I just commited a fix for this problem. The code was incorrect in multiple ways:
1. The SSL error queue for the thread might not have been empty, so incorrect error codes might have been handled. FIX: call ERR_clear_error() before calling SSL_connect 2. SSL_ERROR_WANT_READ and SSL_ERROR_WANT_WRITE was not handled at all. FIX: I overcame this problem by making the socket blocking while calling SSL_connect. This should not be a problem since this function calls conn_open_tcp which might block, too. 3. In case of an error conn_destroy might have been called with a half initialized Connection. This might cause a crash when the ssl_mutex was still NULL. FIX: make sure the mutex is created before any error handling. I suspect 1.) might be true for other SSL I/O calls as well. This should be audited. Regards Jörg -----Original Message----- From: Jörg Pommnitz To: 'Stipe Tolj ' Cc: ''[EMAIL PROTECTED]' ' Sent: 12/7/01 12:07 PM Subject: RE: Heads up: SSL client code to verify SSL server certificates Thanks, however I just discovered some misbehaviour that I'm unsure whom to blame for: If a certificate gets rejected than this currently not detected in Connection *conn_open_ssl(Octstr *host, int port, Octstr *certkeyfile, Octstr *our_host) and I don't understand why. HTTP requests over a SSL connection later fail when they try to write something. I suspect this never came up until now because the SSL negotiations always succeeded. Any ideas? Regards Jörg