Small update:
I got the proper error response working now (it was getting a bit late
yesterday, my brain obviously wasn't in top gear!), and it is as follows:
error:140840FF:SSL routines:SSL3_CONNECT:unknown state
Does this help anyone or provide any further indications of the problem?
What could cause an unknown state?
Cheers,
Toby
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Toby Shepheard
> Sent: 06 March 2001 19:42
> To: [EMAIL PROTECTED]
> Subject: SSL_ERROR_SSL generated in SSL_connect
>
>
> Hi,
>
> I've implemented a basic SSL client in C on Solaris using
> openssl. I've also
> written some wrapping code, so now I can compile it as a .so object to
> integrate with another piece of software (Vignette StoryServer 5.5)
>
> When run as a standalone program, everything is fine. However, when I
> compile as a .so and run it in the StoryServer environment, I
> hit a problem
> with SSL_connect:
>
> SSL_get_error(ssl, (SSL_connect(ssl))
> always returns SSL_ERROR_SSL
>
> The man pages suggest this may be a protocol error. I then called
> ERR_print_errors(bio_err)
> ERR_error_string(err, szDebug)
>
> this gave
> 2546:error:140840FF:lib(20):func(132):reason(255):s3_clnt.c:382:
> and
> error:FFFFFFFF::lib(255) :func(4095) :reason(4095)
> but perhaps I didn't do that last bit properly! (code below).
>
> The only other clue I have is from using ssldump. This shows a TCP
> connection being initialised, but nothing else - not even a
> client hello!
>
> A stripped down version of the code, with all the SSL stuff,
> is appended at
> the end. If anyone can point me to where things may be going
> wrong, or even
> how I can get more info about what might be happening, I'd
> really appreciate
> it!
>
> As it works when I compile as an executable, I suspect it may
> be something
> to do with the environment settings or compiling as a .so,
> but I don't see
> how or why.
>
>
> Thanks,
> Toby
>
> (code follows)
> __________________________________________
> BIO* bio_err = 0;
> SSL_METHOD* meth;
> SSL_CTX* ctx;
> SSL* ssl;
> int err;
>
> // the TCP socket connection has been made already - socket
> is iSocket.
>
> if(!bio_err)
> {
> /* Global system initialization*/
> SSL_library_init();
> SSL_load_error_strings();
>
> /* An error write context */
> bio_err=BIO_new_fp(zzsm_fp, BIO_NOCLOSE);
> }
>
> /* Create context*/
> meth=SSLv3_method();
> ctx=SSL_CTX_new(meth);
> // Load trusted CAs
> SSL_CTX_load_verify_locations(ctx, CA_LIST, 0);
> SSL_CTX_set_verify_depth(ctx, 1);
>
> /* Load random data */
> RAND_load_file(RANDOM, 1024*1024)
>
> ssl = SSL_new(ctx);
> err = SSL_set_fd(ssl, iSocket);
>
> // everything works fine up to here. I've removed error handling
> // code from the email to keep the size down.
>
> err = SSL_connect(ssl);
>
> if(err <= 0 )
> {
> int sslError;
> sprintf(szDebug, "zzss_secureConnection: Error establishing SSL
> layer\n");
> zzsm_debugError(szDebug);
> sslError = SSL_get_error(ssl, err);
> switch(sslError)
> {
> // here I always reach this case:
> case SSL_ERROR_SSL:
> printf(
> "SSL error: possible protocol error, or other SSL error\n");
> ERR_error_string(ERR_getError(), szDebug);
> printf(szDebug);
// returns the following:
// error:140840FF:SSL routines:SSL3_CONNECT:unknown state
> }
> }
> _______________________________
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager
> [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
