compiling 1.4.12 on HP-UX 11.31

I'm compiling libevent 1.4.12 on HP-UX 11.31 using the HP compiler.  I'm
getting errors because the compat/sys/_time.h is causing structs like
timeval, etc to be redeclared.

All I need to do is create testme.c with just

#include <time.h>

in it and then compile as

cc -DHAVE_CONFIG_H -I. -I./compat -Ae +DD64 -c testme.c

and I get the following errors
"/usr/include/sys/_timeval.h", line 24: error #2101: "timeval" has already
          been declared in the current scope
  struct timeval {
         ^

"/usr/include/sys/time.h", line 51: error #2101: "itimerval" has already been
          declared in the current scope
  struct        itimerval {
                ^

"/usr/include/sys/_timespec.h", line 18: error #2101: "timespec" has already
          been declared in the current scope
  struct timespec {
         ^

"/usr/include/sys/time.h", line 170: error #2101: "timezone" has already been
          declared in the current scope

remote client adress in evhttp_connection_set_closecb

Re: compiling 1.4.12 on HP-UX 11.31

On Mon, Nov 02, 2009 at 01:29:28PM -0600, Kathryn Hogg wrote:
 [...]
> if I take out the -I./compat it compiles fine.  Of course this causes
> problems when compiling the real source code as it needs
> compat/sys/queue.h  so I just removed compat/sys/_time.h for the HPUX
> 11.31 build.

Hm!  It sounds like the HP headers have their own
/usr/include/sys/_time.h that is included (directly or indirectly) by
/usr/include/time.h.  Can you confirm this?  If that's the case, it
appears that our compat/sys/_time.h is hiding it.

And if _that's_ so, we should probably rename sys/_time.h, or just
subsume its functionality into util-internal.h.

--

-- 
Nick

***********************************************************************
To unsubscribe, send an e-mail to majordomo <at> freehaven.net with
unsubscribe libevent-users    in the body.

Re: compiling 1.4.12 on HP-UX 11.31

Nick Mathewson wrote:
> On Mon, Nov 02, 2009 at 01:29:28PM -0600, Kathryn Hogg wrote:
>  [...]
>> if I take out the -I./compat it compiles fine.  Of course this causes
>> problems when compiling the real source code as it needs
>> compat/sys/queue.h  so I just removed compat/sys/_time.h for the HPUX
>> 11.31 build.
>
> Hm!  It sounds like the HP headers have their own
> /usr/include/sys/_time.h that is included (directly or indirectly) by
> /usr/include/time.h.  Can you confirm this?

That is what I was trying to say.

If that's the case, it
> appears that our compat/sys/_time.h is hiding it.
>
> And if _that's_ so, we should probably rename sys/_time.h, or just
> subsume its functionality into util-internal.h.

For now, when compiling on hpux 11.31, I am compiling with -DHPUX_11_31
and modified the libevent compat/sys/_time.h to wrap the system one:

#if defined(HPUX_11_31)
#include </usr/include/sys/_time.h>
#else
<snip>
#endif

--

-- 
Kathryn
http://womensfooty.com
National Team Donation - http://womensfooty.com/freedom/donate
***********************************************************************
To unsubscribe, send an e-mail to majordomo <at> freehaven.net with
unsubscribe libevent-users    in the body.

Re: compiling 1.4.12 on HP-UX 11.31

On Tue, Nov 03, 2009 at 12:20:18PM -0600, Kathryn Hogg wrote:
> 
> Nick Mathewson wrote:
> > On Mon, Nov 02, 2009 at 01:29:28PM -0600, Kathryn Hogg wrote:
> >  [...]
> >> if I take out the -I./compat it compiles fine.  Of course this causes
> >> problems when compiling the real source code as it needs
> >> compat/sys/queue.h  so I just removed compat/sys/_time.h for the HPUX
> >> 11.31 build.
> >
> > Hm!  It sounds like the HP headers have their own
> > /usr/include/sys/_time.h that is included (directly or indirectly) by
> > /usr/include/time.h.  Can you confirm this?
> 
> That is what I was trying to say.

Excellent.  I've changed 1.4 to rename the header (which seemed the
safest option), and changed 2.0 to not use the header at all (since I
am pretty sure, based on grepping the code a bit, that it is no longer
needed anywhere).

