Re: OpenSSL wants to read on connection?

Tue, 12 Feb 2008 11:28:24 -0800 

Hello,
> I've just started trying to develop a piece of software with OpenSSL and 
I
> have a rather strange problem I wondered if anyone here might be able to
> help explain...
> 
> I've initialised OpenSSL like this:
> 
>     SSL_library_init();
>     SSL_load_error_strings()
> 
> and created a context (error checking omitted for brevity):
> 
>     m_ssl_ctx = SSL_CTX_new( SSLv23_method() );
>     SSL_CTX_load_verify_locations( m_ssl_ctx, TRUSTED_CERTS_FILE, NULL 
);
> 
> then created two mem buf BIOs and an SSL object, initialised like this:
> 
>     m_rbio = BIO_new( BIO_s_mem() );
>     m_wbio = BIO_new( BIO_s_mem() );
>     m_ssl = SSL_new( m_ssl_ctx );
>     SSL_set_bio( m_ssl, m_rbio, m_wbio );
>     SSL_set_connect_state( m_ssl );
> 
> and then I do the following:
> 
>     ret = SSL_write( m_ssl, buf, buf_lef );
> 
> which returns -1, as you'd expect. But (and here's the odd part) when I
> call:
> 
>     SSL_get_error( m_ssl, ret )
> 
> it returns SSL_ERROR_WANT_READ, not SSL_ERROR_WANT_WRITE. How can this
> be!? The OpenSSL library is setup in client mode, so shouldn't it want 
to
> write a "client hello" to the server first?
> 
> Like I said, this is my first attempt at using OpenSSL, so forgive me if
> I'm missing something really obvious!
We do not know at what stage handshake stops.
Maybe at reading server_hello after successfully writing client_hello ?

To check this you may add to your code:

/**
 * TLS connection info callback.
 *
 * @param    ssl        TLS connection socket
 * @param    type    connection type
 * @param    val        connection info
 * @return    none
 */
static void tls_connection_info_cb(const SSL * ssl, int type, int val)
{
    if (type & SSL_CB_LOOP) {
        log_tra("tls_state: %s: %s",
                type & SSL_ST_CONNECT ? "connect" :
                type & SSL_ST_ACCEPT ? "accept" :
                "undefined", SSL_state_string_long(ssl));
    }
    if (type & SSL_CB_ALERT) {
        log_tra("tls_alert: %s:%s: %s",
                type & SSL_CB_READ ? "read" : "write",
                
SSL_alert_type_string_long(val), SSL_alert_desc_string_long(val));
    }
}  

and set connection callback:

    
/* callback for connection information on SSL/TLS session negotiation */
    SSL_CTX_set_info_callback(ctx, tls_connection_info_cb); 

Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to