"Paul L. Allen" <[EMAIL PROTECTED]> writes: > Eric Rescorla wrote: > > > I've watched my Java client connecting to my OpenSSL server using > > > ssldump. I can see the server's cert going over to the client. The > > > client does not send its own cert over to the server, and the server > > > confirms that it has not got a cert from the client. The client > > > sends its first line of application data to the server and ssldump > > > successfully decrypts it. The server receives binary garbage, and > > > things unravel from there. > > What do you mean by "the server receives binary garbage"? > > The client sends 60 bytes (including the newline) of printable ASCII > using BIO_puts(). The server does a matching BIO_gets(), which hangs > apparently waiting for a newline. I kill the client. The server's > BIO_gets() returns 90 bytes of non-printable binary. Hm... This is very surprising since SSL/TLS includes a MAC check on the data and therefore any crypto mismatches should result in errors, not receiving binary data. Is there any chance that you're BIO_gets() is on the native socket and not the OpenSSL BIO?
> If I'm interpreting the trace right, the server is sending a > CertificateRequest message. Ssldump does successfully decrypt > the line of application data. A typescript of the ssldump session > is attached. Yes, that appears correct. -Ekr ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
