I was also getting "-1" for "SSL_accept" while
plugging SSL to my simple web server. The simple
reason for the failure was that I was using "http"
instead of "httpS".
I am not an expert but just dropping a note if it
helps.
--- Hylton Tregenza <[EMAIL PROTECTED]>
wrote:
> Hi All.
>
> I am still very green with this TSL stuff. Having
> searched the archives,
> I am still not certain how to correct this
> situation. pribable because I
> am not sure what is causing it.
>
> I have two small apps on my machine. One a server,
> the other a client.
> Without the SSL lib, the communicate fine.
>
> The cerificate that I am using works with s_server
> and s_client. I have
> concluded that the must be correct.
> The application path(s) are as follows.
>
>
> Server
> // Blocking socket - waits for connection here after
> connection ..
> SSL_load_error_strings();
> ERR_print_errors_fp(stdout); fflush(stdout);
> ERR_load_crypto_strings();
> ERR_print_errors_fp(stdout); fflush(stdout);
> SSLeay_add_ssl_algorithms();
> ERR_print_errors_fp(stdout); fflush(stdout);
> pMETHOD = TLSv1_server_method();
>
> pCTX = SSL_CTX_new(pMETHOD);
> pSSL = SSL_new(pCTX);
> ERR_print_errors_fp(stdout); fflush(stdout);
> SSL_CTX_set_mode(pCTX, SSL_MODE_AUTO_RETRY);
> ERR_print_errors_fp(stdout); fflush(stdout);
> SSL_set_mode(pSSL, SSL_MODE_AUTO_RETRY);
> SSL_set_accept_state(pSSL);
> SSL_CTX_set_default_passwd_cb( pCTX, PasswdCallback
> );
> SSL_CTX_use_certificate_file(pCTX, CERTF,
> SSL_FILETYPE_PEM)
> SSL_CTX_use_PrivateKey_file(pCTX, KEYF,
> SSL_FILETYPE_PEM)
> SSL_CTX_check_private_key(pCTX))
>
> SSL_set_fd(pSSL, sock1);
> err = SSL_accept(pSSL); -- Here we get -1.
> pSSL_CIPHER = SSL_get_current_cipher(pSSL);
>
> pSSL_CIPHER is null.
>
>
>
>
> Client.
> SSL_load_error_strings();
> ERR_print_errors_fp(stdout); fflush(stdout);
> ERR_load_crypto_strings();
> ERR_print_errors_fp(stdout); fflush(stdout);
> SSLeay_add_ssl_algorithms();
> ERR_print_errors_fp(stdout); fflush(stdout);
> pMETHOD = TLSv1_client_method();
> pCTX = SSL_CTX_new(pMETHOD);
> pSSL = SSL_new(pCTX);
> ERR_print_errors_fp(stdout); fflush(stdout);
> SSL_CTX_set_mode(pCTX, SSL_MODE_AUTO_RETRY);
> ERR_print_errors_fp(stdout); fflush(stdout);
> SSL_set_mode(pSSL, SSL_MODE_AUTO_RETRY);
> SSL_set_connect_state(pSSL);
>
------------------------------------------------------------------------
> -----------------------------+
> SSL_CTX_set_default_passwd_cb( pCTX, PasswdCallback
> ); |
> SSL_CTX_use_certificate_file(pCTX, CERTF,
> SSL_FILETYPE_PEM) |
> SSL_CTX_use_PrivateKey_file(pCTX, KEYF,
> SSL_FILETYPE_PEM) | tried
> with and without this on client.
> SSL_CTX_check_private_key(pCTX))
> |
>
------------------------------------------------------------------------
> -----------------------------+
> SSL_set_fd(pSSL, sock1);
> err = SSL_connect(pSSL);
>
> Here SSL_connect waits. when the error occurs on
>
> SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c :490
> (client side).
>
> If I put the server is a loop as such as below for
> the accept.
> Theappication waits indefinitely
>
> do {
> err = SSL_accept(pSSL);
>
> } while ( SSL_get_error(pSSL, err) ==
> SSL_ERROR_WANT_READ
> || SSL_get_error(pSSL, err) ==
> SSL_ERROR_WANT_WRITE);
>
>
> Please, any light on what I have overlooked, missed
> out on or done to
> much of.
> If I can give any more information please let me
> know.
>
> Hylton
>
>
>
>
______________________________________________________________________
> OpenSSL Project
> http://www.openssl.org
> User Support Mailing List
> [EMAIL PROTECTED]
> Automated List Manager
[EMAIL PROTECTED]
__________________________________________________
Do You Yahoo!?
Make a great connection at Yahoo! Personals.
http://personals.yahoo.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
