I have a python SSL client written using M2Crypto to which I'd like to add SNI support.
Looks like with OpenSSL one would use ```SSL_set_tlsext_host_name(ssl, servername)''' but I don't see that function exposed in the M2Crypto API.
Am I just missing it or is there some other way to do this?
I looked at the latest code in the M2Crypto SVN repository, and there is no support (yet) fro SNI. I needed SNI too so in the true open source spirit I wrote a patch for it :-)
The patch to add it is actually very simple:
Index: SWIG/_ssl.i
===================================================================
--- SWIG/_ssl.i (revision 739)
+++ SWIG/_ssl.i (working copy)
## -14,6 +14,7 ##
#include <openssl/bio.h>
#include <openssl/dh.h>
#include <openssl/ssl.h>
+#include <openssl/tls1.h>
#include <openssl/x509.h>
%}
## -375,6 +376,10 ##
return SSL_get_mode(ssl);
}
+long ssl_set_tlsext_host_name(SSL *ssl, const char *name) {
+ return SSL_set_tlsext_host_name(ssl, name);
+}
+
void ssl_set_client_CA_list_from_file(SSL *ssl, const char *ca_file) {
SSL_set_client_CA_list(ssl, SSL_load_client_CA_file(ca_file));
}
Index: M2Crypto/SSL/Connection.py
===================================================================
--- M2Crypto/SSL/Connection.py (revision 739)
+++ M2Crypto/SSL/Connection.py (working copy)
## -359,3 +359,7 ##
def set_post_connection_check_callback(self, postConnectionCheck):
self.postConnectionCheck = postConnectionCheck
+
+ def set_tlsext_host_name(self, name):
+ "Set the requested hostname for the SNI (Server Name Indication) extension"
+ m2.ssl_set_tlsext_host_name(self.ssl, name)
This has of course also been submitted to the M2Crypto bug/enhancement tracker.
Related
I am learning varnish and about extending the varnish vmod with inline c code. And I am starting it with writing my own custom varnish module. I want to log errors and failure from my custom module. How do i achieve that?
I have options to choose from various logging libraries available for C. But i want to check if there is any inbuilt varnish library to make use of it. Below is my sample code of a vmod c file.
#include "vrt.h"
#include "cache/cache.h"
#include "vcc_if.h"
#include <jansson.h>
#define JSON_ERROR "-1"
#define JSON_LOC "/etc/example.json"
VCL_STRING
vmod_validate_mymod(VRT_CTX) {
(void) ctx;
char *return_code = "0";
json_t *jobj;
json_error_t error;
jobj = json_load_file(JSON_LOC,0,&error);
if (!jobj) {
// error log here
return JSON_ERROR;
}
return return_code;
}
I want en error log line to be added in a cutom log file when the the if condition in the code above is true. Please help.
You want VSLb:
VSLb(ctx->vsl, SLT_VCL_Log, "%d", 5);
If you need to build larger string, or need allocations, use the WS_* functions, their allocations are freed at the end of the rquest automatically.
See how std.log() does it: https://github.com/varnishcache/varnish-cache/blob/389d7ba28e0d0e3a2d5c30a959aa517e5166b246/vmod/vmod_std.c#L145-L153
I've the sample pass code from LLVM.org:
#include "llvm/Pass.h"
#include "llvm/IR/Function.h"
#include "llvm/Support/raw_ostream.h"
using namespace llvm;
namespace {
struct Hello : public FunctionPass {
static char ID;
Hello() : FunctionPass(ID) {}
bool runOnFunction(Function &F) override {
errs() << "Hello: ";
errs().write_escaped(F.getName()) << '\n';
return false;
}
}; // end of struct Hello
} // end of anonymous namespace
char Hello::ID = 0;
static RegisterPass<Hello> X("hello", "Hello World Pass",
false /* Only looks at CFG */,
false /* Analysis Pass */);
The project builds fine and creates a SkeletonPass.dll.
When I execute the command:
C:\Users\nlykkei\Projects\llvm-pass-tutorial\build>opt -load skeleton\Debug\SkeletonPass.dll -hello foo.bc
opt: Unknown command line argument '-hello'. Try: 'opt -help'
opt: Did you mean '-help'?
opt doesn't recognize -hello option, even thus everything works fine on Ubuntu 16.04.
