Hello, Svemu - Reparto Sviluppo wrote: >>> 09.42.57.040 00A6D550 212  error:14077447:SSL >>> routines:SSL23_GET_SERVER_HELLO:reason(1095) >> >> Error number 1095 seems to mean const SSL_R_KRB5_C_GET_CRED >> which has been changed from 1095 to 287 in OpenSSL 0.9.8a >> to 0.9.8b. Dunno the meaning of this error, may have to do >> with Kerberos. > > LibEay32.dll is 0.9.8e and is the same on ftp server.
It might be that the application loaded some incompatible OpenSSL libraries unless the full path and filenames are specified. Quote from thread "New DLL hijacking vulnerability KB 2269637": "The DLL names are globally writable typed constants, set their values before the OpenSSL libraries are loaded. OSSL is dynamically loaded at runtime, that is when the first OpenSSL function is called. In order to enforce a load call TSslContext.InitContext or set TSslDynamicLock/TSslStaticLock.Enabled to TRUE. I prefer this anyway since the load errors don't raise somewhere but where I can handle them easily: try GSSLEAY_DLL_Name := <full path and filename>; GLIBEAY_DLL_Name := <full path and filename>; MySslContext.InitContext; // loads the libraries and initializes the SslContext except // Something went wrong, log and handle it. end;" > From my pc work fine with same dll. I just tested from here with the demo OverbyteIcsSslFtpTst.exe and that works for me as well. > > Can you give me an idea for investigate? As I understand, your customer uses your application rather than OverbyteIcsSslFtpTst.exe. If so, I would compare all SSL settings of your application with the demo settings. Or you could ask for a reason of error "error:14077447:SSL routines:SSL23_GET_SERVER_HELLO:reason(1095)" in the OpenSSL mailing list. -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be