[openssl-dev] [openssl.org #4060] a crash happened inside SSL_Connect function

Thu, 24 Sep 2015 09:09:02 -0700 

Hi,

I am a software developer who is struggling on an application development based 
on OpenSSL 1.0.1 (released on 2012-03-14) under Linux (32-bit Redhat).

I used to use the SSL functions from OpenSSL 0.9.8, and my application worked 
fine.  I applied the SSLv23_method() to setup the SSL context and communicate 
with customer's server over various SSL/TLS protocols.

While, recently my customer required me to upgrade my OpenSSL library, because 
their server only support TLS1.2. So I downloaded OpenSSL 1.0.1 source package, 
then complied and installed successfully.
I configured the OpenSSL as:
                #./config -prefix=/usr shared     //I have to generate the 
shared library like libssl.so, libcrypto.so

Then I found my SSL context, setup by SSLv23_method(), stopped working, I can't 
reach their server anymore.  It looked like they didn't understand my handshake 
message when I called SSL_Connect().

So I switched to the TLSv1_2_method()  to build SSL context. However, my 
program crashed every time when I called SSL_Connect(), I mean crash happened 
inside the SSL_Connect(), and it didn't return at all.

Now I have tried 2 methods:

1.       SSLv23_method() to build SSL context

SSL_METHOD *meth;
SSL_CTX *ctx;
......
meth = SSLv23_method();
ctx = SSL_CTX_new(meth);

//Only allow TLSv1_1 or higher
SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | 
SSL_OP_NO_TLSv1);

......

The SSL_Connect() resulted in:
ConnectSSL [SSL_connect(ssl)] failed: 5
SSL_ERROR_SYSCALL: 5



2.       TLSv1_2_method() to build SSL context

SSL_METHOD *meth;
SSL_CTX *ctx;
......
meth = TLSv1_2_method();
ctx = SSL_CTX_new(meth);


then, the SSL_connect() crashed when I invoked it.

Currently, I don't know how to attack this issue, all the code worked fine 
before. I just changed the SSLv23_method  to TLSv1_2_method.  Is there any 
difference between that 2 functions? What I should do if I want to use the 
TLSv1_2_method?

I am very pleased if anyone of you have any idea to help me.
Thanks,
Tyler



_______________________________________________
openssl-bugs-mod mailing list
[email protected]
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to