This is one solution which I have thought of .
But what is bothering me is, why doesnt open SSL library return an error if
the client doesnt initiate a handshake. There can be lot of scenarios in
which this happens. What if somebody who just know the servers ip address
and port number, tries to connect to the server.
I am not talking about an external person but an Internal person.
In this scenario, Server hangs...
Thanks a lot.
Sudeep
>From: Lutz Jaenicke <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: [EMAIL PROTECTED]
>Subject: Re: WinSock& SSL
>Date: Tue, 5 Dec 2000 16:48:16 +0100
>
>On Tue, Dec 05, 2000 at 09:51:02AM -0500, Sudeep Sudhakaran wrote:
> > Thanx for the generic information... My client server program works in a
> > non-secured environment. If a ssl-client tries to connect, connection is
> > accepted for a secured server. But if a non-ssl client connects, the
>access
> > permissions client has will be limited. But both has to connect to the
>same
> > port number because of design criteria.
> > Only way I can figure out that this is a non-ssl client is by initiating
>a
> > server handshake. But SSL_Accept function waits till the client
>initiates a
> > handshake and the program hangs right there..
>
>I seems that you have a protocol problem. Your normal (non-ssl) protocol
>expects the server to speak first while ssl expects the client to speak
>first. There is probably no clean solution to it.
>In stunnel they try to provide a similar functionality by guessing, whether
>to use (SMTP with SSL tunneling) vs. (STARTTLS extension to SMTP). They
>do so by waiting whether there is client input. In this case, SSL is
>assumed.
>This can only be done by waiting for the client to time-out.
>You could e.g. perform a select() on the input channel to see, whether the
>client sends data. In this case, initiate SSL_accept(). If it did not until
>a
>certain period of time is exceeded, you assume non-SSL and have the server
>initiate the non-SSL protocol.
>
>Don't ask me what the Windows replacement for select() is...
>
>Having this said, you should rather fix your protocol or setup to avoid
>this problem at all.
>
>Best regards,
> Lutz
>--
>Lutz Jaenicke [EMAIL PROTECTED]
>BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
>Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
>Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
>______________________________________________________________________
>OpenSSL Project http://www.openssl.org
>User Support Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
_____________________________________________________________________________________
Get more from the Web. FREE MSN Explorer download : http://explorer.msn.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
