Vladislav Eroshin via RT wrote:
> I am writing an https client using Open SSL. I am having problems with
> connecting to secured webservers through Netscape proxy. If I use CacheFlow
> proxy it works fine. The tunnel on the proxy server is created successfully
> Proxy responds with connection established but SSL_connect fails with an
> error (Connecting to address: 10.190.68.10
> ocsp.preprod.identrus.abnamro.com:443
> SSL Connect failed with error code: error:00000005:lib(0):func(0):bad asn1
> object header
> SSL_ERROR_SYSCALL).
My experience from similiar setups is that the Netscape Proxy you mention probably is
not a
usual HTTP proxy, but a HTTPS proxy, unwrapping the HTTP from the SSL stream and
forwarding
the HTTP stream to an application server. This would explain the difference in
behaviour to
CacheFlow, but might be a wrong assumption.
Anyway, here are some ideas that might help:
* You might want to use SSLv3_client_method(), since the PKI framework you're
working with
mandates the use of SSLv3 only (and using a SSLv2 client hello might be rejected
by the
server)
* Make sure to include a client certificate if the server expects one
* To further debug this problem, I'd suggest you run Eric Rescorla's SSLdump [
http://www.rtfm.com/ssldump/ ] to analyse what's actually going on in the
handshake. I
found this tool very useful.
Best Regards,
David Maurus
email: [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
