Re: TLS handshake is not intiated when the SSL-ctx object has client certificate and private key on Openssl 0.9.8k

Mon, 01 Jun 2009 04:54:01 -0700 

I have seen this problem earlier too .Many of them has reported this problem
earlier also. I think this problem is becuase from openssl 9.8k onwards tls
extension is enabled by default .

My doudt is that if this is the case will the openssl 9.8k will work with
any of the older openssl version too ?

Thanks

Rajan



On Mon, Jun 1, 2009 at 4:08 PM, prathima <prathima.gog...@polycom.com>wrote:

>
> Hi All,
>
> I am using OpenSSL 0.9.8.k.
> We are using the following function to configure device certificate and
> private key:
> SSL_CTX_use_certificate_chain_file() and SSL_CTX_use_PrivateKey_file().
>
> When SSL_ctx object is loaded with the client certificate and private key
> using above 2 functions, then TLS handshake fails, even the client hello is
> not sent to the server and client is closing the connection by sending FIN
> message.
> But when this object is not loaded with client certificate and private key
> then Client hello is sent to server and TLS handshake is successful.
>
> Following are the failure logs when client hello is not sent to server:
> 0529114428|sip |4|00|SSL_connect failed
> 'error:00000000:lib(0):func(0):reason(0)'
> 0529114428|sip |4|00|SSL_connect error 5
>
> When the following macro is defined in Opensslconf.h, TLS handshake was
> successful:
>
> #ifndef OPENSSL_NO_TLSEXT
> # define OPENSSL_NO_TLSEXT
> #endif
>
> Could anyone please let me know why TLS is working on defining this macro?
>
> Note: Initially we used openssl 0.9.7d version. On this version we didn’t
> find the above problem and “OPENSSL_NO_TLSEXT” macro is not available in
> this version.
>
> I am using client certificate with the following options:
> Version         : v3
> Signature algorithm     : SHA-256
> and RSA 1024 bit private key is being used.
>
> Regards,
> Prathima
> --
> View this message in context:
> http://www.nabble.com/TLS-handshake-is-not-intiated-when-the-SSL-ctx-object-has-client-certificate-and-private-key-on-Openssl-0.9.8k-tp23813018p23813018.html
> Sent from the OpenSSL - User mailing list archive at Nabble.com.
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@openssl.org
> Automated List Manager                           majord...@openssl.org
>

Reply via email to