Sorry for wasting everyone's time. I accidently ran the old verion of our product that uses a different SSL stack and that has exactly the same problem:
Cannot negotiate SSL security - error 7047 ALERT_FATAL_ILLEGAL_PARAMETER So the problem is with the server and not the client. Thank goodness for accidents :-) -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of John Unsworth Sent: 22 March 2013 15:07 To: openssl-users@openssl.org Subject: RE: SSL negotiation fails on linux with 32 bit app Further information. I ran the openssl client app and got the same error: [metabld@metabuild linux]$ openssl s_client -connect junsworth-lt2.eu.cp.net:636 CONNECTED(00000003) depth=0 /C=UK/ST=cheshire/L=macclesfield/O=cp/OU=ts/CN=junsworth-lt2.eu.cp.net verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /C=UK/ST=cheshire/L=macclesfield/O=cp/OU=ts/CN=junsworth-lt2.eu.cp.net verify error:num=27:certificate not trusted verify return:1 depth=0 /C=UK/ST=cheshire/L=macclesfield/O=cp/OU=ts/CN=junsworth-lt2.eu.cp.net verify error:num=21:unable to verify the first certificate verify return:1 10001:error:14094417:SSL routines:SSL3_READ_BYTES:sslv3 alert illegal parameter:s3_pkt.c:1085:SSL alert number 47 10001:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:226: -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of John Unsworth Sent: 22 March 2013 14:41 To: openssl-users@openssl.org Subject: SSL negotiation fails on linux with 32 bit app I have built a LDAP client using OpenSSL on Windows that successfully connects to a LDAP server. The code has been ported to linux (just changing socket functions) as a shared library for use with a 32 bit client. SSL_connect to the same LDAP server that works fine in Windows fails. OpenSSL is used as a shared library from a static library that is linked into another shared library. This shared library is loaded by the application. Application->shared library->static library->OpenSSL as a shared library. The error returned depends on how OpenSSL is configured. ./Configure linux-generic64 shared -m32 -fPIC SSL_ERROR_SSL.error:1408D108:SSL routines:SSL3_GET_KEY_EXCHANGE:wrong signature length ./Configure linux-generic32 shared -m32 -fPIC SSL_ERROR_SSL.error:14094417:SSL routines:SSL3_READ_BYTES:sslv3 alert illegal parameter I presume I am building OpenSSL incorrectly and would appreciate any pointers. John Unsworth ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
