Hi Matt,
Thanks for prompt response!
While I confirm with you that my application crashed INSIDE the SSL_connect()
function.
So SSL_connect has no chance to return the 'res' value to me for analysis.
Because I inserted a debug message before and after SSL_connect(). You can see
it in the following code.
/*
My debug statement wrote the " Going to call SSL_connect() 15" into
my trace file
And this message string is THE LAST message in my trace file.
*/
if (isDiag) {
SerialWriteTestLine_int_Time("Going to call SSL_connect()",
timeout, diag);
}
res = SSL_connect(ssl);
/*
Oooop!!! The following statement was not executed! No debug message
in my trace file anymore.
*/
if (isDiag) {
SerialWriteTestLine_int_Time("SSL_connect res ", res, diag);
}
if (res <= 0) {
sslerror = SSL_get_error(ssl, res);
if (sslerror == SSL_ERROR_WANT_READ) {
isexp = is_expired(exptime);
if (isexp == 1) {
if (isDiag) {
SerialWriteTestLine_int_Time("ConnectSSL [SSL_connect(ssl)] failed Timeout",
timeout, diag);
}
strcpy(error, "SSL connect error");
return 0;
}
continue;
}
So, do you have any idea to get more information inside the SSL_connect? Should
I re-compile and re-install OpenSSL lib?
I tried to configure OpenSSL with option '-d' to enable the debug feature,
while I got compilation error.
Is there any incorrect setup in the BIO, SSL context and socket? I am using all
the setup of previous SSLv23_method().
P.S: I can reach the server by the OpenSSL command:
#openssl s_client -connect <server URL>:PORT -tls1_2
Openssl command returned me the information which looks like I can talk to SSL
server over TLS1.2
depth=1 C = US, ST = Illinois, L = Chicago, O = "Trustwave Holdings, Inc.", CN
= "Trustwave Organization Validation SHA256 CA, Level 1", emailAddress =
c...@trustwave.com
verify error:num=20:unable to get local issuer certificate
verify return:0
CONNECTED(00000003)
---
Certificate chain
0 s:/CN=dev-dataconnect.givex.com/O=Givex Canada Corp/L=Toronto/ST=Ontario/C=CA
i:/C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave
Organization Validation SHA256 CA, Level 1/emailAddress=c...@trustwave.com
1 s:/C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave
Organization Validation SHA256 CA, Level 1/emailAddress=c...@trustwave.com
i:/C=US/O=SecureTrust Corporation/CN=SecureTrust CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgITBljEycmHCzUZRdr0HJPkGijEDjANBgkqhkiG9w0BAQsF
ADCBtTELMAkGA1UEBhMCVVMxETAPBgNVBAgTCElsbGlub2lzMRAwDgYDVQQHEwdD
aGljYWdvMSEwHwYDVQQKExhUcnVzdHdhdmUgSG9sZGluZ3MsIEluYy4xPTA7BgNV
BAMTNFRydXN0d2F2ZSBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBTSEEyNTYgQ0Es
IExldmVsIDExHzAdBgkqhkiG9w0BCQEWEGNhQHRydXN0d2F2ZS5jb20wHhcNMTQx
MTA3MDkxMjM3WhcNMTcxMTA2MTUxMjM3WjBxMSIwIAYDVQQDDBlkZXYtZGF0YWNv
bm5lY3QuZ2l2ZXguY29tMRowGAYDVQQKDBFHaXZleCBDYW5hZGEgQ29ycDEQMA4G
A1UEBwwHVG9yb250bzEQMA4GA1UECAwHT250YXJpbzELMAkGA1UEBhMCQ0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4y7f+C3rEeSekQyCs9NCCrpNw
a/RSZX4GROY9HpSdf1o7emBFZ6T6EQaXACU1U4ROFelpKMH/YycGrfXQe3U21eUb
4mCxEfj1N9BK0ZTEQo0j8FmaJdW7kLJIFmjkkK66oUjx9E+KVUamyTOfQLKo/btE
r8/JXS94NjVr4hZpRN0el56zc5IQJbKxYzAzFUydPvzWj5Lc/l9+lKj8ZVXEWyrp
N9/KWZFpwffhXQwR0iasnLm/Fta9XZ0IyiWk8RrV9rrumOqHxhksHl32MMtJ8J/W
m2SmTdOPJaRC3sJbI8hHJoNh3vsxWu8NzmvXmle14nVIcZoMwRHXcrG9ea5TAgMB
AAGjggGLMIIBhzALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsG
AQUFBwMBMB0GA1UdDgQWBBTCphjKWT2B04SXoTB53oE93hyU4zAfBgNVHSMEGDAW
