how to determine peeraddr from quic connection
87 views
Skip to first unread message
gustafn
Sep 25, 2025, 12:01:03 PMSep 25
to openssl-users
when accepting a new quic connection
SSL *conn = SSL_accept_connection(listener_ssl, 0);
how can i determine the peer address (sockaddr) for conn?
It would be nice to have something like
int SSL_get_peer_addr(SSL *ssl,
SSL *conn = SSL_accept_connection(listener_ssl, 0);
how can i determine the peer address (sockaddr) for conn?
It would be nice to have something like
int SSL_get_peer_addr(SSL *ssl,
struct sockaddr *restrict addr,
socklen_t *restrict addrlen);
or
int SSL_get_peer_addr(SSL *ssl, BIO_ADDR *peer_addr);
using recvfrom(.... MSG_PEEK...) can't be the solution.
I have the feeling, i have missed something essential in the documentation
All the best -g
or
int SSL_get_peer_addr(SSL *ssl, BIO_ADDR *peer_addr);
using recvfrom(.... MSG_PEEK...) can't be the solution.
I have the feeling, i have missed something essential in the documentation
All the best -g
Matt Caswell
Sep 25, 2025, 12:36:56 PMSep 25
to gustafn, openssl-users
On Thu, 25 Sept 2025 at 17:01, gustafn <gustaf....@gmail.com> wrote:
when accepting a new quic connection
SSL *conn = SSL_accept_connection(listener_ssl, 0);
how can i determine the peer address (sockaddr) for conn?
It would be nice to have something like
int SSL_get_peer_addr(SSL *ssl,struct sockaddr *restrict addr,socklen_t *restrict addrlen);
or
int SSL_get_peer_addr(SSL *ssl, BIO_ADDR *peer_addr);
Hmm. I don't think we have something like this. I see the internal function to do this ("ossl_quic_channel_get_peer_addr"), but I don't see it exposed anywhere as public API. That looks like it would be a very useful addition and would be quite straightforward to add.
Matt
using recvfrom(.... MSG_PEEK...) can't be the solution.
I have the feeling, i have missed something essential in the documentation
All the best -g
--
You received this message because you are subscribed to the Google Groups "openssl-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openssl-user...@openssl.org.
To view this discussion visit https://groups.google.com/a/openssl.org/d/msgid/openssl-users/9827cf3a-fae0-4b13-af8c-7fc26d2fed5cn%40openssl.org.
Alexandr Nedvedicky
Sep 25, 2025, 12:40:37 PMSep 25
to gustafn, openssl-users
Hello,
I'm afraid you are right. There is currently no way to find out
remote peer's address for QUIC connection.
> Â Â Â int SSL_get_peer_addr(SSL *ssl, BIO_ADDR *peer_addr);
I think SSL_get_peer_addr() above would be the OpenSSL way
to implement it.
thanks and
regards
sashan
On Thu, Sep 25, 2025 at 09:01:02AM -0700, gustafn wrote:
> when accepting a new quic connectionÂ
> Â Â Â Â SSL Â Â Â Â Â Â *conn =
> SSL_accept_connection(listener_ssl, 0);
> how can i determine the peer address (sockaddr) for conn?Â
> It would be nice to have something likeÂ
> Â Â Â int SSL_get_peer_addr(SSL *ssl,Â
>
>         struct sockaddr *restrict addr, Â
>
> Â Â Â Â Â Â Â Â socklen_t *restrict addrlen);
> or
> Â Â Â int SSL_get_peer_addr(SSL *ssl, BIO_ADDR *peer_addr);
> 3a-fae0-4b13-af8c-7fc26d2fed5cn%40openssl.org.
>
> References
>
> 1. mailto:openssl-user...@openssl.org
> 2. https://groups.google.com/a/openssl.org/d/msgid/openssl-users/9827cf3a-fae0-4b13-af8c-7fc26d2fed5cn%40openssl.org?utm_medium=email&utm_source=footer
I'm afraid you are right. There is currently no way to find out
remote peer's address for QUIC connection.
