> From: owner-openssl-us...@openssl.org On Behalf Of pankajy > Sent: Monday, 05 December, 2011 10:26
> I am doing SSL Communication having no certification > validations on client > and server side. So I skipped this validation and tried > SSL_connect with > host. Here I can successfully connect with host using tcp > socket but unable > to connect with host using SSL_connect. It fails with errror > "error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert > handshake failure" > The *server* is aborting handshake. You need to find out what the server dislikes and fix it. *One* cause of server handshake_failure is your failure to supply a cert when the server requires one. What exactly makes you think you shouldn't do 'validation'? Does the server operator, or server software, say so? You could try commandline s_client with -state or -msg to confirm at what point in the protocol it fails. Nit: You don't actually *need* a socket BIO, OpenSSL's SSL_ routines *also* work just fine with a raw socket. Your choice. Also: your verify_callback isn't used (as posted), but if it were returning SSL_VERIFY_NONE is nonsensical. SSL_VERIFY_ are used as modes to *set*. Once the callback is called, it should return 1 for okay or 0 for not_okay. SSL_VERIFY_NONE happens to be 0, which means not_okay. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
