[Caml-list] ocaml-ssl

[Caml-list] ocaml-ssl

[Pierre Chopin]

Hi,

I am trying to get familiar with the ocaml-ssl bindings for Opensll. 

Thus, I am trying to establish an SSL connection between a server and a client which are on my computer.

I  therefore create two sockets, establish a tcp connection between then, and then fail to establish SSL communication.

The function Ssl.accept on the server will return Accept_error Error_want_read, which I believe is due to the fact that somehow the socket is used in non-blocking mode. 

I therefore made a loop to constantly check for accepting connection. I am not familiar with non blocking mode so I don't know if it is right. Here is the code for the server.


(*
#directory "/opt/local/lib/ocaml/site-lib/ssl/";;
#load "ssl.cma" ;;
#load "unix.cma"
*)

open Ssl ;;
open Unix;;
init () ;;
let domain = PF_INET ;;
let ty = SOCK_STREAM ;; 

let usock = socket domain ty 0;;
let name =Unix.gethostname () ;;
let h = Unix.gethostbyname name ;;
let inet = h.h_addr_list.(0) ;;
let cont = create_context SSLv3 Server_context ;;
let sock_addr = Unix.ADDR_INET (inet,22211) ;;
bind usock sock_addr ;;
listen usock 3 ;;
accept usock ;;
print_string "TCP connection established\n" ;;
Pervasives.flush Pervasives.stdout ;;
 let sock = embed_socket usock cont ;;



while true do
try
Ssl.accept sock ;;
print_endline "bing" ;
Pervasives.flush Pervasives.stdout
with Ssl.Accept_error Error_want_read ->
 sleep 1;
 print_endline "looping" ;Pervasives.flush Pervasives.stdout
done;



Concerning the client, it's pretty much a mirror of the server, except for the loop:


#directory "/opt/local/lib/ocaml/site-lib/ssl/";;
#load "/opt/local/lib/ocaml/site-lib/ssl/ssl.cma" ;;
#load "unix.cma"

open Ssl ;;
open Unix;;
init () ;;
let domain = PF_INET ;;
let ty = SOCK_STREAM ;; 
let usock = socket domain ty 0;;
let name =Unix.gethostname () ;;
let h = Unix.gethostbyname name ;;
let inet = h.h_addr_list.(0) ;;
let cont = create_context SSLv3 Client_context ;;
let sock_addr = Unix.ADDR_INET (inet,22211) ;;
connect usock sock_addr;;

let sock =embed_socket usock cont  ;;
let usock2 = file_descr_of_socket sock ;;
Ssl.connect sock ;;

That last function never returns, and the server keeps "looping", until i kill the process. Any idea why?

Sincerly, Pierre

Re: [Caml-list] ocaml-ssl

[Tom Wilkie]

You shouldn't do the first accept; I think you should do it like this in the server:

let fd = Unix.socket Unix.PF_UNIX Unix.SOCK_STREAM 0 in

Unix.bind fd addr;
Unix.listen fd 10;

while true do
	let sock, _ = Unix.accept fd in
	let ssl = Ssl.embed_socket sock ctx in
		Ssl.accept ssl;
		Ssl.read ssl etc...
done

And the client should do:

let fd = Unix.socket Unix.PF_UNIX Unix.SOCK_STREAM 0 in
	Unix.connect fd address;

	let ssl = Ssl.embed_socket fd context in
		Ssl.connect ssl;
		Ssl.write ssl etc...

HTH

Tom

On 24 Feb 2011, at 19:11, Pierre Chopin wrote:

> Hi,
> 
> I am trying to get familiar with the ocaml-ssl bindings for Opensll. 
> 
> Thus, I am trying to establish an SSL connection between a server and a client which are on my computer.
> 
> I  therefore create two sockets, establish a tcp connection between then, and then fail to establish SSL communication.
> 
> The function Ssl.accept on the server will return Accept_error Error_want_read, which I believe is due to the fact that somehow the socket is used in non-blocking mode. 
> 
> I therefore made a loop to constantly check for accepting connection. I am not familiar with non blocking mode so I don't know if it is right. Here is the code for the server.
> 
> 
> (*
> #directory "/opt/local/lib/ocaml/site-lib/ssl/";;
> #load "ssl.cma" ;;
> #load "unix.cma"
> *)
> 
> open Ssl ;;
> open Unix;;
> init () ;;
> let domain = PF_INET ;;
> let ty = SOCK_STREAM ;; 
> 
> let usock = socket domain ty 0;;
> let name =Unix.gethostname () ;;
> let h = Unix.gethostbyname name ;;
> let inet = h.h_addr_list.(0) ;;
> let cont = create_context SSLv3 Server_context ;;
> let sock_addr = Unix.ADDR_INET (inet,22211) ;;
> bind usock sock_addr ;;
> listen usock 3 ;;
> accept usock ;;
> print_string "TCP connection established\n" ;;
> Pervasives.flush Pervasives.stdout ;;
> let sock = embed_socket usock cont ;;
> 
> 
> 
> while true do
> try
> Ssl.accept sock ;;
> print_endline "bing" ;
> Pervasives.flush Pervasives.stdout
> with Ssl.Accept_error Error_want_read ->
> sleep 1;
> print_endline "looping" ;Pervasives.flush Pervasives.stdout
> done;
> 
> 
> 
> Concerning the client, it's pretty much a mirror of the server, except for the loop:
> 
> 
> #directory "/opt/local/lib/ocaml/site-lib/ssl/";;
> #load "/opt/local/lib/ocaml/site-lib/ssl/ssl.cma" ;;
> #load "unix.cma"
> 
> open Ssl ;;
> open Unix;;
> init () ;;
> let domain = PF_INET ;;
> let ty = SOCK_STREAM ;; 
> let usock = socket domain ty 0;;
> let name =Unix.gethostname () ;;
> let h = Unix.gethostbyname name ;;
> let inet = h.h_addr_list.(0) ;;
> let cont = create_context SSLv3 Client_context ;;
> let sock_addr = Unix.ADDR_INET (inet,22211) ;;
> connect usock sock_addr;;
> 
> let sock =embed_socket usock cont  ;;
> let usock2 = file_descr_of_socket sock ;;
> Ssl.connect sock ;;
> 
> That last function never returns, and the server keeps "looping", until i kill the process. Any idea why?
> 
> Sincerly, Pierre
> 
> 
> 
> 
> -- 
> Caml-list mailing list.  Subscription management and archives:
> https://sympa-roc.inria.fr/wws/info/caml-list
> Beginner's list: http://groups.yahoo.com/group/ocaml_beginners
> Bug reports: http://caml.inria.fr/bin/caml-bugs
> 

Re: [Caml-list] ocaml-ssl

[Gregory Bellier]

Hi Pierre !

In the ocaml-ssl tarball, there is an example on how to use the library.
If you don't manage to use it, I'll share some code of mine with you if 
you want. But first, try the example which is more understandable.

Grégory.