Hello,
Svemu - Reparto Sviluppo wrote:
>>> 09.42.57.040 00A6D550 212 [32] error:14077447:SSL
>>> routines:SSL23_GET_SERVER_HELLO:reason(1095)
>>
>> Error number 1095 seems to mean const SSL_R_KRB5_C_GET_CRED
>> which has been changed from 1095 to 287 in OpenSSL 0.9.8a
>> to 0.9.8b. Dunno the meaning of this error, may have to do
>> with Kerberos.
>
> LibEay32.dll is 0.9.8e and is the same on ftp server.
It might be that the application loaded some incompatible
OpenSSL libraries unless the full path and filenames are
specified.
Quote from thread "New DLL hijacking vulnerability KB 2269637":
"The DLL names are globally writable typed constants, set their values
before the OpenSSL libraries are loaded. OSSL is dynamically loaded
at runtime, that is when the first OpenSSL function is called.
In order to enforce a load call TSslContext.InitContext or
set TSslDynamicLock/TSslStaticLock.Enabled to TRUE.
I prefer this anyway since the load errors don't raise somewhere
but where I can handle them easily:
try
GSSLEAY_DLL_Name := <full path and filename>;
GLIBEAY_DLL_Name := <full path and filename>;
MySslContext.InitContext; // loads the libraries and initializes the
SslContext
except
// Something went wrong, log and handle it.
end;"
> From my pc work fine with same dll.
I just tested from here with the demo OverbyteIcsSslFtpTst.exe
and that works for me as well.
>
> Can you give me an idea for investigate?
As I understand, your customer uses your application rather
than OverbyteIcsSslFtpTst.exe. If so, I would compare all
SSL settings of your application with the demo settings.
Or you could ask for a reason of error
"error:14077447:SSL routines:SSL23_GET_SERVER_HELLO:reason(1095)"
in the OpenSSL mailing list.
--
Arno Garrels
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
