> From: [email protected] On Behalf Of pradeepreddy > Sent: Wednesday, 15 September, 2010 08:12
> After some fight, I am able to make the connection.I have > taken both server > and client authentication as false > SOAP_SSL_REQUIRE_CLIENT_AUTHENTICATION & > SOAP_SSL_REQUIRE_SERVER_AUTHENTICATION to false.But > SSL_Conect & SSL_accept > are failing with errors "*** > error:00002733:lib(0):func(2):reason(1843)" & I bet this end (at least) is on Windows. Winsock errors don't fit in 12 bits so OpenSSL breaks them up inappropriately. 0x2733 = 10035 = WSAEWOULDBLOCK. This seems consistent with some problem with nonblocking sockets, but OpenSSL shouldn't be returning it as an ERR_ error, it should map it into SSL_get_error WANT_READ or WANT_WRITE as appropriate. Possibly your code (or gsoap) is incorrectly calling ERR_error_string* on errno/[WSA]GetLastError() . > "*** SSL_ERROR_SSL > *** SSL_ERROR_SSL > error:1408A0C1:lib(20):func(138):reason(193) > Error 30 fault: SOAP-ENV:Server [no subcode] > "Error observed by underlying BIO: No such file or directory" You can use commandline openssl errstr to find out 1408A0C1 is SSL3_GET_CLIENT_HELLO:no shared cipher. It's unclear what file got the "No such file" error, but generally the only files a server needs are its privatekey(s)+cert(s), DH/ECDH params if explicit, and maybe random seeding. I don't know if REQUIRE_SERVER_AUTH false in your software means it's not demanded by the client, or not supported by the server. All the ciphersuites enabled by default in OpenSSL do have server authentication; to use the "anonymous" suites you must explicitly enable them. If you run a server with no privkey+cert(s), it can't negotiate any suite allowed by a client using the default list, causing "no shared cipher". > Detail: SSL_accept() failed in soap_ssl_accept()" > respectively.I provided > client.pem keyfile, though it is not required as > authentication is set to > false.Please let me know your thoughts. > > pradeepreddy wrote: > > > > Hi, > > > > An update, > > > > SSL_connect is failing with SSL_ERROR_WANT_READ.I > understand that client > > is waiting on server to write some data.But I dont > understand what to > > change code in server side. > > Nothing. WANT_READ, and WANT_WRITE, require *local* handling of nonblocking sockets. If you (or gsoap) does want nonblocking sockets, see the man pages for SSL_read, SSL_write, and/or SSL_get_error. Except if you're on Windows, you probably don't have man pages. If you don't want nonblocking sockets, you apparently did something wrong and got them, so fix that. <snip some earlier> > >> I see server is ready to accept the connections, as I see below > >> connection established with netstat command: > >> > >> TCP cspxppgudepu:15000 cspxppgudepu.com:0 LISTENING > >> TCP cspxppgudepu:15000 localhost:2864 ESTABLISHED > >> > >> Above 15000 port is for server. > >> > >> Below is client connection: > >> TCP cspxppgudepu:16000 cspxppgudepu.com:0 LISTENING > >> That's not a connection, only an apparently listening socket. Generally a client shouldn't (also) be listening, but IME at least some versions of Winsock spuriously show LISTENING when you merely have the socket open (and maybe bound?). ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
