Re: [twsocket] SSL Handshake failing
Agnus: << I always like to log the SSL version and DLL file name when an application starts, to avoid surprises. >> Arno: << One can never be sure. For instance, I have SpeedFan running from AutoStart on my old XP box which loads the OpenSSL DLLs found in System32 directory. My ICS app. with OpenSSL DLLs located in application's directory then loads the already loaded OpenSSL DLLs. >> We have already verified 1) the only DLLs on this server matching the filenames of the OpenSSL DLLs are the ones in our application's folder and 2) that the path of the DLL loaded by ICS was the same for both applications. Oddly enough, the application that has not been working for weeks has suddenly started working. None of the files in our application's folder have changed. We're now reviewing configuration settings in our software and the operating system to determine if anything else has changed. Thanks for your feedback. On Tue, Oct 1, 2013 at 11:13 AM, Arno Garrels wrote: > On Tuesday, October 01, 2013 4:00 PM [GMT+1=CET], > Jon Robertson wrote: > > > Yes, the applications are using the same version of the DLLs. Very > > odd that two separate applications on the same machine attempting to > > connect to the same URL, and one receives a response like "this URL > > doesn't support SSL". > > One can never be sure. For instance, I have SpeedFan running from > AutoStart on my old XP box which loads the OpenSSL DLLs found in > System32 directory. My ICS app. with OpenSSL DLLs located in > application's directory then loads the already loaded OpenSSL DLLs. > > http://msdn.microsoft.com/en-us/library/ms682586.aspx > "If a DLL with the same module name is already loaded in memory, the > system checks only for redirection and a manifest before resolving to the > loaded DLL, no matter which directory it is in. The system does not search > for the DLL." > > -- > Arno > > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be > -- Jon Robertson Embarcadero Certified Delphi Master Developer Good programming is 40% experience, 30% skill, 20% RTFM, 10% caffeine, and 5% attention to detail. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] SSL Handshake failing
On Tuesday, October 01, 2013 4:00 PM [GMT+1=CET], Jon Robertson wrote: > Yes, the applications are using the same version of the DLLs. Very > odd that two separate applications on the same machine attempting to > connect to the same URL, and one receives a response like "this URL > doesn't support SSL". One can never be sure. For instance, I have SpeedFan running from AutoStart on my old XP box which loads the OpenSSL DLLs found in System32 directory. My ICS app. with OpenSSL DLLs located in application's directory then loads the already loaded OpenSSL DLLs. http://msdn.microsoft.com/en-us/library/ms682586.aspx "If a DLL with the same module name is already loaded in memory, the system checks only for redirection and a manifest before resolving to the loaded DLL, no matter which directory it is in. The system does not search for the DLL." -- Arno -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] SSL Handshake failing
> Yes, the applications are using the same version of the DLLs.
Are the DLLs in the same directory as the application? If not, Windows will go
searching the environment path and may find old or corrupted SSL DLLs.
I always like to log the SSL version and DLL file name when an application
starts, to avoid surprises.
//Pre-loads OpenSSL DLL's
try
SslContext.InitContext;
Log.Lines.Add ('SSL Version: ' + OpenSslVersion +
', Dir: ' + GLIBEAY_DLL_FileName) ;
except
on E: Exception do Log.Lines.Add ('Failed to Initialise SSL - '
+ E.Message);
end;
Angus
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
Re: [twsocket] SSL Handshake failing
Yes, the applications are using the same version of the DLLs. Very odd that two separate applications on the same machine attempting to connect to the same URL, and one receives a response like "this URL doesn't support SSL". Any suggestions for additional testing? Obviously the server does support SSL, because it works perfectly with the other application. We've also seen that both applications work as expected when used from other machines. It is just this one application on this one machine that fails. Are there any socket related tweaks in Windows that are application specific? Thanks On Sat, Sep 28, 2013 at 7:29 AM, Arno Garrels wrote: > On Saturday, September 28, 2013 2:24 PM [GMT+1=CET], > Arno Garrels wrote: > > > On Friday, September 27, 2013 11:05 PM [GMT+1=CET], > > Jon Robertson wrote: > > > >> We have ICS SSL components in a DLL that we call from multiple > >> applications. From each application, we're connecting to the exact > >> same URL via HTTP Post. On one specific machine, one application > >> consistently works while the other specifically fails. > > > > The log you posted is typical for trying to establish a SSL > > connection to a server not supporting SSL and it does not send > > any data to the client but just closes the TCP/IP connection. > > Also, did you make sure that all your applications link the same > version of OpenSSL DLLs? > > -- > Arno > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be > -- Jon Robertson Embarcadero Certified Delphi Master Developer Good programming is 40% experience, 30% skill, 20% RTFM, 10% caffeine, and 5% attention to detail. