Hi,
I've implemented a basic SSL client in C on Solaris using openssl. I've also
written some wrapping code, so now I can compile it as a .so object to
integrate with another piece of software (Vignette StoryServer 5.5)
When run as a standalone program, everything is fine. However, when I
compile as a .so and run it in the StoryServer environment, I hit a problem
with SSL_connect:
SSL_get_error(ssl, (SSL_connect(ssl))
always returns SSL_ERROR_SSL
The man pages suggest this may be a protocol error. I then called
ERR_print_errors(bio_err)
ERR_error_string(err, szDebug)
this gave
2546:error:140840FF:lib(20):func(132):reason(255):s3_clnt.c:382:
and
error:FFFFFFFF::lib(255) :func(4095) :reason(4095)
but perhaps I didn't do that last bit properly! (code below).
The only other clue I have is from using ssldump. This shows a TCP
connection being initialised, but nothing else - not even a client hello!
A stripped down version of the code, with all the SSL stuff, is appended at
the end. If anyone can point me to where things may be going wrong, or even
how I can get more info about what might be happening, I'd really appreciate
it!
As it works when I compile as an executable, I suspect it may be something
to do with the environment settings or compiling as a .so, but I don't see
how or why.
Thanks,
Toby
(code follows)
__________________________________________
BIO* bio_err = 0;
SSL_METHOD* meth;
SSL_CTX* ctx;
SSL* ssl;
int err;
// the TCP socket connection has been made already - socket is iSocket.
if(!bio_err)
{
/* Global system initialization*/
SSL_library_init();
SSL_load_error_strings();
/* An error write context */
bio_err=BIO_new_fp(zzsm_fp, BIO_NOCLOSE);
}
/* Create context*/
meth=SSLv3_method();
ctx=SSL_CTX_new(meth);
// Load trusted CAs
SSL_CTX_load_verify_locations(ctx, CA_LIST, 0);
SSL_CTX_set_verify_depth(ctx, 1);
/* Load random data */
RAND_load_file(RANDOM, 1024*1024)
ssl = SSL_new(ctx);
err = SSL_set_fd(ssl, iSocket);
// everything works fine up to here. I've removed error handling
// code from the email to keep the size down.
err = SSL_connect(ssl);
if(err <= 0 )
{
int sslError;
sprintf(szDebug, "zzss_secureConnection: Error establishing SSL
layer\n");
zzsm_debugError(szDebug);
sslError = SSL_get_error(ssl, err);
switch(sslError)
{
// here I always reach this case:
case SSL_ERROR_SSL:
printf(
"SSL error: possible protocol error, or other SSL error\n");
ERR_print_errors(bio_err);
// I don't think this is right, as I'm using SSL_get_error
// mixed with ERR_error_string. ERR errors are unsigned longs, SSL uses
int.
// I'm a bit confused! But I'm more worried about the connect error :-)
ERR_error_string(sslError, szDebug);
printf(szDebug);
}
}
_______________________________
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
