Hello Everybody,
i have very strange problem.
I'am trying to write a FTP Client for using with FTPES.
so here are the steps i perform
1) Connect to the FTP Server with unsecured BIO on port 21, works fine.
2) Sending AUHT TLS and perform SLL_Connect Get a new BIO and aply the SSL to
the BIO with BIO_set_ssl, works fine.
3) Login to the Server with regular FTP Commands
4) Sending FTP PASV Commonad to the Server and retriving port Number for Data
Connection
5) Connect to the Dataport with a new secured BIO
and now something strange happens. I'am working with non Blocking IO
BIO_do_connect return -1 and BIO_should_retry returns false, but the Connection
is established, I Can see the Connection in TCPView.
So if I Ignore that i can send Commands on the Command Connection and receive
Data on the Data Connection for witch BIO_do_connect has failed.
I'am using openssl-1.0.0.d and running on Windows XP, can anyobody help?
Here the Code i'am Using. I have written a own Socketclass using openssl i'am
also using in other Projects, but some stange behavior i didnt have seen
anytime before.
In that case m_SSLCtx is not NULL and m_bBlocking is false.
nt SecureSocket::Connect( )
{
SSL* ssl;
if( NULL == m_SSLCtx )
{// Erstmal Unverschlüsselt, Es kann später immer noch eine Explizite
Verschlüsselung mit der Funktion STARTTLS gesetzt werden
m_bio = BIO_new_connect( m_sConnect.Ptr() );
if( NULL == m_bio )
{
QError.Message( LogOnly,21410, QText(21410, m_sConnect
),
QString( "DLL/QInet
SecureSocket::Connect $1$",
ERR_error_string(ERR_get_error(), NULL) ) );
return CONNECT_ERROR;
}//if( NULL == m_bio )
}//if( NULL == m_SSLCtx )
else
{
//Impliziete SLL Verschlüsselung. Heißt wir bauen eine Verbindung immer
von Anfang an verschlüsselt auf
m_bio = BIO_new_ssl_connect(m_SSLCtx);
if( NULL == m_bio )
{
QError.Message( LogOnly,21409, QText(21409, m_sConnect
),
QString( "DLL/QInet
SecureSocket::Connect $1$",
ERR_error_string(ERR_get_error(), NULL) ) );
return CONNECT_ERROR;
}//if( NULL == m_bio )
BIO_get_ssl(m_bio, &ssl);
SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); //Auto Retry falls
Blocking Mode
BIO_set_conn_hostname(m_bio, m_sConnect.Ptr() );
}//else zu if( NULL == m_SSLCtx )
if( !m_bBlocking )
{
BIO_set_nbio( m_bio, 1 );
bool bRetry = false;
int r = 0;
do
{
r= BIO_do_connect( m_bio );
}while( r <= 0 && BIO_should_retry( m_bio) );
if( r <= 0 )
{
QError.Message( LogOnly,21410, QText(21410, m_sConnect
),
QString( "DLL/QInet
SecureSocket::Connect $1$",
ERR_error_string(ERR_get_error(), NULL) ) );
return CONNECT_ERROR;
}
}
else
{
if( 0 >= BIO_do_connect( m_bio ) )
{
QError.Message( LogOnly,21410, QText(21410, m_sConnect
),
QString( "DLL/QInet
SecureSocket::Connect $1$",
ERR_error_string(ERR_get_error(), NULL) ) );
return CONNECT_ERROR;
}//if( 0 >= BIO_do_connect( m_bio ) )
}
if( NULL != m_SSLCtx )
{
int r = SSL_get_verify_result(ssl);
if( X509_V_OK != r )
{
if( !m_IgnoreTrusStoreError )//Sollen wir das
ignorieren?
{
QError.Message( LogOnly,21415, QText(21415, m_sConnect, QString(r)
),
QString( "DLL/QInet
SecureSocket::Connect \n$1$",
GetZertifikatInfo(
SSL_get_peer_certificate(ssl) ) ) );
return CONNECT_NOTRUSTCERT;
}//if( !m_IgnoreTrusStoreError )
}//if(SSL_get_verify_result(ssl) != X509_V_OK)
}
return CONNECT_OK;
}//int SecureSocket::Connect( )
--
NEU: FreePhone - kostenlos mobil telefonieren!
Jetzt informieren: http://www.gmx.net/de/go/freephone
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
