Re: Problem with Secure server www.teamgm.com

Sun, 09 Jul 2006 14:58:30 -0700 

Hello,
> Hi Marek
> 
> As per your mail, we today tried this option but still the problem
> persists.. The handshake is successful but when 19K image is read,
> only 1460 bytes are being read and after that SSL_read returns -1. The
> error shown by error API is decrpytion record error..
> 
> Can anyone plz try with their openssl clients with this website so
> that I am sure problem is faced with every build on different
> platforms..
Well, before I send this mail, my test with "openssl s_client"
was successful with "-bugs" option.

I've attached modified test client code, which without
OP_ALL option have results as:
        $ ./ssl2
        crypto lib: OpenSSL 0.9.7f 22 Mar 2005
        the cipher used by the client: DES-CBC3-SHA
        ssl_read: 1460
        16808:error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or
bad record mac:s3_pkt.c:424:

and after adding OP_ALL has results as:
        $ ./ssl2 -op_all
        crypto lib: OpenSSL 0.9.7f 22 Mar 2005
        the cipher used by the client: DES-CBC3-SHA
        ssl_read: 1460
        ssl_read: 2048
        ssl_read: 2048
        ssl_read: 2048
        ssl_read: 2048
        ssl_read: 2048
        ssl_read: 2048
        ssl_read: 2048
        ssl_read: 2048
        ssl_read: 1810


Best regards,
-- 
Marek Marcola <[EMAIL PROTECTED]>

#include <stdio.h>
#include <string.h>

#include <openssl/ssl.h>

#define REQUEST \
"GET /icons/login.jpg HTTP/1.1\r\n\
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,\
application/x-shockwave-flash, application/msword,\
application/vnd.ms-powerpoint, */*\r\n \
Accept-Language: en-us\r\n\
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT\
5.0; .NET CLR 1.0.3705)\r\n\
Connection:Close\r\n\
Host: www.teamgm.com\r\n\r\n"

int main(int argc, char *argv[])
{
	BIO *bio;
	SSL *ssl;
	SSL_CTX *ctx;
	char *ciph = "DES-CBC3-SHA";
	int op_all = 0;

	char wbuf[2048];
	char rbuf[2048];
	int rlen;

	if (argc > 1) {
		if (strcmp(argv[1], "-op_all") == 0) {
			op_all = 1;
		} else {
			fprintf(stderr, "usage: %s [-op_all]\n", argv[0]);
			goto err;
		}
	}


	SSL_load_error_strings();
	SSLeay_add_ssl_algorithms();

	RAND_load_file("/dev/urandom", 1024);

	fprintf(stderr, "crypto lib: %s\n", SSLeay_version(SSLEAY_VERSION));

	if ((ctx = SSL_CTX_new(SSLv23_method())) == NULL) {
		goto err;
	}

	if (SSL_CTX_set_cipher_list(ctx, ciph) != 1) {
		goto err;
	}

	if (op_all == 1) {
		SSL_CTX_set_options(ctx, SSL_OP_ALL);
	}

	if ((bio = BIO_new_connect("192.85.26.215:443")) == NULL) {
		goto err;
	}

	if (BIO_do_connect(bio) <= 0) {
		goto err;
	}

	if ((ssl = SSL_new(ctx)) == NULL) {
		goto err;
	}

	SSL_set_bio(ssl, bio, bio);

	if (SSL_connect(ssl) <= 0) {
		goto err;
	}

	fprintf(stderr, "the cipher used by the client: %s\n", SSL_get_cipher(ssl));

	if (SSL_write(ssl, REQUEST, strlen(REQUEST)) <= 0) {
		goto err;
	}

	for (;;) {
		if ((rlen = SSL_read(ssl, rbuf, sizeof(rbuf))) <= 0) {
			goto err;
		}

		fprintf(stderr, "ssl_read: %d\n", rlen);
	}

	return (0);

  err:
	if (ctx != NULL) {
		SSL_CTX_free(ctx);
	}
	ERR_print_errors_fp(stderr);
	return (1);
}

Reply via email to