Re: Problem with client authentication

Tue, 25 Apr 2000 08:11:34 -0700 

On Tue, Apr 25, 2000 at 10:39:32AM +0200, Laurent Christophe wrote:
> Hi everybody,
> 
> I have a problem when I want to use client authentication.  I use OpenSSL
> 0.9.4.
> 
> Here is the code part on the client side:
[code snippet shortened]

> ==================================== Server code
> ====================================
> 
>  /* Load the SSL error strings */
>   /* and add cipher algorithms */
>   
>   SSL_load_error_strings();
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
...
>   status=SSL_accept(*ssl_connection);
>    if(status==-1)
>     return status;
^^^^^^^^^^^^^^^^^^^^^^
>   ================================== End of server code
> ==============================
> 
> The error appears on the server side during the SSL_accept call. In fact,
> the server crashes when it receives the client key exchange message. When it
> performs a SSL3_read_bytes and then a BIO_read, these functions returns -1
> as if the connection was broken.
> 
> When the server does not require the client authentication, the code works
> fine. Moreover, there is not a readable error message since I only received
> -1 as the return value.

Why do you load the error strings when not using them. You must call
a function like ERR_print_errors(bio_err) (if having a special error-BIO
bio_err) or something similar to get the error message:

[snippet from Postfix/TLS]:
static void pfixtls_print_errors(void)
{
    unsigned long l;
    char    buf[256];
    const char   *file;
    const char   *data;
    int     line;
    int     flags;
    unsigned long es;

    es = CRYPTO_thread_id();
    while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) {
        if (flags & ERR_TXT_STRING)
            msg_info("%lu:%s:%s:%d:%s:", es, ERR_error_string(l, buf),
                     file, line, data);
        else
            msg_info("%lu:%s:%s:%d:", es, ERR_error_string(l, buf),
                     file, line);
    }
}
[end of snippet]
with msg_info() being a secure printf replacement sending the messages to
syslog. YMMV.

Best regards,
        Lutz
-- 
Lutz Jaenicke                             [EMAIL PROTECTED]
BTU Cottbus               http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik                  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus              Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to