You are reading files, see inline for discussion.
On 5/10/2010 7:36 AM, irivas wrote:
I don't even know where those errors come from. As I said before, the same
code under Solaris runs alright.
I'm only connecting to a regular webserver with ssl, nothing more, nothing
less.
I'm not consciously using anything other than plain http-- none of which is
used up to that point.
Calls made beforehand are:
SSL_load_error_strings();
ERR_load_BIO_strings();
OpenSSL_add_all_algorithms();
ctx = SSL_CTX_new(SSLv23_client_method());
SSL_CTX_load_verify_locations(ctx,NULL,"foldername);//ctx is a SSL_CTX*
See http://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html
If *CApath* is not NULL, it points to a directory containing CA certificates in
PEM format. The files each contain one CA certificate. The files are looked up
by the CA subject name hash value, which must hence be available. If more than
one CA certificate with the same name hash value exist, the extension must be
different (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search is performed in the
ordering of the extension number, regardless of other properties of the
certificates. Use the *c_rehash* utility to create the necessary links.
The certificates in *CApath* are only looked up when required, e.g. when
building the certificate chain or when actually performing the verification of
a peer certificate.
If you look at the error below it is reading the certificate file. Try running
a filter like unix2dos on your certificate files, and probably your
configuration files on your OpenVMS system. Your certificate files are flat
ascii files.
bio = BIO_new_ssl_connect(ctx);//bio is a BIO*
BIO_get_ssl(bio,&ssl); //ssl is a SSL*
SSL_set_mode(ssl,SSL_MODE_AUTO_RETRY);
BIO_set_conn_hostname(bio,buffer);//buffer is a string of the form
"host:portnumber"
Anything I should be doing? The error occurs immediately afterwards.
-----Original Message-----
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Pierre DELAAGE
Sent: Monday, October 04, 2010 4:15 PM
To: openssl-users@openssl.org
Subject: Re: Hello!
ASN.1 encoding will require much more than a simple sprintf.
If your resulting string is expected to be encoded in ASN.1, then there
may be a problem there.
Pierre
Le 04/10/2010 22:02, irivas a écrit :
To further clarify:
The error is a result of a call to BIO_do_connect();
Prior to that call, I make a call to sprintf("%s:%d"); (no newlines
involved).
I'll try substituting the sprintf for a more ubiquitous process and let
you
know. Any further ideas on the matter?
-----Original Message-----
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Pierre DELAAGE
Sent: Monday, October 04, 2010 3:25 PM
To: openssl-users@openssl.org
Subject: Re: Hello!
I do not know anything about OpenVMS and Solaris,
BUT big endian / little endian and improper use of htons in YOUR software
could explain many things.
You should check also \r and \r \n issue, even if not reading any file,
because it may be in cause in "fprintf(fd, "xxxx \n");
\n being expanded differently on some platforms.
Hope this may help,
Pierre
Le 04/10/2010 21:09, irivas a écrit :
I have a tiny software written to communicate with an http server; on a
Solaris system it works alright, but on an OpenVMS system I'm getting
these
errors:
545318540:error:0D07809F:asn1 encoding
routines:ASN1_ITEM_EX_D2I:unexpected
eoc:TASN_DEC:337:Type=X509_ALGOR
545318540:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_D2I:nested
asn1 error:TASN_DEC:566:Field=sig_alg, Type=X509
545318540:error:1409000D:SSL routines:SSL3_GET_SERVER_CERTIFICATE:ASN1
lib:S3_CLNT:816:$!
NOTE:
SSL3_GET_SERVER_CERTIFICATE
Any ideas? Where and what should I look for to fix this?
First thought - line endings.
At least with local text file storage, OpenVMS provides cr-lf on reads.
Solaris uses lf
Could this somehow be related to your problem over-the-wire?
I don't really think so -- I'm not reading from any files at the point
this
error occurs.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
