Hi Marek
As per your mail, we today tried this option but still the problem
persists.. The handshake is successful but when 19K image is read,
only 1460 bytes are being read and after that SSL_read returns -1. The
error shown by error API is decrpytion record error..
Can anyone plz try with their openssl clients with this website so
that I am sure problem is faced with every build on different
platforms..
thanks in advance.
-Krishna
On 7/4/06, Marek Marcola <[EMAIL PROTECTED]> wrote:
Hello,
> We are having an application that has the functionality of the open
> ssl client. We are facing a problem while accessing the following link
> "www.teamgm.com/icons/login.jpg". The problem is that when we do a
> SSL_read for the GET response from the web server, we are able to read
> only the first 1460 bytes. When we again go to read the socket for
> data, we get a -1 response and hence the connection closes.
> The error returned is SSL_ERROR_SSL. 10316:error:1408F455:SSL
> routines:SSL3_GET_RECORD:decryption failed or bad record
> mac:.\ssl\s3_pkt.c:424:
> The openssl version we are using is : 9.7.e
>
> We tried the following things to solve this, but were not successful:
> 1. Tried this with different ciphers
> 2. Handshake with version 2.0
> 3. Handshake with version 3.0(this is the version we are using by default)
> 4. Handshake with version 3.1
> 5. Tried this with version 9.8.a of openssl, but we are still getting
> the same error.
> In none of the cases we were able to fetch the image completely.
> Then we tried to access the page using the openssl client(s_client).
> We modified the code for s_client to send a GET request for this image
> after the handshake and even with s_client, in the first ssl_read we
> get 1460 bytes and in the next read , we are getting -1 and the same
> error.
> Following is the code that we wrote for modification in s_client.c
>
> char writebuf[400] = {0};
> char readbuf[6000] = {0};
> int wlen = 0;
> int dRet = 1;
> BIO_printf(bio_c_out,"Sending the Get Request\n");
> strcpy(writebuf, "GET /icons/login.jpg HTTP/1.1\r\nAccept: image/gif,
> image/x-xbitmap, image/jpeg, image/pjpeg,
> application/x-shockwave-flash, application/msword,
> application/vnd.ms-powerpoint, */*\r\nAccept-Language:
> en-us\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
> 5.0; .NET CLR 1.0.3705)\r\nConnection:Close\r\nHost:
> www.teamgm.com\r\n\r\n") ;
>
> wlen = SSL_write(con,writebuf,(unsigned int)strlen(writebuf));
> /*Sending the get request*/
> for(;;)
> {
> int rlen = SSL_read(con,readbuf,6000 /* BUFSIZZ */ );
> if (rlen <= 0)
> {
> BIO_printf(bio_c_out,"Readlen is less than zero\n");
> goto shut;
> /* goto end; */
> }
> else
> {
> BIO_printf(bio_c_out,"Readlen is not zero %d\n", rlen);
> }
> dRet = 1;
> while(rlen > 0)
> {
> int rbuf_off= 0;
> i=write(fileno(stdout),&(readbuf[rbuf_off]),rlen);
> if (i <= 0)
> {
> BIO_printf(bio_c_out,"Writelen is less than zero\n");
> goto shut;
> /* goto end; */
> }
> else if(i < rlen)
> {
> rlen = rlen - i;
> rbuf_off = rbuf_off + i;
> dRet = 0;
> }
> else
> {
> BIO_printf(bio_c_out,"Write len is %d\n", i);
> }
> if(dRet == 1)
> {
> if(SSL_pending(con)) /*check for SSL_pending only when the data
> read in previous SSL_read has been completely written*/
> {
> rlen = SSL_read(con,readbuf,6000 /* BUFSIZZ */ );
> }
> else
> {
> rlen = 0;
> }
> }
> }
>
> }
Try to add:
SSL_CTX_set_options(ctx, SSL_OP_ALL);
to SSL_CTX object in source code or
"-bugs"
option in openssl binary
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
