Hi Lutz, I'm using OSSL 0.9.7b ported for an ARM based platform (I'm currently doing the port myself, and it is operational), which uses non-blocking sockets (custom version). If I run the code below, but with return ok; rather than return 1; everthing works just dandy. But if I try to override the verification by returning 1, then the handshake stops there, and the embedded system actally crashes irrevocably. I've noticed a few other wierdnesses like this due to the platform which I have been able to fix , but I need to know whether this happens on an "ordinary" build or not. Testing this myself on vanilla OpenSSL is a real pain the way things are set up here.
cheers Steve -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Lutz Jaenicke Sent: 26 June 2003 12:54 To: [EMAIL PROTECTED] Subject: Re: Problem with X509_set_verify() On Thu, Jun 26, 2003 at 12:07:19PM +0100, steve thornton wrote: > OK, I haven't found the problem. It does appear to be an OpenSSL bug. > > I use > > SSL_CTX_set_verify ( ctx, SSL_VERIFY_PEER, verifyCallbackProc ); > > and > > int verifyCallbackProc ( int ok, X509_STORE_CTX *store ) > { > > return 1; > } > > this causes the verification code to hang in the middle of the handshake. > Can anybody confirm that this happens with standard OpenSSL builds? Negative: it seems to work fine for all of the other people using it (including myself). Please point out more information about the version used, the platform, which kind of socket (blocking/non-blocking?). What does "hang" mean? Is the SSL code running in a loop, is it waiting for input or output??? -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
