <openssl/bio.h>

#include <openssl/err.h>

#include <openssl/pem.h>

#include <openssl/x509.h>

#include <openssl/ssl.h>

#include <openssl/rand.h>

#define SERV_PORT 443

static unsigned char dh512_p[]={

0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,

0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,

0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,

0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,

0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,

0x47,0x74,0xE8,0x33,

};

static unsigned char dh512_g[]={

0x02,

};

static DH *get_dh512(void)

{

DH *dh=NULL;

if ((dh=DH_new()) == NULL) return(NULL);

dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);

dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);

if ((dh->p == NULL) || (dh->g == NULL))

return(NULL);

return(dh);

}

static DH *load_dh_param(char *dhfile)

{

DH *ret=NULL;

BIO *bio;

if ((bio=BIO_new_file(dhfile,"r")) == NULL)

goto err;

ret=PEM_read_bio_DHparams(bio,NULL,NULL,NULL);

err:

if (bio != NULL) BIO_free(bio);

return(ret);

}

#define TEST_CERT "server.pem"

int main()

{

int sock, i, ret, err, connfd, total_bytes=0;

unsigned long Switch =1;

BIO *bio;

SSL *ssl;

SSL_CTX *ctx;

char buf[80]={0};

socklen_t cli_len;

X509_STORE *store = NULL;

int vflags = 0;

int s_server_verify=SSL_VERIFY_NONE;

char *CApath=NULL,*CAfile=NULL;

struct sockaddr_in addr, cl_addr;

if( !SSL_library_init() )

{

printf("Error in initializing SSL Library\n");

return 0;

}

SSL_load_error_strings();

sock = socket(AF_INET, SOCK_STREAM, 0);

memset (&addr, 0, sizeof(struct sockaddr_in));

addr.sin_family = AF_INET;

addr.sin_addr.s_addr = htonl(INADDR_ANY);

addr.sin_port = htons( SERV_PORT );

ret = bind(sock, (struct sockaddr *)&addr, sizeof(addr));

if(ret != 0)

{ printf("unable to bind to socket\n");

return 0;

}

ret = listen(sock,1);

if(ret != 0)

{

printf("unable to listen on socket\n");

return 0;

}

ctx = SSL_CTX_new(SSLv23_server_method());

if (ctx == NULL)

{

printf ("Unable to create ssl context: %s\n",

ERR_error_string(ERR_get_error(), NULL));

return 0;

}

SSL_CTX_set_options(ctx,0);

/* setting certificates and keys */

{

/*if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||

(!SSL_CTX_set_default_verify_paths(ctx)))

{

printf("Unable to set default cert paths: %s\n",

ERR_error_string(ERR_get_error(), NULL));

}*/

 

DH *dh = NULL;

dh = load_dh_param(TEST_CERT);

SSL_CTX_set_tmp_dh(ctx,dh);

DH_free(dh);

RSA *rsa;

rsa=RSA_generate_key(512,RSA_F4,NULL, NULL);

if (!SSL_CTX_set_tmp_rsa(ctx,rsa))

{

printf("Unable to set rsa values: %s\n",

ERR_error_string(ERR_get_error(), NULL));

return 0;

}

RSA_free(rsa);

if (SSL_CTX_use_certificate_file(ctx,TEST_CERT,

SSL_FILETYPE_PEM) <= 0)

{

printf("Unable to set certificate file: %s\n",

ERR_error_string(ERR_get_error(), NULL));

return(0);

}

if (SSL_CTX_use_PrivateKey_file(ctx,TEST_CERT,

SSL_FILETYPE_PEM) <= 0)

{

printf("Unable to set PrivateKey file: %s\n",

ERR_error_string(ERR_get_error(), NULL));

return(0);

}

 

}

 

for(;;)

{

total_bytes = 0;

cli_len = sizeof(cl_addr);

connfd = accept(sock, (struct sockaddr*)&cl_addr, &cli_len);

if(connfd <=0 )

continue;

bio = BIO_new_socket(connfd, BIO_CLOSE);

ssl = SSL_new(ctx);

if (ssl == NULL)

{

printf ("Unable to create ssl: %s\n",

ERR_error_string(ERR_get_error(), NULL));

return 0;

}

if ((ret = BIO_socket_ioctl(connfd,FIONBIO,&Switch)) < 0)

{

printf ("Unable to set non-blocking option on BIO\n");

return 0;

}

 

SSL_set_bio(ssl, bio, bio);

SSL_set_accept_state( ssl );

while ( (ret = SSL_accept(ssl)) <=0 )

{

/* printf("Error accepting ssl connection: %s\n",

ERR_error_string(ERR_get_error(), NULL));*/

}

printf("Accepted SSL Connection\n");

ret = BIO_set_ssl_renegotiate_timeout(bio, 5);

// ret = BIO_set_ssl_renegotiate_bytes(bio, 1024);

printf("setting renegotiation timeout to 5, ret = %d\n", ret);

for (; ;)

{

err = SSL_read(ssl, buf, sizeof(buf));

switch(SSL_get_error(ssl,err))

{

case SSL_ERROR_NONE:

total_bytes += err;

printf("Read: %s\n",buf);

break;

case SSL_ERROR_WANT_READ:

case SSL_ERROR_WANT_WRITE:

break;

default:

goto shutdown;

}

}

shutdown:

if(SSL_get_shutdown(ssl) && SSL_RECEIVED_SHUTDOWN)

SSL_shutdown(ssl);

else

SSL_clear(ssl);

close(connfd);

// BIO_free(bio);

printf("total bytes read = %d\n", total_bytes);

printf("Closing connection\n");

SSL_free(ssl);

}

return 0;

}

thanks,

Lakshmi Prasanna.

 

 

 


s_test.c (6K) Download Attachment

 « Return to Thread: function BIO_set_ssl_renegotiate_timeout() not working

Free embeddable forum powered by Nabble Forum Help