some VC++ help wanted: can not step into SSL_xxx functions (debug libeay32.dll and ssleay32.dll)
Dear readers, I know, it's great, sunny whether today, but may be someone would kindly help, anyway ;-) *Background:* I'm just debugging some problem around SSL_CTX_load_verify_locations() call in my particular environment. Since I'm not able to find the reason for: openssl.exe s_client -debug -state -connect 192.168.0.192:21 is always reporting: no peer certificate available, so I think it's best to step into SSL_CTX_load_verify_locations() and to see, what files and directories are _really_ tried to load and so on. *Problem:* But I can't step into _any_ BIO_xxx or SSL_xxx functions. VS2005 reports, it has the symbols: \Training\ssl1\debug\libeay32.dll', Symbols loaded. blahblah..\msvcr80d.dll', Symbols loaded. \Training\ssl1\debug\ssleay32.dll', Symbols loaded. *but on pressing F11 (step into), nothing happens!* Already copied all *.pdb to the same directory as my local copies of DLLs are located, also added \openss1_1.0.0.\out32dll to pdb search path. I built OpenSSL 1.0.0 release, as described in INSTALL.W32, using the 'no-asm' and 'debug' options. This created in ./out32dll aside others this: 08.04.2010 19:34 1.363.968 libeay32.dll 08.04.2010 19:34 315.392 ssleay32.dll 08.04.2010 19:34 771.324 libeay32.lib 08.04.2010 19:3456.834 ssleay32.lib 08.04.2010 19:34 1.944.576 libeay32.pdb 08.04.2010 19:34 420.864 ssleay32.pdb 08.04.2010 19:34 385 ssleay32.dll.manifest 08.04.2010 19:34 385 libeay32.dll.manifest 08.04.2010 19:34 466.605 libeay32.exp 08.04.2010 19:3434.068 ssleay32.exp One question: Is the file size okay for really being DEBUG versions? Any hint or help is highly appreciated by Modem Man
Re: some VC++ help wanted: can not step into SSL_xxx functions (debug libeay32.dll and ssleay32.dll)
Hi, Try adding the switch /Zi to the CFLAG in the makefile and rebuild the dlls. This is mandatory to create a full program database. I come across the same problem and I solved it with this. The perl scripts should be updated to include this flag for the debug build. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 4/25/2010 1:47 PM, Modem Man wrote: Dear readers, I know, it's great, sunny whether today, but may be someone would kindly help, anyway ;-) *Background:* I'm just debugging some problem around SSL_CTX_load_verify_locations() call in my particular environment. Since I'm not able to find the reason for: openssl.exe s_client -debug -state -connect 192.168.0.192:21 is always reporting: no peer certificate available, so I think it's best to step into SSL_CTX_load_verify_locations() and to see, what files and directories are _really_ tried to load and so on. *Problem:* But I can't step into _any_ BIO_xxx or SSL_xxx functions. VS2005 reports, it has the symbols: \Training\ssl1\debug\libeay32.dll', Symbols loaded. blahblah..\msvcr80d.dll', Symbols loaded. \Training\ssl1\debug\ssleay32.dll', Symbols loaded. *but on pressing F11 (step into), nothing happens!* Already copied all *.pdb to the same directory as my local copies of DLLs are located, also added \openss1_1.0.0.\out32dll to pdb search path. I built OpenSSL 1.0.0 release, as described in INSTALL.W32, using the 'no-asm' and 'debug' options. This created in ./out32dll aside others this: 08.04.2010 19:34 1.363.968 libeay32.dll 08.04.2010 19:34 315.392 ssleay32.dll 08.04.2010 19:34 771.324 libeay32.lib 08.04.2010 19:3456.834 ssleay32.lib 08.04.2010 19:34 1.944.576 libeay32.pdb 08.04.2010 19:34 420.864 ssleay32.pdb 08.04.2010 19:34 385 ssleay32.dll.manifest 08.04.2010 19:34 385 libeay32.dll.manifest 08.04.2010 19:34 466.605 libeay32.exp 08.04.2010 19:3434.068 ssleay32.exp One question: Is the file size okay for really being DEBUG versions? Any hint or help is highly appreciated by Modem Man __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: some VC++ help wanted: can not step into SSL_xxx functions (debug libeay32.dll and ssleay32.dll)
