I am using SSL_is_init_finished this API function to check if init is finished. But its not even reaching that code. The very first call i made to SS_Connect, and after that i read data from w_BIO and then sending that on TCP, and on getting that data, server gives this error. and for debugging purposes i am using *openssl s_server *with -msg enabled so that i can see whats going on, I am not using my server for this, and i think that one supports sslv3. this is the error i get
180:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:.\ssl\s23_srvr.c:584: shutting down SSL // Harshvir On Wed, May 25, 2011 at 12:08 PM, Gayathri Sundar <suraj...@gmail.com>wrote: > Okay, u r writing the client, so you need to do connect, now ssl_connect is > going to do the complete SSL handshake, which involves multiple read and > writes, now since you are using memory bios, ssl connect is going to read > from the r_membio and write into the w_membio. The data has to go out the > tcp fd you have created and connected with the server. So its ur duty to > take data out the w_membio and do a tcp_send(). That is what I meant by > saying "write". Application data transfer may be initiated by your server > once the ssl connect is thro. There are apis which tell if ssl connect is > completed and ssl connect itself will return ssl_success, until then u will > be getting the want_read and want_write error codes, so your state machine > would be in the "connect pending" state until ssl connect returns success. > Please understand that SSL_Connect itself will be called multiple times in > the asyn architecture. > > BTW if the protocol nego has failed, perhaps you need to see what the > server supports, maybe it understands only tls and not sslv3 etc. > > thanks > --Gayathri > > On Wed, May 25, 2011 at 10:12 AM, Harshvir Sidhu <hvssi...@gmail.com>wrote: > >> Thanks Gayatri. >> This is what i am doing, but i dont have any buffer to send initially, my >> data transfer start from server side. >> What i was doing is, calling SSL_connect after initialization and then in >> the socket read and write code, i was doing encrypt and decrypt accordingly, >> but the very first moment i send data to s_server, it gives error, "unknown >> protocol" >> Thanks. >> >> // Harshvir >> On Wed, May 25, 2011 at 10:02 AM, Gayathri Sundar >> <suraj...@gmail.com>wrote: >> >>> So finally u have agreed to my initial suggestion of state machines :) >>> >>> The basic steps in terms of am algorithm are as follows >>> >>> A. Create the ssl ctx and ssl. Obj >>> B. Create a pair of memory bios and attach them to the ssl obj, one is >>> for read and the other is for write. >>> C. Create the tcp fds and complete the tcp handshake >>> D. Once tcp connect is done, u have an fd on which u receive and send >>> data >>> E. Initialize ur state machine for ssl connect pending >>> F. Take the buffer to be sent, copy it to the memory write bio, >>> encrypt it using ssl connect, then do a tcp send >>> G. While still connect pending, do tcp read, copy to read bio, call >>> ssl connect to decrypt. >>> >>> Thanks >>> --Gayathri >>> >>> On Wednesday, May 25, 2011, Harshvir Sidhu <hvssi...@gmail.com> wrote: >>> > Hi, >>> > I am trying to implement State Machine based on the demo >>> application, that is a server code. >>> > Like i am writting the client side. >>> > So when i try to do handshake, by calling SSL_connect, which i have >>> used memory bios, after that i check for data available, and then i read >>> data and send to server, on server side i am getting error. >>> > >>> > 180:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown >>> protocol:.\ssl\s23_srvr.c:584: shutting down SSL >>> > >>> > My question is which is a good place to do handshake in case we use >>> state machine, i am doing just after initializing ctx and ssl, and then i >>> send data 1 time and in performing rest of operations in my receive >>> callback, but s_server give me error on first packet only. >>> > >>> > >>> > Thanks. >>> > >>> > // Harshvir >>> > >>> > 2011/5/25 Michael Ströder <mich...@stroeder.com> >>> > >>> > Eric S. Eberhard wrote: >>> > or ... keep it simple and at least consider using stunnel. >>> > >>> > I use stunnel myself in some situations. It's a great tool. >>> > >>> > But bear in mind that the application then has no access to >>> authentication information of the SSL layer. >>> > >>> > Ciao, Michael. >>> > >>> > >>> > >>> > ______________________________________________________________________ >>> > OpenSSL Project http://www.openssl.org >>> <http://www.openssl.org/> >>> > User Support Mailing List >>> openssl-users@openssl.org >>> > Automated List Manager majord...@openssl.org >>> > >>> > >>> ______________________________________________________________________ >>> OpenSSL Project http://www.openssl.org >>> User Support Mailing List openssl-users@openssl.org >>> Automated List Manager majord...@openssl.org >>> >> >> >
