Hi,
Last year I posted a problem with a blocking handshake
(Date 1999-06-25, "Interesting Handshake behaviour",
http://marc.theaimsgroup.com/?l=openssl-users&m=93032848224537&w=2)
and recieved alot of help but the only solution in the end was to
upgrade to openssl 0.9.3, which has been successful, until now.
The handshake does not block when compiled on a sparc 5 server but does
when compiled on Linux Redhat 6.1. (using egcs compiler in both cases).
Once the handshake is complete the server _appears_ not to block.
I'd be very grateful for any ideas as to what's happening and possible
solutions.
relevant snippets of the C++ Code included below.
cheers,
Sarah
set the listen socket fd (set O_NONBLOCKflag) to be non-blocking after
bind, ie. before any SSL calls
SSL_METHOD *meth=SSLv23_server_method();
SSLeay_add_all_algorithms();
SSL_load_error_strings();
ctx = SSL_CTX_new (meth);
SSL_CTX_use_certificate_file(ctx,certificate_file_buf.c_str(),
SSL_FILETYPE_PEM) <= 0)
SSL_CTX_use_PrivateKey_file(ctx,key_file_buf.c_str(),
SSL_FILETYPE_PEM) <= 0)
SSL_CTX_check_private_key(ctx)
SSL_CTX_set_cipher_list(ctx,cipherlist);
After the socket accept -
ssl = SSL_new (ctx);
SSL_set_accept_state(ssl);
SSL_set_fd (ssl, sd);
When we have a read event on the socket -
if(!SSL_is_init_finished(ssl))
{
switch (SSL_get_error(ssl,acceptval))
{
// errors indicating a retry
case SSL_ERROR_NONE: /* 0 */
case SSL_ERROR_WANT_READ: /* 2 */
case SSL_ERROR_WANT_WRITE: /* 3 */
case SSL_ERROR_WANT_X509_LOOKUP: /* 4 */
case SSL_ERROR_WANT_CONNECT: /* 7 */
// need to do the accept again, so return
// to the eventloop,
case SSL_ERROR_SSL: /* 1 */
case SSL_ERROR_SYSCALL: /* 5 */
case SSL_ERROR_ZERO_RETURN: /* 6 */
default:
// the handshake has failed, so drop connection
}
}
// once the handshake has finished, read the data
res=SSL_read(ssl,(char *)p,buflen);
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
