The information you gave me I set it right now on the application server and client.
As I mentioned before, the server is multiplexed supporting multiple clients. I wrote a C client and I have my java client as well (on experimental phase). The server acts as a "forwarder" sending data received from a client to all the others. I realized that when I connect only one "yet-another-echo-client" to the server, comunication goes well, in the term that the client receives it's own info back again from the server, both the C client and the Java client. For this I use file descriptor association, and believe me that my code is pretty full of error checking with SSL_get_error() and I check all the SSL_<functions>(). The problem is that seems that the file descriptor associaton does not work when you associate more than one (not at the same time of course) file descriptor, although no error return from SSL_set_fd(), nor from *_wfd() and *_rfd(). I read the man pages and when you associate a different file descriptor, BIO_free() will be called so I forgot about releasing or something like that. On the client side, if more than one clients are connected I do get an error on SLL_read() function: [ERR]: SSL_read() was unsuccessful (errCode: 1, ret: -1) and the openssl error: 4787:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:422: What I'm in concern is that I followed your advices and set TLSv1 as method for both client and server. Clients really says so: Connection made with version: TLSv1, cipher: AES256-SHA And the error string is preffixed with "SSL3_GET_RECORD". Though this error does not shown when one client is connected and the info is shared ok between server and client (C and Java clients as well). So, they are communicating ok. The main thing here is the file descriptor association I think. I hate to ask, because I like reading and I read the man pages about almost everything concerning my needs on the openssl library. I also try setting the file descriptors for reading and for writting. The main code of that part (already testing FD_ISSET() and knowing that a client is sending data to the server) is: http://pastebin.lugmen.org.ar/5217 I included my debug code to give information of what i've done. I also have tryed using SSL_set_wfd() and SSL_set_rfd() on the respectively places. The code is NOT exactly as the one I have, i removed comments and maybe a ';' is missing. I say this just in case someone would say that I have missings {'s and if-else's are wrong. I insist it should be a bad file descriptor association by my part, or lack of theory in SSL communications. Best regards, -- Sebastián Treu http://labombiya.com.ar ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
