Namedpipe and OpenSSL

Question

0.00/5 (No votes)

See more:

Hello,

I developed a client and server that use the OpenSSL to communicate using TLS via TCP, and it is working very well.

But I need to communicate via Namedpipe, and there is the question:
When I create a namedpipe, I call:

C++

HANDLE hPipe = CreateNamedPipe(...);
ConnectNamedPipe(hPipe, NULL);

After the Namedpipe is connected, I need call:

int SSL_set_fd(SSL *ssl, int fd);

As we can see, the "hPipe" is a HANDLE, but I need convert this HANDLE to int. So I tried to use the below to get a "int" then call SSL_set_fd(ssl, fd):

int fd = _open_osfhandle(reinterpret_cast<intptr_t>(hPipe), 0);

The return of _open_osfhandle() will be "3", but OpenSSL isn't accepting when I try call "SSL_accept()".

Am I doing something wrong?
Is there other way to use OpenSSL with Namedpipe?
Note: I'm using the Microsoft Visual Studio, C++.

Thank you.

Posted 1-Feb-14 7:31am

Haruks

Add a Solution

Comments

[no name] 1-Feb-14 14:11pm

a.) why you need to convert to int?

b.) why in case it is need to convert, why you do not convert to a better matching type like e.g. DWORD

Haruks 1-Feb-14 14:24pm

Because I need call "SSL_set_fd(SSL *ssl, int fd)" from OpenSSL. The second parameter is a "int" (the file descriptor) that will be associated with the "ssl" object.

[no name] 1-Feb-14 15:14pm

Thanks for your feedback. Unfortunately I can't help you in this matter. But I think other members will help you ;)

Sergey Alexandrovich Kryukov 1-Feb-14 19:39pm

Why named pipes, not sockets? Just to have some extra difficulties? :-)
—SA

Haruks 2-Feb-14 11:29am

I need that two local process exchanges data (IPC), but it must be a exclusive communication channel (just two process can connect - just the server and one client). The use of TCP with loopback address is a option, but I wish to avoid problems with third-party firewall softwares.

Sergey Alexandrovich Kryukov 2-Feb-14 12:13pm

Hm... I don't know why do you think pipes can help you. I don't think the firewall would make any difference. They just look at the lower-level packages and ports numbers...
—SA

Haruks 2-Feb-14 16:25pm

I want to avoid that a firewall blocks loopback connections.
I know that exists firewall for namedpipes, but is more common to TCP.

[no name] 4-Feb-14 11:02am

Dear Sergey
Can you help me with this (in case you think it is worth to ask a question I will ask it in the forum)?
I agree named pipes gives some extra difficulties. But one advantage for me is I do not have to decide for a portnumber on which the server has to listen. Or can this be automated with sockets? N.B: I need to have an IPC between a service and a background process.

Thank you in advance.
Regards, Bruno

Sergey Alexandrovich Kryukov 4-Feb-14 11:36am

They are not too difficult or different (yes, there are some extra hassles), I used the myself. Note that they also can be used via the "IPC" channel of "classical" remoting or WCF, consider it — it would allow you to change channels (TCP, pipes, whatever else...) without changing the rest of the code.

I just don't know the difference they probably can make in relation to firewalls. You can use pipes (originally designed as IPC working on the same computers) across network. I don't really know the protocols used for that, but I assume that firewalls cannot see the difference, is it a pipe or not. Firewall use brute force to block something. Can you see the point?

—SA

KarstenK 3-Feb-14 6:06am

Client and server architecture is a very strong argument for using TCP.

Haruks 3-Feb-14 6:26am

I agree, but in this case, there is a IPC/local communication, between two local process.
I want to use NamedPipe, because if I use TCP, is possible that a firewall (on the local machine) blocks the communication. I wish to avoid problems like that. In this case, the NamedPipe will be better.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Mattias Högström · Answer 1 · 2014-02-03T00:57:00

You are trying to convert a HANDLE into an FD.
Maybe open_osf_handle doesn't work as it should.

Try skipping that step.
In Unix named pipes are opened directly with fopen
FILE* fpwrite = fopen("\\\\.\\pipe\\SamplePipe", ....)

According to http://social.msdn.microsoft.com/Forums/vstudio/en-US/fc12d839-3358-4eca-ba15-893e146a5e7b/is-it-possible-to-open-named-pipes-on-windows-using-fopen-in-write-only?forum=vcgeneral[^] someone answered that it should be possible in Windows too.

I have never seen anyone run SSL over a named pipe.
I am not 100% sure it will work, but it is worth a try of course.
Good luck.