> [[email protected] - Wed Sep 30 10:19:55 2009]: > > We have found when openssl connects with another server with an older > TLS implementation we get an error: > SSL reported error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 > alert unexpected message > Compiling with OPENSSL_NO_TLSEXT defined seems to correct the problem. > However when compiling the library with the "-DOPENSSL_NO_TLSEXT" > option, the linker gives the following error: > link /nologo /subsystem:console /opt:ref /dll > /out:out32dll\ssleay32.dll /def:ms/SSLEAY32.def > @C:\DOCUME~1\Rip\LOCALS~1\Temp\nm224.tmp > SSLEAY32.def : error LNK2001: unresolved external symbol > SSL_get_servername > SSLEAY32.def : error LNK2001: unresolved external symbol > SSL_get_servername_type > SSLEAY32.def : error LNK2001: unresolved external symbol > SSL_set_session_secret_cb > SSLEAY32.def : error LNK2001: unresolved external symbol > SSL_set_session_ticket_ext > SSLEAY32.def : error LNK2001: unresolved external symbol > SSL_set_session_ticket_ext_cb > out32dll\ssleay32.lib : fatal error LNK1120: 5 unresolved externals > We temporarily commented the lines in the SSLEAY32.def file for now, > which allows the DLL to be built, but some of the openssl apps now > do not link. A more elegant solution would be to change the code > so that the functions such as SSL_get_servername still exist, but > return NULL, or 0 instead when OPENSSL_NO_TLSEXT is defined. > > >
If you want to disable features on WIN32 you need to include them as an argument to Configure or they will be missed. For example: perl Configure VC-WIN32 no-tlsext You may then need to recompile all of OpenSSL, the applications should compile correctly. You don't mention the version of OpenSSL in use but if it is 0.9.8 then disabling tickets should be sufficient to stop the use of TLS extensions without having to remove support from the library. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
