Thanks to the responses I was able to get openssl compiled in debug mode.
Once I removed the optimization flag from the make file my compiler error
went away. I've since traced through the code and it leaves me pretty much
just as puzzled as before.
The function ssl3_client_hello in s3_clnt.c is returning -1 during the call
to SSL_connect. The reason is that the call to check available ciphers is
returning zero. Line 500 in my version of the code (9.8e):
i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]));
if (i == 0)
{
SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
goto err;
}
The if statement evaluates true and we jump to return the error. Now I have
a few questions. The first is I'm wondering why the error message is 0 when
I I do an ERR_get_error() and I get an SSL_ERROR_SYSCALL when I do an
SSL_get_error. Also, any ideas why it thinks there are no available
ciphers? When I do an openssl ciphers I get the following so I know they
are available:
DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:IDEA-CBC-SHA:IDEA-CBC-MD5:RC2-CBC-MD5:RC4-SHA:RC4-MD5:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC4-MD5
One thought I had is that I originally performed a binary install of
openssl, which placed libraries in /usr/local/lib. I since did a manual
compile/install, which placed libraries in /usr/local/ssl/lib. I renamed
the old libraries and am sure my code is using the new libraries (as I can
now step through the ssl code when debugging) but I was wondering if somehow
the command line openssl utility is still pointing to the original install
and I really don't have any ciphers available to the ssl my code is using.
This idea may be taking me down the wrong road as this problem existed
before there was ever a second installation attempt of openssl.
Any way to investigate this further? Any other thoughts?
Thanks.
On 8/29/07, Marek Marcola <[EMAIL PROTECTED]> wrote:
>
> Hello,
>
> > and now to switch to new gcc compiler you should only set:
> > $ export PATH=/usr/local/gcc-4.1.1/bin
> Should be:
> $ export PATH=/usr/local/gcc-4.1.1/bin:$PATH
>
> Best regards,
> --
> Marek Marcola <[EMAIL PROTECTED]>
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager [EMAIL PROTECTED]
>