Mounir IDRASSI wrote: Hi, Try adding the switch /Zi to the CFLAG in the makefile and rebuild the dlls. This is mandatory to create a full program database. I come across the same problem and I solved it with this. The perl scripts should be updated to include this flag for the debug build. YES! Thank you very much, you saved my day!! Works for me! Modem Man On 4/25/2010 1:47 PM, Modem Man wrote: Dear readers, I know, it's great, sunny whether today, but may be someone would kindly help, anyway ;-) *Background:* I'm just debugging some problem around SSL_CTX_load_verify_locations() call in my particular environment. Since I'm not able to find the reason for: openssl.exe s_client -debug -state -connect 192.168.0.192:21 is always reporting: no peer certificate available, so I think it's best to step into SSL_CTX_load_verify_locations() and to see, what files and directories are _really_ tried to load and so on. *Problem:* But I can't step into _any_ BIO_xxx or SSL_xxx functions. VS2005 reports, it has the symbols: \Training\ssl1\debug\libeay32.dll', Symbols loaded. blahblah..\msvcr80d.dll', Symbols loaded. \Training\ssl1\debug\ssleay32.dll', Symbols loaded. *but on pressing F11 (step into), nothing happens!* Already copied all *.pdb to the same directory as my local copies of DLLs are located, also added \openss1_1.0.0.\out32dll to pdb search path. I built OpenSSL 1.0.0 release, as described in INSTALL.W32, using the 'no-asm' and 'debug' options. This created in ./out32dll aside others this: 08.04.2010 19:34 1.363.968 libeay32.dll 08.04.2010 19:34 315.392 ssleay32.dll 08.04.2010 19:34 771.324 libeay32.lib 08.04.2010 19:3456.834 ssleay32.lib 08.04.2010 19:34 1.944.576 libeay32.pdb 08.04.2010 19:34 420.864 ssleay32.pdb 08.04.2010 19:34 385 ssleay32.dll.manifest 08.04.2010 19:34 385 libeay32.dll.manifest 08.04.2010 19:34 466.605 libeay32.exp 08.04.2010 19:3434.068 ssleay32.exp One question: Is the file size okay for really being DEBUG versions? Any hint or help is highly appreciated by Modem Man __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: some VC++ help wanted: can not step into SSL_xxx functions (debug libeay32.dll and ssleay32.dll)
'no peer certificate available' is a different error than 'peer certificate did not verify'. This means that the TLS server is running without a certificate. (TLS and SSL do *not* require servers to provide certificates, but they do require that servers must provide certificates before they ask for client authentication, else it's a protocol error.) -Kyle H On Sun, Apr 25, 2010 at 4:47 AM, Modem Man modem-...@gmx.net wrote: Dear readers, I know, it's great, sunny whether today, but may be someone would kindly help, anyway ;-) Background: I'm just debugging some problem around SSL_CTX_load_verify_locations() call in my particular environment. Since I'm not able to find the reason for: openssl.exe s_client -debug -state -connect 192.168.0.192:21 is always reporting: no peer certificate available, so I think it's best to step into SSL_CTX_load_verify_locations() and to see, what files and directories are _really_ tried to load and so on. Problem: But I can't step into _any_ BIO_xxx or SSL_xxx functions. VS2005 reports, it has the symbols: \Training\ssl1\debug\libeay32.dll', Symbols loaded. blahblah..\msvcr80d.dll', Symbols loaded. \Training\ssl1\debug\ssleay32.dll', Symbols loaded. but on pressing F11 (step into), nothing happens! Already copied all *.pdb to the same directory as my local copies of DLLs are located, also added \openss1_1.0.0.