I'm somewhat surprised that you get as far as you indicate - "-quiet"
is modifying the behaviour somewhat. When you run s_client without
it, it will always terminate before getting the http response.
This is because s_client is designed to terminate whenever it
gets an EOF on stdin. When you pipe from a file, the HTTP request
data is sent immediately followed by an EOF, and the s_client
code doesn't even bother waiting for the response from the
server, but just shuts down.
If you need it to ignore EOF on stdin, go into the s_client.c
code (around linme 596- FD_ISSET(fileno(stdin)) and modify
it to not shutdown on receivnig an EOF (i<0).
Having said that, I have no idea why your server is hanging when
the "-quiet" option is specified. :(
Hope this helps you somewhat.
Thomas
Soeren Schroeder wrote:
>
> I am new to SSL, and need to build an application talking to another host
> on top of SSLv3.
>
> I've installed SSLeay 0.9.0b on my FreeBSD unix server, installed Apache
> mod_ssl, obtained and installed the Verisign Certificate, and done some
> initial testing. So far so good.
>
> I planned on using s_client for the socket based part of the project, but
> for some reason it won't do the trick.
>
> what I do is:
>
> cat My Request | s_client -connect xxx.xxx.xxx.xxx:yyyy -ssl3 \
> -quiet -cert /root/ssl/verisign_cert.pem -key \
> -key /root/ssl/verisign_key.pem -state > MyOutput
>
> But the socket is "stuck", it never terminates but hangs forever, although
> I got all my data in MyOutput. (if I ctrl-C after "read finished A", all my
> data is in the file)
>
> As far as I can see (from state, se below) the write and the read
> terminated properly, but the socket still hangs...
>
> If I run the above WITHOUT the -quiet flag, no data is written/read, the
> socket terminates, but no output is there.
>
> I'm I using s_client improperly (where is the man page/doc for s_client),
> or what ???
>
> Are there any other ways to do a SSLv3 socket with like:
>
> cat something | ssl3socket host port certfile keyfile > xxxxxx
>
> Any suggestion/hint is appreciated, but approaches i C or perl is preferred
>
> kind regards
>
> Søren Schrøder
> [EMAIL PROTECTED]
>
> ---- start ssl state for a "-quiet" s_client session -----
>
> SSL_connect:before SSL initalisation
> SSL_connect:SSLv3 write client hello A
> SSL_connect:SSLv3 read server hello A
> depth=1 /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification
> Authority
> verify error:num=19:self signed certificate in certificate chain
> verify return:0
> SSL_connect:SSLv3 read server certificate A
> SSL_connect:SSLv3 read server certificate request A
> SSL_connect:SSLv3 read server done A
> SSL_connect:SSLv3 write client certificate A
> SSL_connect:SSLv3 write client key exchange A
> SSL_connect:SSLv3 write certificate verify A
> SSL_connect:SSLv3 write change cipher spec A
> SSL_connect:SSLv3 write finished A
> SSL_connect:SSLv3 flush data
> SSL_connect:SSLv3 read finished A
>
> ---- start ssl state without "-quiet" -----
>
> SSL_connect:before SSL initalisation
> SSL_connect:SSLv3 write client hello A
> SSL_connect:SSLv3 read server hello A
> depth=1 /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification
> Authority
> verify error:num=19:self signed certificate in certificate chain
> verify return:0
> SSL_connect:SSLv3 read server certificate A
> SSL_connect:SSLv3 read server certificate request A
> SSL_connect:SSLv3 read server done A
> SSL_connect:SSLv3 write client certificate A
> SSL_connect:SSLv3 write client key exchange A
> SSL_connect:SSLv3 write certificate verify A
> SSL_connect:SSLv3 write change cipher spec A
> SSL_connect:SSLv3 write finished A
> SSL_connect:SSLv3 flush data
> SSL_connect:SSLv3 read finished A
> DONE
> SSL3 alert write:warning:close notify
>
> ---------------------------------------
>
> -----------------------------------------------------------
> Soeren Schroeder - Sysadm Cybercity Internet
> mailto:[EMAIL PROTECTED] - PGP key available upon request
> -----------------------------------------------------------
> * a day not wasted is a day wasted *
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
