Sarah Bateman <[EMAIL PROTECTED]>:
> Client: ssleay 0.8.1 running on NT4
> Server: proxy server using ssleay 0.8.1 library
> SSL related server code:
[...]
> ssl = SSL_new (ctx);
> SSL_clear(ssl);
(An SSL_clear directly after after the SSL_new is not necessary, but
should not cause any problems.)
> SSL_set_accept_state(ssl);
> SSL_set_fd (ssl, sd);
> When we have a read event on the socket -
[...]
> acceptval = SSL_accept(ssl);
> if(acceptval <= 0)
> {
> if (BIO_sock_should_retry(acceptval))
> {
> // return to the eventloop and wait for another event
> }
[...]
> When I set the socket to be blocking, everything works fine (ie. the
> SSL_accept function is only called once and the server blocks until the
> handshake is complete).
> BUT
> When I set the socket to be non-blocking (I use my own callbacks and
> FD's etc and not BIO in ssleay) SSL_accept is called twice.
> The first time it returns with -1 and should_retry is true, the second
> time it returns with 0, should_retry is false and the error string is
> "digest check failed", this error is generated in ssl/s3_both.c in the
> ssl3_get_finished() function.
Do you mean that you don't use any BIO except the one that is
implicitly created by SSL_set_fd, or do you really handle all the I/O
through your own callbacks and not the built-in functions? In the
latter case, it appears extremely likely that your function does some
mistake when copying data (especially when it gets -1 from the
low-level I/O function), because you should not see that error message
if even the number of bytes was wrong.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