> Â Â Â int SSL_get_peer_addr(SSL *ssl, BIO_ADDR *peer_addr);
I think SSL_get_peer_addr() above would be the OpenSSL way
to implement it.
thanks and
regards
sashan
On Thu, Sep 25, 2025 at 09:01:02AM -0700, gustafn wrote:
> when accepting a new quic connectionÂ
> Â Â Â Â SSL Â Â Â Â Â Â *conn =
> SSL_accept_connection(listener_ssl, 0);
> how can i determine the peer address (sockaddr) for conn?Â
> It would be nice to have something likeÂ
> Â Â Â int SSL_get_peer_addr(SSL *ssl,Â
>
>         struct sockaddr *restrict addr, Â
>
> Â Â Â Â Â Â Â Â socklen_t *restrict addrlen);
> or
> Â Â Â int SSL_get_peer_addr(SSL *ssl, BIO_ADDR *peer_addr);
> using recvfrom(.... MSG_PEEK...) can't be the solution.
> I have the feeling, i have missed something essential in the
> documentation
> All the best -g
>
> I have the feeling, i have missed something essential in the
> documentation
> All the best -g
>
> --
> You received this message because you are subscribed to the Google
> Groups "openssl-users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to [1]openssl-user...@openssl.org.
> You received this message because you are subscribed to the Google
> Groups "openssl-users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> To view this discussion visit
> [2]https://groups.google.com/a/openssl.org/d/msgid/openssl-users/9827cf
> 3a-fae0-4b13-af8c-7fc26d2fed5cn%40openssl.org.
>
> References
>
> 1. mailto:openssl-user...@openssl.org
> 2. https://groups.google.com/a/openssl.org/d/msgid/openssl-users/9827cf3a-fae0-4b13-af8c-7fc26d2fed5cn%40openssl.org?utm_medium=email&utm_source=footer
gustafn
Sep 26, 2025, 7:57:41 AMSep 26
to openssl-users, Alexandr Nedvedicky, openssl-users, gustafn
Such a call will be important for all, who a trying to implement a full-featured HTTP/3 web server (e.g. access logs).
Maybe interesting for others: I've tried for now different alternatives. The approach with recvfrom(.... MSG_PEEK...) does not work at all, it returns an empty sockaddr when i call it before SSL_accept_connection() and in pending conn callback. Similarly, my attempts to use SSL_get_rbio(ssl) and to get the peer from the bio failed (always NULL addresses) for these call sites. Maybe an approach creating my own UDP listening socket and plumbing the data to OpenSSL using BIO_s_dgram_pair might help, although, this looks like a crazy overhead to me just to get the peer addr.
In case, someone has more ideas, please let me know.
Matt Caswell
Sep 26, 2025, 8:09:37 AMSep 26
to gustafn, openssl-users, Alexandr Nedvedicky
To unsubscribe from this group and stop receiving emails from it, send an email to openssl-user...@openssl.org.
To view this discussion visit https://groups.google.com/a/openssl.org/d/msgid/openssl-users/1dc1b012-76a4-4170-9849-12c7c3ef1245n%40openssl.org.
gustafn
Sep 26, 2025, 8:20:20 AMSep 26
to openssl-users, Matt Caswell, openssl-users, Alexandr Nedvedicky, gustafn
Great! many thanks!
gustafn
Sep 28, 2025, 10:59:51 AMSep 28
to openssl-users, gustafn, Matt Caswell, openssl-users, Alexandr Nedvedicky
i have implemented this in my instance, and it works fine for my server. It needed some small tweaks on other places as well. so far, i have also added some documentation, but i am struggling still with the automated test cases to be able to make a PR. Not sure, i will get this working today.
Reply all
Reply to author
Forward
0 new messages