Ohh .. ok. But I just want the SSL_connect to succeed because I want to
fetch the certificate of an HTTPS website. So after the success of
SSL_connect() function, I would call SSL_get_peer_certificate().
Since I wait until the SSL_connect() function succeeds I wanted to know if
there is a better approach.
Hope I am able to convey my understandings for these functions. If you feel
that I dont, please help in understanding the same.
~Arjun
On Mon, Nov 21, 2011 at 8:10 PM, Michael S. Zick <open...@morethan.org>wrote:
> On Mon November 21 2011, Arjun SM wrote:
> > Well yes, these are not errors. My bad for naming the variable as
> 'error'.
> >
>
> Not my point -
>
> Your logic shows that you think the connection has failed when it has
> simple not yet finished with its protocol.
>
> Not finished because you didn't respond to the want-write and/or want-read.
> Something which your code must do when using non-blocking sockets.
>
> Mike
> > ~Arjun
> >
> > On Thu, Nov 17, 2011 at 11:50 PM, Michael S. Zick <open...@morethan.org
> >wrote:
> >
> > > On Thu November 17 2011, Arjun SM wrote:
> > > > Hi,
> > > > Thanks for the reply.
> > > > I have called the ssl_connect() function again after checking for
> > > > SSL_ERROR_WANT_READ
> > > > and SSL_ERROR_WANT_WRITE. But I wanted to know if I can optimize my
> code.
> > > > Below is my code
> > > >
> > > > int counter = 6;
> > > > while (status < 0 && --counter >0 )
> > > > {
> > > > if(status < 0)
> > > > {
> > > > error=SSL_get_error(ssl,status);
> > > > if(error == SSL_ERROR_WANT_READ || error ==
> > > > SSL_ERROR_WANT_WRITE)
> > > > {
> > > > MessageLog.Write("****SSL 1st Connect error ",
> > > error);
> > > >
> > >
> > > But these two cases are __not__ errors,
> > > you just need to 'read' or 'write' as indicated so the protocol can
> > > advance.
> > >
> > > Mike
> > > > usleep(2000000);
> > > > status = SSL_connect(ssl);
> > > > error=SSL_get_error(ssl,status);
> > > > MessageLog.Write("****SSL 2nd Connect error ",
> > > error);
> > > > }
> > > > else
> > > > {
> > > > break;
> > > > }
> > > > }
> > > > } // end of while
> > > >
> > > > I would try for some time and break out saying unable to connect. I
> am
> > > sure
> > > > I can optimize this code by using select() but I am unable to make it
> > > work.
> > > > If there is a better approach please do share.
> > > >
> > > > ~Arjun
> > > >
> > > > On Tue, Nov 15, 2011 at 9:04 PM, Huaqing Wang <whuaq...@gmail.com>
> > > wrote:
> > > >
> > > > > Hi, Arjun,
> > > > >
> > > > > For non-blocking case, you have to handle SSL_ERROR_WANT_READ and
> > > > > SSL_ERROR_WANT_WRITE
> > > > > In that case you need to redo *SSL_connect.*
> > > > > *
> > > > > *
> > > > > Huaqing
> > > > >
> > > > > On Tue, Nov 15, 2011 at 5:51 AM, Arjun SM <arjun...@gmail.com>
> wrote:
> > > > >
> > > > >> Hi all,
> > > > >> I am newbie to openssl any help is greatly appreciated.
> > > > >>
> > > > >> I have a requirement of fetching the Common name (domin name )
> from
> > > the
> > > > >> certificate that I request from any HTTPS websites. I followed the
> > > regular
> > > > >> method of
> > > > >>
> > > > >> 1. establish a connection with the ip address using *connect()
> *system
> > > > >> call.
> > > > >> 2. Use *SSL_connect()* system call to perform handshake.
> > > > >> 3. Use *SSL_get_peer_certificate()* to get the certificate.
> > > > >>
> > > > >> The problem I faced was that, the connect() call would at times
> > > return a
> > > > >> errno 4 (EINTR) error . So i changed code from blocking to
> > > non-blocking
> > > > >> sockets and used select() call to have a valid connection and
> return
> > > an
> > > > >> appropriate file descriptor.
> > > > >> Now the ssl_connect() call returns SSL_ERROR_WANT_READ
> > > > >> or SSL_ERROR_WANT_WRITE error. I am unable to make my code work by
> > > adding a
> > > > >> select() even on ssl_connect() call.
> > > > >>
> > > > >> If any one can please help as to how I need to use the
> ssl_connect()
> > > by
> > > > >> polling that would be of great help. preferred language would be
> C/C++
> > > > >>
> > > > >> thanks,
> > > > >> ~Arjun
> > > > >>
> > > > >>
> > > > >>
> > > > >>
> > > > >>
> > > > >
> > > > >
> > > > > --
> > > > > Thank you.
> > > > > Best Regards,
> > > > > Michael(Huaqing) Wang
> > > > >
> > > > >
> > > >
> > >
> > >
> > > ______________________________________________________________________
> > > OpenSSL Project http://www.openssl.org
> > > User Support Mailing List openssl-users@openssl.org
> > > Automated List Manager majord...@openssl.org
> > >
> >
>
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majord...@openssl.org
>