In addition, if I execute:
clang -Xclang -load -Xclang skeleton\Debug\SkeletonPass.dll foo.bc
nothing is printed out on Visual Studio terminal (Native Tools Command Prompt x86). On Linux, the function names are printed nicely for the same bitcode file.
What can be the reason for my experience? I do exactly the same on Windows 10 as I do on Ubuntu, but very different results.
Plugins are special beasts on Windows, because the latter does not support proper dynamic linking, so, your pass simply does not register itself in the PassRegistry. So you'd either need to compile all the LLVM into .dll or link your pass statically into opt / clang.
Is it possible to side-step _NSGetExecutablePath on Ubuntu Linux in place of a non-Apple specific approach?
I am trying to compile the following code on Ubuntu: https://github.com/Bohdan-Khomtchouk/HeatmapGenerator/blob/master/HeatmapGenerator2_Macintosh_OSX.cxx
As per this prior question that I asked: fatal error: mach-o/dyld.h: No such file or directory, I decided to comment out line 52 and am wondering if there is a general cross-platform (non-Apple specific) way that I can rewrite the code block of line 567 (the _NSGetExecutablePath block) in a manner that is non-Apple specific.
Alen Stojanov's answer to Programmatically retrieving the absolute path of an OS X command-line app and also How do you determine the full path of the currently running executable in go? gave me some ideas on where to start but I want to make certain that I am on the right track here before I go about doing this.
Is there a way to modify _NSGetExecutablePath to be compatible with Ubuntu Linux?
Currently, I am experiencing the following compiler error:
HeatmapGenerator_Macintosh_OSX.cxx:568:13: error: use of undeclared identifier
'_NSGetExecutablePath'
if (_NSGetExecutablePath(path, &size) == 0)
Basic idea how to do it in a way that should be portable across POSIX systems:
#define _XOPEN_SOURCE 500
#include <stdio.h>
#include <limits.h>
#include <stdlib.h>
static char *path;
const char *appPath(void)
{
return path;
}
static void cleanup()
{
free(path);
}
int main(int argc, char **argv)
{
path = realpath(argv[0], 0);
if (!path)
{
perror("realpath");
return 1;
}
atexit(&cleanup);
printf("App path: %s\n", appPath());
return 0;
}
You can define an own module for it, just pass it argv[0] and export the appPath() function from a header.
edit: replaced exported variable by accessor method
I am trying to make our program runnable on some old Linux versions. One common import that prevents it is __longjmp_chk, added in glibc 2.11 but missing in older ones. One "solution" is to use -D_FORTIFY_SOURCE=0 but this turns off other fortify functions (__printf_chk etc) which are present in the target libc. Is there a way to make __longjmp_chk a "weak import" which would use the function from libc.so.6 if present, and fall back to local stub if not?
Is there a way to make __longjmp_chk a "weak import" which would use
the function from libc.so.6 if present, and fall back to local stub
if not?
I'd say yes, using dlsym() to check for __longjmp_chk and acting accordingly:
/* cc -ldl */
#define _GNU_SOURCE
#include <setjmp.h>
#include <stdio.h>
#include <dlfcn.h>
void __longjmp_chk(sigjmp_buf env, int val)
{
void (*p)(sigjmp_buf, int) = dlsym(RTLD_NEXT, "__longjmp_chk");
if (p)
printf("use the function from libc\n"),
p(env, val);
else
{
printf("falling back to local stub\n");
/* local stub - whatever that may be */
}
}
main()
{ // try it
sigjmp_buf env;
while (!setjmp(env)) __longjmp_chk(env, 1);
return 0;
}
I am trying to make our program runnable on some old Linux versions.
There are only a few ways to make this work, and most of them are enumerated here.
Is there a way to make __longjmp_chk a "weak import".
No.
I built a .node extension in Windows using the following code (addon.node):
#include "v8.h"
#include "node.h"
extern "C" void NODE_EXTERN init (Handle<Object> target)
{
HandleScope scope;
target->Set(String::New("hello"), String::New("world"));
}
NODE_MODULE(hello, init)
I compiled in VS10 and my simple code in main.js is:
var addon = require("./addon.node");
console.log(addon.hello());
It should be print the word "world", but I have the following error:
#
# Fatal error in d:\nodejs\deps\v8\src\objects-inl.h, line 3199
# CHECK(heap->isolate() == Isolate::Current()) failed
#
Anyone knows the solution?
Thanks in advance!
SOLVED: My problem was that I included the library to SSL support. I remove it and done!