duplicating an SSL struct - Openssl

This is a discussion on duplicating an SSL struct - Openssl ; Hello, I am wrapping an ssl socket using c++ and use a third party library steam implementation. the library I use requires an implementation of a copy constructor. I managed to dup and initialize a simple BIO and then free ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: duplicating an SSL struct

  1. duplicating an SSL struct

    Hello,

    I am wrapping an ssl socket using c++ and use a third party library
    steam implementation. the library I use requires an implementation of a
    copy constructor. I managed to dup and initialize a simple BIO and then
    free it as required, but when it comes to SSL struct, thing don't seem
    to work the same way.
    BIO code:
    used in copy constructor:
    SSLSocketBase& SSLSocketBase:perator=(const SSLSocketBase &sslsock)
    {
    if (&sslsock != this) {
    int fd;

    m_bio = BIO_new_socket((fd = dup(BIO_get_fd(sslsock.m_bio, NULL))),
    0);
    BIO_set_fd(m_bio, fd, 0);
    }
    return *this;
    }
    and the destructor:
    SSLSocketBase::~SSLSocketBase()
    {
    if (m_bio != NULL) {
    BIO_free(m_bio);
    m_bio = NULL;
    }
    }
    I am looking for a way to duplicate the SSL struct with all of it's
    components in order to keep using it without a new handshake.
    destructor is pretty straight forward, but copy/duplication is trickier.
    this is what i got so far:
    SSLSocketSecure& SSLSocketSecure:perator=(const SSLSocketSecure
    &sslsock)
    {
    if (&sslsock != this) {
    try {
    static_cast(*this) = sslsock; // uses the above
    operator example
    SSL_CTX *ctx = SSL_get_SSL_CTX(sslsock.m_ssl);

    if (!(m_ssl = SSL_new(ctx)))
    THROW(SocketException, "Error creating SSL context");
    SSL_set_bio(m_ssl, m_bio, m_bio);
    } catch (Exception &e) {
    std::cerr << e.msg() << std::endl;
    }
    }
    return *this;
    }
    I'm lost as to what is missing here.
    any help would be greatly appreciated.


    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  2. RE: duplicating an SSL struct


    > I am wrapping an ssl socket using c++ and use a third party library
    > steam implementation. the library I use requires an implementation of a
    > copy constructor. I managed to dup and initialize a simple BIO and then
    > free it as required, but when it comes to SSL struct, thing don't seem
    > to work the same way.
    > BIO code:
    > used in copy constructor:

    [snip]
    > I am looking for a way to duplicate the SSL struct with all of it's
    > components in order to keep using it without a new handshake.
    > destructor is pretty straight forward, but copy/duplication is trickier.
    > this is what i got so far:

    [snip]
    > I'm lost as to what is missing here.
    > any help would be greatly appreciated.


    An SSL structure represents the actual connection itself. The connection
    cannot be duplicated -- there is no way to turn one connection into two
    identical connections. So what you're trying to do does not make logical
    sense.

    If you want to have two handles to the connection, such that the same single
    connection can be used from two different places, what you want is a
    structure that acts as a handle to a connection. You can then safely
    duplicate *this* structure, since it now represents a "way to get to a
    connection", which you can logically have more than one of.

    SSL structures are already reference count, but there's no easy way to
    increment it. So you may want to use your own reference count. Create two
    structures, one that holds the SSL pointer and a reference count, and
    another one that contains pointers to that first structure. It's that second
    structure that you can use as a hook to an SSL connection and safely
    duplicate. When the second structure is destroyed, dec the ref count on the
    first structure, and if it hits zero, SSL_free the underlying SSL object.

    DS


    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  3. Re: duplicating an SSL struct

    On Wed, Jun 11, 2008 at 09:08:48PM -0700, David Schwartz wrote:

    >
    > > I am wrapping an ssl socket using c++ and use a third party library
    > > steam implementation. the library I use requires an implementation of a
    > > copy constructor. I managed to dup and initialize a simple BIO and then
    > > free it as required, but when it comes to SSL struct, thing don't seem
    > > to work the same way.
    > > BIO code:
    > > used in copy constructor:

    > [snip]
    > > I am looking for a way to duplicate the SSL struct with all of it's
    > > components in order to keep using it without a new handshake.
    > > destructor is pretty straight forward, but copy/duplication is trickier.
    > > this is what i got so far:

    > [snip]
    > > I'm lost as to what is missing here.
    > > any help would be greatly appreciated.

    >
    > An SSL structure represents the actual connection itself. The connection
    > cannot be duplicated -- there is no way to turn one connection into two
    > identical connections. So what you're trying to do does not make logical
    > sense.


    An SSL_SESSION can be obtained from one SSL connection and used to speed up
    the handshake (bypass public-key operations) for a new connection.

    --
    Viktor.
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


+ Reply to Thread