Nirave, Nirave Kadakia wrote: > > > - Are you using the correct SSL options (eg. set as client, TLS protocol > > enabled, ciphers set) ? If you bypass the import step and connect to an > > SSL server directly, do you get the error ? > > > > I just tried bypassing the import step and received an assertion failure > that a file descripter was NULL.
Sorry I wasn't clear. I meant that you create an SSL socket before you connect or do any I/O, do the SSL_ImportFD, and connect directly to an SSL server. > > - Did you do SSL_ResetHandshake on your socket after the import ? If > > not, you must do that in order for SSL to work after importing a non-SSL > > socket to SSL. > > > > Yes, I did. I ran the function after Importing and setting all my > options. OK, that's correct. I tried your code. There doesn't appear to be anything wrong with it. I don't have any server that does STARTTLS in the way you want to test it against. I just slightly modified your program to not do the PR_Write after your insecure PR_Connect . So the SSL import was done after the connect. Everything worked just fine. Perhaps your problem is with the server side, and the Bad MAC error is indicative of that ? Does that server work with any other client ? -- "Except for the lack of debugging and the ps thing, [Linux] kernel threads are generally fine right now. And if you're not too fussed about the more fiddly details of POSIX threads, and your application doesn't spend most of its time in thread creation, then LinuxThreads is great too." Linux-Kernel archive
