Hello,
> Thanks to the responses I was able to get openssl compiled in debug
> mode. Once I removed the optimization flag from the make file my
> compiler error went away. I've since traced through the code and it
> leaves me pretty much just as puzzled as before.
Without optimization library may run two times slower.
> The function ssl3_client_hello in s3_clnt.c is returning -1 during the
> call to SSL_connect. The reason is that the call to check available
> ciphers is returning zero. Line 500 in my version of the code (9.8e):
> i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]));
> if (i == 0)
> {
>
> SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
> goto err;
> }
> The if statement evaluates true and we jump to return the error. Now
> I have a few questions. The first is I'm wondering why the error
> message is 0 when I I do an ERR_get_error() and I get an
> SSL_ERROR_SYSCALL when I do an SSL_get_error. Also, any ideas why it
> thinks there are no available ciphers? When I do an openssl ciphers I
> get the following so I know they are available:
> DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:IDEA-CBC-SHA:IDEA-CBC-MD5:RC2-CBC-MD5:RC4-SHA:RC4-MD5:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC4-MD5
>
>
> One thought I had is that I originally performed a binary install of
> openssl, which placed libraries in /usr/local/lib. I since did a
> manual compile/install, which placed libraries in /usr/local/ssl/lib.
> I renamed the old libraries and am sure my code is using the new
> libraries (as I can now step through the ssl code when debugging) but
> I was wondering if somehow the command line openssl utility is still
> pointing to the original install and I really don't have any ciphers
> available to the ssl my code is using. This idea may be taking me
> down the wrong road as this problem existed before there was ever a
> second installation attempt of openssl.
> Any way to investigate this further? Any other thoughts?
Have you initialized this library ?, for example:
SSL_load_error_strings();
SSL_library_init();
You may run ldd on openssl binary to check what dynamic libraries
are loaded.
You may print OpenSSL version from your program:
printf("crypto lib: %s\n", SSLeay_version(SSLEAY_VERSION));
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
