Neither change made any difference. (Sigh)
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Dr. Stephen Henson
Sent: Tuesday, April 19, 2005 1:08 PM
To: [email protected]
Subject: Re: Using SSL with existing socket
On Tue, Apr 19, 2005, John Hoel wrote:
> I am having the same problem. I am adding OpenSSL to an existing application
> that calls connect(), and have added logic to use OpenSSL after connect()
> completes successfully. Here is what I have done:
>
> int existing_sock = nnn;
> int rc = 0;
> int code = 0;
> BIO *bio = NULL;
> SSL *ssl = NULL;
>
> bio = BIO_new_socket( existing_sock, BIO_NOCLOSE );
> BIO_set_nbio( bio, 1 );
> ssl = SSL_new( ctx );
> SSL_set_connect_state( ssl );
> SSL_set_bio( ssl, bio, bio );
>
> rc = SSL_connect( ssl );
> if (rc <= 0 )
> {
> code = SSL_get_error( ssl, rc );
> switch( code )
> {
> case SSL_ERROR_ZERO_RETURN:
> buf = ERR_error_string( code, NULL );
> etc...
> }
> }
>
> The first problem I encountered with this code is that when the error
> occurs, ERR_get_error_line_data() returns zero. I then added the call to
> ERR_error_string(). The value pointed to by 'buf' is this:
>
> "error:00000005:lib(0):func(0):DH lib"
>
> This error always occurs. What could be causing this? Why is this message so
> minimally informative?
>
Because the value returned from SSL_get_error() is one of the SSL_ERROR_*
values (ssl.h) and not usable by the ERR library: so you are getting garbage.
In this case SSL_ERROR_SYSCALL.
> I've searched the OpenSSL code for an instance of '5' and found 2:
> ERR_R_DH_LIB and SYS_F_IOCTLSOCKET. Could it be that the error is not DH at
> all. Could this be a problem with the socket when ioctlsocket() is called?
>
> This same problem occurs when accepting a connection using accept(), then
> the above technique for SSL_accept().
>
Try it without the SSL_set_connect_state() call.
You might also want to try it with a blocking socket first (without the
BIO_set_nbio() call) to see if it works.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
NO RELIANCE: This e-mail will be of no force of effect and will not be binding
unless a hard copy of this e-mail, signed by an authorized official of the
company, has been sent to the recipient of this message.
CONFIDENTIAL AND/OR PROPRIETARY: Information contained in this transmission is
intended for the use of the individual or entity named above and may contain
legally proprietary or confidential information. If the reader of this message
is not the intended recipient, you are hereby notified that any dissemination,
distribution or copy of this communication is strictly prohibited. If you have
received this communication in error, please permanently delete this message
and immediately notify us by telephone at 972-377-1110.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
