Hi, I am trying to connect using s_client, it works fine for a couple of hours and after that I keep getting this error message.
========================================================= $ openssl s_client -ssl3 -connect IP_NUMBER:PORT(443) CONNECTED(00000003) depth=0 /CN=XYZ 7FDA7830/O=XYZ Co./OU=000E7FDA7830/OU=AS961A 3REJ7961A verify error:num=18:self signed certificate verify return:1 depth=0 /CN=XYZ 7FDA7830/O=XYZ /OU=000E7FDA7830/OU=AS961A 3REJ7 verify return:1 1608:error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac:s3_pkt.c:1031:SSL alert number 20 1608:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:514: ========================================================= I am using the hardware engine. I had sent a mail sometime back asking why the engine is not getting enabled by default. Well I did manage to get a solution. When using the engine from application point of view, you do require to set the default engine from the application code, but when your engine has to come up and be set as default, then you have to set your engine functions as default by using the API ENGINE_set_default_RSA(ENGINE *e) and the same goes for all the functions that are to be done using the hardware. This is mainly intended for stand alone applications. Also even before the openssl comes up, you have to call the ENGINE_load_builtin_engines which initializes the engine tables with the available engines and during this phase when you make a call to the bind_helper you have to set which engine is going to be your default implementation after binding the function pointers through the API ENGINE_set_default_RSA or what ever you need to set as default. The reason for calling the ENGINE_load_builtin_engines before your openssl comes up is, because, when you don't initialize your engine and set it as default, the openssl code takes the software implementation as default. So it is as safe implementation if you can do that in the start. Hope the above info helps. And some one please advice me about the above error... -- Thank you, Best Regards Riaz Ur Rahaman ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
