On Wed, Aug 30, 2000 at 03:25:48PM -0500, mandyam wrote:
> Thanks. I noticed that I do have the following code in my server app.
> -----------------------------------------------------
> err = SSL accept(ssl);
> if (err==-1) {
> ERR_print_errors_fp(stderr);
> return err;
> }
> >>>>>>>> SSL_get_cipher(ssl) returns NONE;
>
> At this point I issue SSL_get_peer_certificate() and I am able to read
> the client's (or server's) certificate and print it.
> -------------------------------------------------------------
> I do have the same code for SSL_connect() on my client..
>
> Does the SSL_accept/connect() function return error values other than -1?
Yes. It returns -1 on SSL failure, +1 on success and 0, when the connection
was closed.
You should hence use
if (err != 1) {
errval = SSL_get_error(ssl, err);
/* interprete the error value as describe an the SSL_get_error() manual
page */
}
> I also noticed that after cipher=NONE, the SSL_read() call hangs in the
> server.
Maybe, because the "ssl" structure does not point to a vaild ssl connection.
Best regards,
Lutz
PS. As it seems that it only happens after having your program running for some
time. Are you sure that you don't have a leak somewhere in your software?
Maybe you are not closing all file descriptors, so that your new connection
cannot be initiated (and so can't the SSL connection). But that is a stupid
suggestion, as you of course check all of these error possibilities in your
code :-)
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
