The accept could have failed for any reason such as mismatch of ssl versions/ no matching ciphers/ untrusted certificate / so check on the wire whats going on. From your code snipped, am not sure what exactly setup_client_ctx() does or what ciphers have been set on the server ctx..the SSL_METHOD used.. Am dead sure its just a minor handshake issue coz of misconfiguration..
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Robert Stober Sent: Thursday, April 06, 2006 7:47 AM To: [email protected] Subject: Problem connecting using SSL_connect Hi, My application is very simple, a client that connects to a server and they verify each other's identity. Right now I'm just trying to get them to connect. I'm using OpenSSL 0.9.7. I started with the example application in the O'Reilly "Network Security with OpenSSL" book. I was able to integrate the client portion of the code in my application (with some mods). I tested it with the server they provided which demonstrated that the client code worked. When I integrated the server code into the application I had to make some serious mods because my server need only handle one connection (strange, but true). Anyway, it doesn't work and I can't figure out why. Here's the relevant client code: init_OpenSSL(); logInfo("Initialized OpenSSL library\n"); /* IMPORTANT! * This must be properly seeded to ensure security. * look in chapter 4 for details on how to this. */ seed_prng(); ctx = setup_client_ctx(); logInfo("Loaded private key(s) and passphrase\n"); conn = BIO_new_connect(SERVER ":" PORT); if (!conn) log_error("Error creating connection to BIO"); if (BIO_do_connect(conn) <= 0) log_error("Error connecting to remote machine"); if (!(ssl = SSL_new(ctx))) log_error("Error creating an SSL context"); SSL_set_bio(ssl, conn, conn); /* wait for eauth -s to become ready to establish SSL handshake */ if (SSL_connect(ssl) <= 0) { logInfo("Error connecting to SSL object\n"); } And here's the relevant server code. I suspect that the problem is here since the client used to work. The last thing I see in my logfile is "step5": init_OpenSSL(); logInfo("Initialized OpenSSL library\n"); seed_prng(); ctx = setup_server_ctx(); logInfo("Loaded private key(s) and passphrase\n"); acc = BIO_new_accept(PORT); logInfo("step1\n"); if (!acc) log_error("Error creating server socket"); logInfo("step2\n"); if (BIO_do_accept(acc) <= 0) log_error("Error binding server socket"); logInfo("step3\n"); if (!(ssl = SSL_new(ctx))) log_error("Error creating SSL context"); logInfo("step4\n"); SSL_set_bio(ssl, acc, acc); logInfo("step5\n"); if (SSL_accept(ssl) <= 0) log_error("Error accepting SSL connection"); else logInfo("SSL connection opened\n"); err = SSL_read(ssl, sslbuf, sizeof(sslbuf)); Can anyone see any problems here? Probably something obvious that I'm missing? One more thing - the client is invoked up to one second before the server is invoked. Perhaps the client is attempting to connect before the server is ready? I tried the following but it never connected: if (SSL_connect(ssl) <= 0) { logInfo("Error connecting to SSL object\n"); } Is there any way to see --exactly-- what's going on? To log exactly what's going on during the connection/handshake procedure? Thank you very much, Robert Stober Senior Systems Engineer Platform Computing, Inc. 209-986-9298 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