\out32dll to pdb search path. I built OpenSSL 1.0.0 release, as described in INSTALL.W32, using the 'no-asm' and 'debug' options. This created in ./out32dll aside others this: 08.04.2010 19:34 1.363.968 libeay32.dll 08.04.2010 19:34 315.392 ssleay32.dll 08.04.2010 19:34 771.324 libeay32.lib 08.04.2010 19:34 56.834 ssleay32.lib 08.04.2010 19:34 1.944.576 libeay32.pdb 08.04.2010 19:34 420.864 ssleay32.pdb 08.04.2010 19:34 385 ssleay32.dll.manifest 08.04.2010 19:34 385 libeay32.dll.manifest 08.04.2010 19:34 466.605 libeay32.exp 08.04.2010 19:34 34.068 ssleay32.exp One question: Is the file size okay for really being DEBUG versions? Any hint or help is highly appreciated by Modem Man __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: some VC++ help wanted: can not step into SSL_xxx functions (debug libeay32.dll and ssleay32.dll)
Kyle Hamilton wrote: 'no peer certificate available' is a different error than 'peer certificate did not verify'. This means that the TLS server is running without a certificate. (TLS and SSL do *not* require servers to provide certificates, but they do require that servers must provide certificates before they ask for client authentication, else it's a protocol error.) -Kyle H Thank you for this essential information! Good to know. Am I right to believe this has to do with SSL_CTX_set_verify( ctx, SSL_VERIFY_PEER, verify_cert_foo ); /vs./ SSL_CTX_set_verify( ctx, SSL_VERIFY_NONE, verify_cert_foo ); ? In between I added /Zi to CFLAGS (as Mounir said, .\util\pl\VC-32.pl is the right place) and after this I rebuild the whole OpenSSL 1.0.0 suite again. This made me able to step into SSL_* and to figure out where I used wrong directory names. **One more question:** Is it still a good idea to use: ctx = SSL_CTX_new( SSLv23_method() ) combined with SSL_CTX_set_options( ctx, (SSL_OP_NO_SSLv2 | SSL_OP_ALL) ); to get SSLv3 + TLSv1 on, but SSLv2=off? This is often shown for OpenSSL 0.9.x in the books and I used it. Actually, I get: *openssl.exe s_client -debug -state -connect 192.168.0.192:21 * Loading 'screen' into random state -CONNECTED(0774) write to 0xa626a0 [0xa62700] (124 bytes = 124 (0x7C)) - 80 7a 01 03 01 00 51 00-00 00 20 00 00 39 00 00 .zQ... ..9.. 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5 0020 - 00 00 33 00 00 32 00 00-2f 00 00 07 05 00 80 03 ..3..2../... 0030 - 00 80 00 00 05 00 00 04-01 00 80 00 00 15 00 00 0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08 ..@. 0050 - 00 00 06 04 00 80 00 00-03 02 00 80 91 a5 45 62 ..Eb 0060 - 1d cb 55 d0 62 e2 95 b6-4f 41 fe 3c e4 c5 43 d1 ..U.b...OA...C. 0070 - 32 d6 04 aa 06 c1 35 00-22 75 3e 09 2.5.u. read from 0xa626a0 [0xa67c60] (7 bytes = 7 (0x7)) - 15 03 01 00 02 02 28 ..( done SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL3 alert read:fatal:handshake failure SSL_connect:error in SSLv2/v3 read server hello A 5044:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:.\ssl\s23_clnt.c:596: May I forgot to set accept/connect direction of SLL, before calling BIO_do_handshake(bio)? (pls. note: bio is a chain of buffer + ssl + accept_socket, where buffer + accept_socket already up and running fine). I did read somewhere some command to set ssl direction, but I don't remember it! SSL_state_server/accept() or such? And this is what makes me some more headache. But it's pretty late now and this noon I tried a very good red wine together with my wife, so I think I'll delay further investigations till tomorrow. May be the headache is from the wine? Anyway. If you think my above dump is easy to give next hint for me ... this would be very kindly, again! have a silent night, Modem Man
