Bert and Gene,
I also had the same problem...and posted the lines below on September 13th...no
response yet.
Regards,
Barry
vvvvv
I have an SSL-capable server application running on port 80 on a VMS box. A non-SSL
browser connection to it works perfectly. However, when attempting to connect to it
via a
browser on port 80 using the HTTPS: prefix, it hangs without even sending the request
for
acceptance of the security certificate. When I restart my application, it works ONLY
for
a while, then reverts to the described behavior.
I have used an openssl s_client with assorted bells and whistles, with this result on
hung
connections:
OpenSSL> s_client -connect w.x.y.z:80 -ssl3 -debug -nbio -bugs -state -showcerts
CONNECTED(00000003)
turning on non blocking io
SSL_connect:before/connect initialization
write to 003A81A0 [003CA808] (88 bytes => 88 (0x58))
0000 - 16 03 00 00 53 01 00 00-4f 03 00 3d 82 63 a4 96 ....S...O..=.c..
0010 - b8 d6 27 bb 12 24 55 39-53 d4 44 ac 5e e1 15 f4 ..'..$U9S.D.^...
0020 - 28 86 de 4a 76 a0 90 3b-83 23 30 00 00 28 00 16 (..Jv..;.#0..(..
0030 - 00 13 00 0a 00 66 00 05-00 04 00 65 00 64 00 63 .....f.....e.d.c
0040 - 00 62 00 61 00 60 00 15-00 12 00 09 00 14 00 11 .b.a.`..........
0050 - 00 08 00 06 00 03 01 .......
0058 - <SPACES/NULS>
SSL_connect:SSLv3 write client hello A
read from 003A81A0 [003C1808] (5 bytes => -1 (0xFFFFFFFF))
SSL_connect:error in SSLv3 read server hello A
write R BLOCK
Any ideas would be helpful.
Regards,
Barry
----- Original Message -----
From: "Gene Rogers" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, September 26, 2002 1:57 PM
Subject: Re: time out parameter for command line of openssl (s_client) bin
> Hello B,
>
> Hey if you get an answer to this question I'd love to know it. I've
> encountered this problem myself. I also had to use OS kernel timeout, to
> kill the connection... I've posted this question to the list also but no
> answer. If I hear anything I'll let you know too.
>
> Later,
> Gene
> ----- Original Message -----
> From: "Courtin Bert" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, September 26, 2002 9:05 AM
> Subject: time out parameter for command line of openssl (s_client) bin
>
>
> > Hi list,
> >
> > currently I'm using
> >
> > -----
> > CONN_STRING="$(${PATH_TO_OPENSSL} s_client -connect
> ${HOST_IP}:${PORT} -nbio -pause < /dev/null 2>&1)"
> >
> > to connect to a remote SSL-server to get the connection string for
> processing it with
> >
> > echo "${CONN_STRING}" | ${PATH_TO_OPENSSL} x509 -noout -dates | grep
> "notAfter")"
> >
> > to get the expiration date of the certificate.
> > ------
> >
> > That works pretty fine for most of the ssl hosts but sometimes openssl
> gets struck and doesen't proceed farer than:
> > CONNECTED(00000003)
> > turning on non blocking io
> > write R BLOCK
> >
> > openssl then only times out by the time out for connections by the OS.
> >
> >
> > ->Is there any (undocumented) command line option for openssl s_client to
> specify a time out (e.g. -timeout sec)?
> >
> > ->Otherwise I would like to ask to start a dicussion for integrating such
> a feature into openssl s_client.
> >
> >
> > Please reply cc: to [EMAIL PROTECTED] as I haven't subscribed for
> this list.
> >
> > I would appreciate any feedback...
> >
> >
> > Thank you & kind regards,
> > B. Courtin
> > ______________________________________________________________________
> > OpenSSL Project http://www.openssl.org
> > User Support Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