If anyone here is building Libevent on a non-Windows system that lacks
a /usr/include/sys/time.h, and you have the time, please try the
latest trunk and patches-1.4 branch from subversion to make sure I
haven't broken your platform.

yrs,
--

-- 
Nick
***********************************************************************
To unsubscribe, send an e-mail to majordomo <at> freehaven.net with
unsubscribe libevent-users    in the body.

libevent-2.0 and openssl filter

Hi,

I have read that one of your planned feature for libevent-2.0 is about
to let the possibility to implement openssl over bufferents. 
(http://www.mail-archive.com/libevent-users <at> monkey.org/msg01494.html
part 5.4)

Will it give possibility for developpers to use OpenSSL's BIO API
through libevent bufferevents? (keeping ease of use given by BIOs +
optimized way of handling I/O in libevent)

I am going to extend one code to support ciphering through OpenSSL (not
only SSL, but symmetric encryption and so on). I am currently using
stable release of libevent to handle I/O. Does it worth waiting a bit
for such feature, about OpenSSL, in version 2.0 or not? At this stage,
adding ciphering capabilities to my code - which uses bufferevent -
would mean to do that with OpenSSL's EVP API. Though I guess BIO would
be best. At least these are my assumptions. Or am I just out of scope? 

Thanks,

TB
***********************************************************************
To unsubscribe, send an e-mail to majordomo <at> freehaven.net with
unsubscribe libevent-users    in the body.

Re: libevent-2.0 and openssl filter

On Tue, Nov 03, 2009 at 10:28:39PM +0200, tuna <at> lyua.org wrote:
> Hi,
> 
> I have read that one of your planned feature for libevent-2.0 is about
> to let the possibility to implement openssl over bufferents. 
> (http://www.mail-archive.com/libevent-users <at> monkey.org/msg01494.html
> part 5.4)
> 
> Will it give possibility for developpers to use OpenSSL's BIO API
> through libevent bufferevents? (keeping ease of use given by BIOs +
> optimized way of handling I/O in libevent)

Right now the bufferevent_openssl module has a BIO implementation that
can direct IO through a bufferevent.  The BIO itself isn't isn't
exposed as part of the public interface right now; should it be?

(This code is in svn trunk, and will be in 2.0.3-alpha, which I hope
will come out this month.)

> I am going to extend one code to support ciphering through OpenSSL (not
> only SSL, but symmetric encryption and so on). I am currently using
> stable release of libevent to handle I/O. Does it worth waiting a bit
> for such feature, about OpenSSL, in version 2.0 or not? At this stage,
> adding ciphering capabilities to my code - which uses bufferevent -
> would mean to do that with OpenSSL's EVP API. Though I guess BIO would
> be best. At least these are my assumptions. Or am I just out of
> scope? 

If all you want is an SSL-encrypted connection, and you're using
bufferevents, I'd suggest the bufferevent_openssl logic in svn trunk.
It presents the same interface as a regular socket bufferevent, but it
does uses openssl to do SSL (either over a socket directly, or over
another bufferevent).

[Also, please remember that this code isn't even alpha-level: it's
development code in a subversion repository.  It works okay for me and
passes its unit tests, but please be ready to report any bugs you
find.]

hth,
--

-- 
Nick

***********************************************************************
To unsubscribe, send an e-mail to majordomo <at> freehaven.net with
unsubscribe libevent-users    in the body.

Re: libevent-2.0 and openssl filter

Hi, 

Wed, 4 Nov 2009 11:07:10 -0500, Nick Mathewson <nickm <at> freehaven.net>
wrote:
> Right now the bufferevent_openssl module has a BIO implementation that
> can direct IO through a bufferevent.  The BIO itself isn't isn't
> exposed as part of the public interface right now; should it be?
> 
> 
> If all you want is an SSL-encrypted connection, and you're using
> bufferevents, I'd suggest the bufferevent_openssl logic in svn trunk.
> It presents the same interface as a regular socket bufferevent, but it
> does uses openssl to do SSL (either over a socket directly, or over
> another bufferevent).
> 
I quickly (so I might be wrong) went through your bufferevent_openssl
module. Seems nice but for SSL underlying protocol only, right? 
I guess it would indeed require much work to expose BIO so we could set
the BIO we want. But here is what I had in mind, for instance this
pseudo-code:

/*We assum fd is a socket fd, base is an already set up struct
event_base etc...*/
struct bufferevent *bev;
if (do_we_want_ciphering())
{
	/*We initiate the BIO we want*/
	BIO *bio = BIO_new(BIO_s_socket());

	EVP_CIPHER = /*we set up our cipher, with its required
	parameters ...*/

	BIO_set_cipher(/*the cipher we want*/)
	BIO_set_fd(bio, fd ....);

	/*Here we "inject" our BIO into a bufferevent so we will
	almost never deal again with BIO API itself. I.e.: while
	getting/setting buffer content from bufferevent, it will be
	decrypted/encrypted automtically.*/

	bev = bufferevent_BIO_new(base, bio, ...);

} 
else
{
	/*"classic" code, bev is initiated as we usually do*/
}

/*rest, callbacks and so on*/

I don't know how much work it would require. Maybe quite much
actually, mainly due to error handling, fd types or so etc...

