Hello, > Thanks to the responses I was able to get openssl compiled in debug > mode. Once I removed the optimization flag from the make file my > compiler error went away. I've since traced through the code and it > leaves me pretty much just as puzzled as before. Without optimization library may run two times slower.
> The function ssl3_client_hello in s3_clnt.c is returning -1 during the > call to SSL_connect. The reason is that the call to check available > ciphers is returning zero. Line 500 in my version of the code (9.8e): > i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2])); > if (i == 0) > { > > SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); > goto err; > } > The if statement evaluates true and we jump to return the error. Now > I have a few questions. The first is I'm wondering why the error > message is 0 when I I do an ERR_get_error() and I get an > SSL_ERROR_SYSCALL when I do an SSL_get_error. Also, any ideas why it > thinks there are no available ciphers? When I do an openssl ciphers I > get the following so I know they are available: > DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:IDEA-CBC-SHA:IDEA-CBC-MD5:RC2-CBC-MD5:RC4-SHA:RC4-MD5:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC4-MD5 > > > One thought I had is that I originally performed a binary install of > openssl, which placed libraries in /usr/local/lib. I since did a > manual compile/install, which placed libraries in /usr/local/ssl/lib. > I renamed the old libraries and am sure my code is using the new > libraries (as I can now step through the ssl code when debugging) but > I was wondering if somehow the command line openssl utility is still > pointing to the original install and I really don't have any ciphers > available to the ssl my code is using. This idea may be taking me > down the wrong road as this problem existed before there was ever a > second installation attempt of openssl. > Any way to investigate this further? Any other thoughts? Have you initialized this library ?, for example: SSL_load_error_strings(); SSL_library_init(); You may run ldd on openssl binary to check what dynamic libraries are loaded. You may print OpenSSL version from your program: printf("crypto lib: %s\n", SSLeay_version(SSLEAY_VERSION)); Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]