Hello list,
I write a application which acts like a proxy/repeater between two ssl -
endpoints. For my app I use OpenSSL 0.9.8g.
The two endpoints connect to the app and idenfity themselves using a id (Both
use the matrixssl implementation for ssl handling).
Two matching id's start the repeating.
Everything runs fine up to the transfer amount of quite exactly 1 megabyte,
then the connection crashs and in repeat code I get
this errormessage:
30190:error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected
message:s3_pkt.c:1053:SSL alert number 10
The coresponding code:
This way I init openssl
...
SSL_load_error_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();
SSL_CTX *ctx = SSL_CTX_new(SSLv3_server_method());
if(ctx == NULL) {
exit(-1);
} else {
printf("SSL_CTX_new successful\n");
}
printf("loading CERTIFACTE.PEM\n");
if(SSL_CTX_use_certificate_file(ctx, "certificate.pem", SSL_FILETYPE_PEM)
!= 1) {
ERR_print_errors_fp(stdout);
exit(-1);
}
if(SSL_CTX_use_RSAPrivateKey_file(ctx, "certificate.pem", SSL_FILETYPE_PEM)
!= 1) {
ERR_print_errors_fp(stdout);
exit(-1);
}
if(SSL_CTX_check_private_key(ctx) != 1) {
ERR_print_errors_fp(stdout);
exit(-1);
}
.......
This is the code at for repeating (params->server and params->client are valid
pointers to 'SSL' struct)
int serverFd = SSL_get_fd(params->server);
int clientFd = SSL_get_fd(params->client);
printf("ServerState: %s / Pending: %d\n", SSL_state_string(params->server),
SSL_pending(params->server));
printf("ClientState: %s / Pending: %d\n", SSL_state_string(params->client),
SSL_pending(params->client));
fd_set read;
while(1) {
int ret = 0;
FD_ZERO(&read);
FD_SET(serverFd, &read);
FD_SET(clientFd, &read);
int nfds = max(serverFd, clientFd) + 1;
if(SSL_pending(params->server) == 0 && SSL_pending(params->client) ==
0) {
ret = select(nfds, &read, NULL, NULL, NULL);
}
if(ret == -1) {
perror("select");
pthread_exit((void *)-1);
}
if(FD_ISSET(serverFd, &read) || SSL_pending(params->server)) {
char buffer[1024];
int bytesReceived = SSL_read(params->server, buffer, 1024);
sumS += bytesReceived;
if(bytesReceived < 0) {
ERR_print_errors_fp(stdout);
pthread_exit((void *)-1);
} else if(bytesReceived == 0) {
ERR_print_errors_fp(stdout);
// proper shutdown of remote site
SSL_shutdown(params->server);
shutdown(serverFd, 2); close(serverFd);
SSL_shutdown(params->viewer);
shutdown(viewerFd, 2); close(viewerFd);
pthread_exit(0);
} else {
int bytesSent = SSL_write(params->client, (void *)buffer,
bytesReceived);
printf("Server: bytesReceived: %d / bytesSent: %d / sumS:
%d\n", bytesReceived, bytesSent, sumS);
}
}
if(FD_ISSET(viewerFd, &read) || SSL_pending(params->viewer)) {
==> same code as in if above only vice versa in direction.
}
Is there something special after the transfer of about 1 MB in ssl? Or is this
only a coincidence?
Is there an error in the code?
Ah, the certifacate.pem I use I a self signed cert I created myself using
openssl commandline tool.
Well thanks in advance - I hope somebody can help me :)
Greetings,
Antonio
:��I"Ϯ��r�m�����
(����Z+�K��+����1���x���h����[�z�(����Z+����f�y���������f���h��)z{,���
