Re: Using SSL with existing socket

Tue, 19 Apr 2005 13:08:44 -0700 

On Tue, Apr 19, 2005, John Hoel wrote:

> I am having the same problem. I am adding OpenSSL to an existing application
> that calls connect(), and have added logic to use OpenSSL after connect()
> completes successfully. Here is what I have done:
> 
> int existing_sock = nnn;
> int rc = 0;
> int code = 0;
> BIO *bio = NULL;
> SSL *ssl = NULL;
> 
> bio = BIO_new_socket( existing_sock, BIO_NOCLOSE );
> BIO_set_nbio( bio, 1 );
> ssl = SSL_new( ctx );
> SSL_set_connect_state( ssl );
> SSL_set_bio( ssl, bio, bio );
> 
> rc = SSL_connect( ssl );
> if (rc <= 0 )
> {
>   code = SSL_get_error( ssl, rc );
>   switch( code )
>   {
>     case SSL_ERROR_ZERO_RETURN:
>       buf = ERR_error_string( code, NULL );
>       etc...
>   }
> }
> 
> The first problem I encountered with this code is that when the error
> occurs, ERR_get_error_line_data() returns zero. I then added the call to
> ERR_error_string(). The value pointed to by 'buf' is this:
> 
> "error:00000005:lib(0):func(0):DH lib"
> 
> This error always occurs. What could be causing this? Why is this message so
> minimally informative?
> 

Because the value returned from SSL_get_error() is one of the SSL_ERROR_*
values (ssl.h) and not usable by the ERR library: so you are getting garbage.

In this case SSL_ERROR_SYSCALL.

> I've searched the OpenSSL code for an instance of '5' and found 2:
> ERR_R_DH_LIB and SYS_F_IOCTLSOCKET. Could it be that the error is not DH at
> all. Could this be a problem with the socket when ioctlsocket() is called?
> 
> This same problem occurs when accepting a connection using accept(), then
> the above technique for SSL_accept().
> 

Try it without the SSL_set_connect_state() call.

You might also want to try it with a blocking socket first (without the
BIO_set_nbio() call) to see if it works.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [email protected]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to