On Fri, Sep 06, 2002 at 11:53:25AM -0700, Edward Chan wrote:
> I've set the SSL_CTX with the following mode,
> SSL_MODE_AUTO_RETRY. Doing so allows me to use
> SSL_read() and SSL_write() like I would normally use a
> blocking read() and write() call, right?
SSL_MODE_AUTO_RETRY only covers the case of a renegotiation, in which
even with blocking sockets SSL_read() and/or SSL_write() would return
with WANT_READ or WANT_WRITE.
If you are using non-blocking mode, SSL_* will always return immediatly
(it wouldn't make sense to have non-blocking connection block, would it?).
> So when I issue the SSL_read(), it should block if
> there is no data. Seems like it is blocked, which is
> expected because as far as I know, I'm not sending any
> data to that socket. But then it seems to unblock and
> I get the error, "bad asn1 object header".
This indicates that OpenSSL has problem with some ASN1 object, most probably
a certificate. This indeed indicates that a renegotiation may take place.
> Might be worth mentioning that I'm listening on port
> 80 and 443 which may have garbage being sent to it.
> But I'd expect that if somebody tries to initiate a
> non-SSL connection, the connection would fail
> (SSL_accept() would fail so the connection wouldn't
> even be created).
Use ssldump to analyze the data exchanged.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