What's your opinion about such method?

TB
***********************************************************************
To unsubscribe, send an e-mail to majordomo <at> freehaven.net with
unsubscribe libevent-users    in the body.

Re: libevent-2.0 and openssl filter

On Wed, Nov 04, 2009 at 07:25:32PM +0200, tuna <at> lyua.org wrote:
 [...]
> I quickly (so I might be wrong) went through your bufferevent_openssl
> module. Seems nice but for SSL underlying protocol only, right? 
> I guess it would indeed require much work to expose BIO so we could set
> the BIO we want. But here is what I had in mind, for instance this
> pseudo-code:

Oh, I see.  You don't want to use SSL, you just want to use an EVP and
a BIO for an ad-hoc encryption scheme.

Before we get too far into this ... are you sure this is really what
you want?  With the scheme you describe below, there is no way to
prevent man-in-the-middle attacks, there is no data authentication,
you may be vulnerable to replay and truncation attacks, and you need
to roll your own key negotiation (which is notoriously difficult).
Using SSL/TLS means that all of these cryptography problems will get
solved for you.  Trying to solve them yourself -- or leaving them
unaddressed -- is (IMO) asking for trouble.

That aside, let's figure out how you would do this, if it were a good
idea.

> /*We assum fd is a socket fd, base is an already set up struct
> event_base etc...*/
> struct bufferevent *bev;
> if (do_we_want_ciphering())
> {
> 	/*We initiate the BIO we want*/
> 	BIO *bio = BIO_new(BIO_s_socket());
> 
> 	EVP_CIPHER = /*we set up our cipher, with its required
> 	parameters ...*/
> 
> 	BIO_set_cipher(/*the cipher we want*/)
> 	BIO_set_fd(bio, fd ....);

I don't think this would work; BIO_set_cipher only behaves correctly
for a BIO created with the BIO_f_cipher() filtering method.  So you'd
have to say something like

    BIO *fd_bio = BIO_new(BIO_s_socket());
    BIO *cipher_bio = BIO_new(BIO_f_cipher());

    BIO_set_fd(fd_bio, fd, ...);
    BIO_set_cipher(cipher_bio, ...);
    BIO_push(cipher_bio, fd_bio); /* unless I have this backwards */

> 	/*Here we "inject" our BIO into a bufferevent so we will
> 	almost never deal again with BIO API itself. I.e.: while
> 	getting/setting buffer content from bufferevent, it will be
> 	decrypted/encrypted automtically.*/
> 
> 	bev = bufferevent_BIO_new(base, bio, ...);

Ah!  No, we don't support that right now.  I wouldn't be opposed to
adding patch that did it, if somebody writes a good well-tested one,
but the code in bufferevent_openssl.c is written (for performance) to
use an SSL rather than an arbitrary BIO.

It wouldn't be _too_ hard to implement a variant that took a BIO.  I
spend 30 mintues hacking together an untested proof-of-concept
version, and uploaded it to the tracker at
https://sourceforge.net/tracker/?func=detail&aid=2892126&group_id=50884&atid=461324
, but it needs more TLC before it's ready for prime-time.  Somebody
(not me) should take the time to get it ready and cleaned up if they
care.

[We still want the default behavior to be using an SSL rather than a
BIO_f_ssl(); SSL code is often performance-critical, and adding an
unnecessary layer of indirection to the SSL case will not make us
friends.]

yrs,
--

-- 
Nick
***********************************************************************
To unsubscribe, send an e-mail to majordomo <at> freehaven.net with
unsubscribe libevent-users    in the body.

Re: Patch: add constraints on HTTP first line/headers/body size

On Thu, Oct 15, 2009 at 10:27:21PM +0300, Constantine Verutin wrote:
> Nick,
[...] 
> Please see the updated patch.

Thanks!  I've made a couple changes and checked it in to the
subversion repository.  Please let me know if you think I messed
anything up.

yrs,
--

-- 
Nick
***********************************************************************
To unsubscribe, send an e-mail to majordomo <at> freehaven.net with
unsubscribe libevent-users    in the body.