Upgrading to 1.1.1

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Upgrading to 1.1.1

Angus Robertson - Magenta Systems Ltd
I'm updating our Delphi SSL code to support 1.1.1 in addition to 1.0.2
and 1.1.0, common code with a few version checks. This is using Windows
10.  

With 1.1.1, SSL connections fail to initialise, failing with the first
BIO_read after setting up the context and BIOs. There is no real error
(I can see), read just fails and BIO_should_retry says no with a zero
reason.  

We are using SSL filter I/O with a BIO pair, we handle all I/O using
non-blocking Windows APIs.  

There was no particular issue updating to 1.1.0, apart from new context
stuff, but 1.1.1 seems to have changed something to make our code fail.
I can not see anything in the TLS/1.3 notes that relates to simple SSL
initialisation.  

The main APIs called are, in order:

SSL_new(myContext)
BIO_new(BIO_f_ssl)
BIO_new_bio_pair
SSL_set_ex_data
SSL_set_session
SSL_set_tlsext_host_name
SSL_set_connect_state
SSL_set_bio
SSL_set_info_callback
SSL_set_msg_callback
BIO_set_ssl
BIO_read - 0 bytes

which is where it dies, after a SSL_CB_HANDSHAKE_START info message and
a 512 byte write client hello.

The openssl.exe built with 1.1.1 seems to work OK making a client
connection, but uses different BIO I/O.

Is some new initialisation required for 1.1.1?  

Angus

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Upgrading to 1.1.1

Richard Levitte - VMS Whacker-2
In message <[hidden email]> on Thu, 16 Nov 2017 17:59 +0000 (GMT Standard Time), "Angus Robertson - Magenta Systems Ltd" <[hidden email]> said:

angus> I'm updating our Delphi SSL code to support 1.1.1 in addition to 1.0.2
angus> and 1.1.0, common code with a few version checks. This is using Windows
angus> 10.  
angus>
angus> With 1.1.1, SSL connections fail to initialise, failing with the first
angus> BIO_read after setting up the context and BIOs. There is no real error
angus> (I can see), read just fails and BIO_should_retry says no with a zero
angus> reason.  
angus>
angus> We are using SSL filter I/O with a BIO pair, we handle all I/O using
angus> non-blocking Windows APIs.  
angus>
angus> There was no particular issue updating to 1.1.0, apart from new context
angus> stuff, but 1.1.1 seems to have changed something to make our code fail.
angus> I can not see anything in the TLS/1.3 notes that relates to simple SSL
angus> initialisation.  
angus>
angus> The main APIs called are, in order:
angus>
angus> SSL_new(myContext)
angus> BIO_new(BIO_f_ssl)
angus> BIO_new_bio_pair
angus> SSL_set_ex_data
angus> SSL_set_session
angus> SSL_set_tlsext_host_name
angus> SSL_set_connect_state
angus> SSL_set_bio
angus> SSL_set_info_callback
angus> SSL_set_msg_callback
angus> BIO_set_ssl
angus> BIO_read - 0 bytes
angus>
angus> which is where it dies, after a SSL_CB_HANDSHAKE_START info message and
angus> a 512 byte write client hello.
angus>
angus> The openssl.exe built with 1.1.1 seems to work OK making a client
angus> connection, but uses different BIO I/O.
angus>
angus> Is some new initialisation required for 1.1.1?  

Doesn't one of the test programs in test/ do something similar?
Another option is if you could craft a simple program that
demonstrates the issue, that would certainly help.

Lastly, unless you get a quick answer here, this might be worth making
a github issue here: https://github.com/openssl/openssl/issues

Cheers,
Richard

--
Richard Levitte         [hidden email]
OpenSSL Project         http://www.openssl.org/~levitte/
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users