gBTKzh0YA3ceHPN8WLKacKgIgBb0rjBIBgNVHSAEQTA/MD0GDysGAQQBge0YAwMD
AwQEAzAqMCgGCCsGAQUFBwIBFhxodHRwczovL3NzbC50cnVzdHdhdmUuY29tL0NB
MCQGA1UdEQQdMBuCGWRldi1kYXRhY29ubmVjdC5naXZleC5jb20wNgYDVR0fBC8w
LTAroCmgJ4YlaHR0cDovL2NybC50cnVzdHdhdmUuY29tL09WQ0EyX0wxLmNybDBx
BggrBgEFBQcBAQRlMGMwJgYIKwYBBQUHMAGGGmh0dHA6Ly9vY3NwLnRydXN0d2F2
ZS5jb20vMDkGCCsGAQUFBzAChi1odHRwOi8vc3NsLnRydXN0d2F2ZS5jb20vaXNz
dWVycy9PVkNBMl9MMS5jcnQwDQYJKoZIhvcNAQELBQADggEBAEzB7/euRUBAfXnr
AR3BG4VsyLYnOMp148yXNhxwpJnZQVxIf6wgWwxNviUvYQ8lE/UiSEQzL+pUrzr7
wFDzafePHITspWuIwPgivtPUXlYkYBjsLRvpnfwS+ml2/uVtzMlIxdMk9kpumznS
aQTW5dLQpn7U70h2ESr2jqVetx9xF/iZxvyPQm+jZ74WkoGYTeDKPzzc5C1JL/4C
DU7L6KRvMy9mEMmAm0Uftp4Oi1LLl02Kg8ISv8L0orJCBaieMyjXzsYF1u/WCRmg
lXFDb4L4G8DFvSArePBt5iwYiNwJpA5HBKk3cDXv4OpVUCNToGZxwCuIfbf4N4cp
P+kPkzY=
-----END CERTIFICATE-----
subject=/CN=dev-dataconnect.givex.com/O=Givex Canada
Corp/L=Toronto/ST=Ontario/C=CA
issuer=/C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave
Organization Validation SHA256 CA, Level 1/emailAddress=c...@trustwave.com
---
No client certificate CA names sent
---
SSL handshake has read 2946 bytes and written 615 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : AES256-GCM-SHA384
Session-ID: A6FF6BD6DA9406A8C6148FDDA74E5603FAF8272A5ECFDF1679BA1939F8FC3B25
Session-ID-ctx:
Master-Key:
822DCFBFB88F2B4B2BBB9093CE490F8868A0B24BCDAAD0BEB3C717C2EA54DECA4196817E1C5D4C16457B4054C24132C6
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 03 c4 85 89 59 05 ee ec-07 ba 65 5d 5c 06 c1 cf ....Y.....e]\...
0010 - 11 bc b4 48 3e 8c b1 a8-18 ca 33 57 3e b9 36 c2 ...H>.....3W>.6.
0020 - 7a 1a 97 d1 54 ec ab 64-51 08 77 9d 5c b1 1a 10 z...T..dQ.w.\...
0030 - ce 51 a2 12 6b 49 df 32-ec b3 ac d9 dd 54 ba 51 .Q..kI.2.....T.Q
0040 - 78 ac a8 8d 84 09 3f a6-fe bf 9c 97 21 d9 32 ec x.....?.....!.2.
0050 - 4a 55 8f 14 c2 56 d6 0c-26 47 b8 fa fe c5 7f 9d JU...V..&G......
0060 - 1d cc 22 ec 43 2c 5e ab-48 52 fd 99 04 11 ba 5c ..".C,^.HR.....\
0070 - 20 0a ef ed 18 02 08 97-7e 75 99 88 7d 73 9f d5 .......~u..}s..
0080 - 9b 96 a1 d5 20 44 02 cc-3e 71 e2 6f b6 41 71 a7 .... D..>q.o.Aq.
0090 - 8d 82 a4 a8 3e 08 5f 2e-d1 fe c1 44 c4 13 aa 32 ....>._....D...2
Start Time: 1443544275
Timeout : 7200 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
closed
Thanks,
Tyler
-----Original Message-----
From: Matt Caswell via RT [mailto:r...@openssl.org]
Sent: September-29-15 10:05 AM
To: Tiantian Liu
Cc: openssl-dev@openssl.org
Subject: Re: [openssl-dev] [openssl.org #4060] AutoReply: a crash happened
inside SSL_Connect function
On 29/09/15 14:56, Tiantian Liu via RT wrote:
> Hi Matt & Vi
>
> I tried the SSLv23_method(), and precluded/excluded all SSLv2, SSLv3, TLSv1.
> I only enabled the TLSv1.2 by SSL_CTX_set_option().
> You can see my previous code:
>
> /*setup up by SSLv23_method*/
> meth = SSLv23_method();
> ctx = SSL_CTX_new(meth);
> ............
> ............
> /*Only allow TLSv1.2 protocol*/
> SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 |
> SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1);
>
>
> While the above code didn't work. I couldn't reach the server. Though the
> SSL_connect() didn't crash, it returned as:
>
> 17:49:12.939 [5499]- SSL_connect res : -1
What is the result of SSL_get_error()? Also check the OpenSSL error queue (see
ERR_print_errors or ERR_print_errors_fp).
Matt
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