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] SSL Handshake failing
On Saturday, September 28, 2013 2:24 PM [GMT+1=CET], Arno Garrels wrote: > On Friday, September 27, 2013 11:05 PM [GMT+1=CET], > Jon Robertson wrote: > >> We have ICS SSL components in a DLL that we call from multiple >> applications. From each application, we're connecting to the exact >> same URL via HTTP Post. On one specific machine, one application >> consistently works while the other specifically fails. > > The log you posted is typical for trying to establish a SSL > connection to a server not supporting SSL and it does not send > any data to the client but just closes the TCP/IP connection. Also, did you make sure that all your applications link the same version of OpenSSL DLLs? -- Arno -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] SSL Handshake failing
On Friday, September 27, 2013 11:05 PM [GMT+1=CET], Jon Robertson wrote: > We have ICS SSL components in a DLL that we call from multiple > applications. From each application, we're connecting to the exact > same URL via HTTP Post. On one specific machine, one application > consistently works while the other specifically fails. The log you posted is typical for trying to establish a SSL connection to a server not supporting SSL and it does not send any data to the client but just closes the TCP/IP connection. -- Arno -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] SSL Handshake failing
We have ICS SSL components in a DLL that we call from multiple applications. From each application, we're connecting to the exact same URL via HTTP Post. On one specific machine, one application consistently works while the other specifically fails. Below is the IcsLog when the connection fails. Any idea what could lead to the failure? Does the value 5364 have any relevance to the problem? Is there any information below that would be useful to ask the OpenSSL list? Thanks ICSLogger: 15:09:42:585 1C7699B0 InitSSLConnection 5364 ICSLogger: 15:09:42:585 1C7699B0 BIO_ctrl(sslbio, BIO_C_SET_SSL, BIO_NOCLOSE, 0x1B96C908) = 1 [3] ICSLogger: 15:09:42:601 ICB> SSL_CB_HANDSHAKE_START ICSLogger: 15:09:42:601 ICB> SSL_connect: before/connect initialization ICSLogger: 15:10:50:367 ICB> SSL_connect: SSLv2/v3 write client hello A ICSLogger: 15:10:50:367 ICB> SSL_connect: error in SSLv2/v3 read server hello A ICSLogger: 15:10:50:383 1C7699B0 BIO_read(sslbio, 0x1, 0) = -1 [4] ICSLogger: 15:10:50:383 1C7699B0 BIO_should_retry(sslbio) = 1 [5] ICSLogger: 15:10:50:383 1C7699B0 TriggerEvent sslFdRead 5364 ICSLogger: 15:10:50:383 1C7699B0 TriggerEvent sslFdWrite 5364 ICSLogger: 15:10:50:383 1C7699B0 TCustomSslWSocket.Do_FD_WRITE 5364 ICSLogger: 15:10:50:383 1C7699B0 BIO_ctrl_pending(nbio) = 88 [6] ICSLogger: 15:10:50:398 1C7699B0 BIO_read(nbio, 0x1CACAB74, 88) = 88 [7] ICSLogger: 15:10:50:398 1C7699B0 my_RealSend (0x14F4, 481078132, 88) = 88 [8] ICSLogger: 15:10:50:398 1C7699B0 BIO_ctrl_pending(nbio) = 0 [9] ICSLogger: 15:10:50:398 1C7699B0 TriggerEvents 5364 SslState: SSL_ST_INIT // MayFD_Read=-1 MayDoRecv=-1 MayFD_Write=-1 MaySslTryToSend=-1 bSslAllSent=0 bAllSent=-1 ICSLogger: 15:10:50:398 1C7699B0 BIO_ctrl_pending(nbio) = 0 [10] ICSLogger: 15:10:50:398 1C7699B0 BIO_ctrl_get_write_guarantee(nbio) = 4096 [11] ICSLogger: 15:10:50:414 1C7699B0 TCustomSslWSocket.Do_FD_CLOSE error #0 5364 ICSLogger: 15:10:50:414 1C7699B0 *CloseCalled 5364 ICSLogger: 15:10:50:414 1C7699B0 Socket data pending: 0 Err: 0 5364 ICSLogger: 15:10:50:414 1C7699B0 SslHandshakeDone(1) 5364. Secure connection with Unknown, cipher Unknown, 0 secret bits (0 total), session reused=False ICSLogger: 15:10:50:414 1C7699B0 TCustomWSocket.Shutdown 1 5364 ICSLogger: 15:10:50:414 1C7699B0 FCloseInvoked=0 5364 ICSLogger: 15:10:50:430 SessionClosed Error: 0 -- Jon Robertson Embarcadero Certified Delphi Master Developer Good programming is 40% experience, 30% skill, 20% RTFM, 10% caffeine, and 5% attention to detail. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
