I am having the same problem. I am adding OpenSSL to an existing application
that calls connect(), and have added logic to use OpenSSL after connect()
completes successfully. Here is what I have done:
int existing_sock = nnn;
int rc = 0;
int code = 0;
BIO *bio = NULL;
SSL *ssl = NULL;
bio = BIO_new_socket( existing_sock, BIO_NOCLOSE );
BIO_set_nbio( bio, 1 );
ssl = SSL_new( ctx );
SSL_set_connect_state( ssl );
SSL_set_bio( ssl, bio, bio );
rc = SSL_connect( ssl );
if (rc <= 0 )
{
code = SSL_get_error( ssl, rc );
switch( code )
{
case SSL_ERROR_ZERO_RETURN:
buf = ERR_error_string( code, NULL );
etc...
}
}
The first problem I encountered with this code is that when the error occurs,
ERR_get_error_line_data() returns zero. I then added the call to
ERR_error_string(). The value pointed to by 'buf' is this:
"error:00000005:lib(0):func(0):DH lib"
This error always occurs. What could be causing this? Why is this message so
minimally informative?
I've searched the OpenSSL code for an instance of '5' and found 2: ERR_R_DH_LIB
and SYS_F_IOCTLSOCKET. Could it be that the error is not DH at all. Could this
be a problem with the socket when ioctlsocket() is called?
This same problem occurs when accepting a connection using accept(), then the
above technique for SSL_accept().
Thanks for any help you can give,
John Hoel
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Martin Persson
Sent: Thursday, April 14, 2005 3:18 AM
To: [email protected]
Subject: Using SSL with existing socket
Hello, I'm trying to port a library (libiksemel) that currently uses
GnuTLS to OpenSSL. This can be don't very easily if I may connect an
existing socket to a TLS/SSL object and then do read/write on it like
usual. However, I have failed to do this successfully. SSL_connect
usually fails with a message related to "DH lib", error code 5.
I've tried associating a socket to both BIO and SSL objects using
"new_socket" and "set_fd" groups of commands, but none have worked
out. I don't have enough knowledge about the operation of BIO objects
I guess.
Can anyone give me some advice as how to set up SSL on a socket
connected outside of the OpenSSL suite, or some enlightenment on how
to link BIO's together?
Thanks for your time
Martin Persson
Sweden
xarragon 'magic-symbol' gmail.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
NO RELIANCE: This e-mail will be of no force of effect and will not be binding
unless a hard copy of this e-mail, signed by an authorized official of the
company, has been sent to the recipient of this message.
CONFIDENTIAL AND/OR PROPRIETARY: Information contained in this transmission is
intended for the use of the individual or entity named above and may contain
legally proprietary or confidential information. If the reader of this message
is not the intended recipient, you are hereby notified that any dissemination,
distribution or copy of this communication is strictly prohibited. If you have
received this communication in error, please permanently delete this message
and immediately notify us by telephone at 972-377-1110.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
