Dear Sirs,
I am writing an https client using Open SSL. I am having problems with
connecting to secured webservers through Netscape proxy. If I use CacheFlow
proxy it works fine. The tunnel on the proxy server is created successfully
Proxy responds with connection established but SSL_connect fails with an
error (Connecting to address: 10.190.68.10
ocsp.preprod.identrus.abnamro.com:443
SSL Connect failed with error code: error:0005:lib(0):func(0):bad asn1
object header
SSL_ERROR_SYSCALL).
Code which I execute is bellow. THis code fails only with Netscape proxy.
Thank you for cooperation,
Vlad.
if(proxy){
char uriBuf[100];
sprintf(uriBuf, %s:%d, url-GetServer(), url-GetPort());
printf(uriBuf, %s:%d, url-GetServer(), url-GetPort());
proxy-GetServer();
HTTPRequestHeader request(CONNECT,uriBuf, HTTP/1.0);
HTTPHeader header;
header.AddField(User-agent, Mozilla/4.0);
header.AddField(Host, url-GetServer());
header.AddField(Content-Length, 0);
header.AddField(Proxy-Connection, Keep-Alive);
header.AddField(Pragma, no-cache);
request.SetHeader(header);
DWORD optval = SO_KEEPALIVE;
err = setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (const char
*)optval,
sizeof(optval));
int reqlen = 0;
char * reqBuffer = (char *)request.Flatten(reqlen);
//unsignd char * connectRequest = CONNECT
www.si.identrus.abnamro.com:443
HTTP/1.0\n\rUser-agent: Mozilla/4.0\n\r\n\r;
send(sock, reqBuffer, reqlen,0);
//DataSource tmpsrc(sock);
unsigned char respbuff[MAX_BUFFER];
memset(respbuff, 0, sizeof(respbuff));
//int receivedLen = tmpsrc.Read(respbuff, sizeof(respbuff));
int nread = 0;
int i=0;
for(;isizeof(respbuff)/sizeof(*respbuff);i+=nread){
fd_set l_readfds;
fd_set l_errfds;
FD_ZERO(l_readfds);
FD_ZERO(l_errfds);
FD_SET(sock, l_readfds);
FD_SET(sock, l_errfds);
int n=0;
do{
n=select( 1, l_readfds, 0, l_errfds, NULL );
}while(n==0);
if(FD_ISSET(sock, l_errfds)){
return i;
}
if(FD_ISSET(sock, l_readfds)){
nread = recv(sock, (char *)respbuff+i,
sizeof(respbuff)/sizeof(*respbuff)-i, 0);
if(nread==-1||nread==0||strstr((char
*)respbuff,\r\n)){
break;
}
}
}
HTTPResponse response;
response.ParseHeader(respbuff);
if(response.GetStatus()!=200){
printf(Proxy Server responded with bad Connection status.\n);
return -1;
}
}
if(url-IsSecure()){
SSLeay_add_ssl_algorithms();
meth = SSLv23_client_method();
SSL_load_error_strings();
ctx = SSL_CTX_new (meth);
if(!ctx){
printf(SSSL create context failed!\n);
return -1;
}
SSL * ssl = SSL_new (ctx);
dataSource = new DataSource(ssl);
if(!ssl){
printf(Data source created!\n);
return -1;
}
SSL_set_fd (ssl, sock);
err = SSL_connect (ssl);
if(err!=1){
SSL_load_error_strings();
int sslCode = SSL_get_error(ssl, err);
ERR_print_errors_fp(stdout);
printf(SSL Connect failed with error code:
%s\n,ERR_error_string(sslCode, NULL));
switch(sslCode){
case SSL_ERROR_SSL:
printf(SSL_ERROR_SSL\n);
break;
case SSL_ERROR_SYSCALL:
printf(SSL_ERROR_SYSCALL\n);
break;
case SSL_ERROR_WANT_X509_LOOKUP:
printf(SSL_ERROR_WANT_X509_LOOKUP\n);
break;
case SSL_ERROR_WANT_CONNECT:
printf(SSL_ERROR_WANT_CONNECT\n);
break;