multiple SSL BIO chain error (regression from 0.9.6?)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

multiple SSL BIO chain error (regression from 0.9.6?)

Francesc Romà i Frigolé
Hello,

I'd really appreciate help in porting code that works fine with 0.9.6b
but fails in newer versions. I'd like to know if something has changed
in the way BIOs should be used or is the newer openssl code that is
broken.

SYNOPSIS

I want to create a BIO chain consisting of a socket BIO plus an SSL
BIO plus another SSL BIO. It works fine with ancient version of
openssl 0.9.6b but fails with 0.9.7x (including 0.9.7g).  Haven't
tryed with 0.9.8 beta yet.

The error I get is: "error:1409F080:SSL routines:SSL3_WRITE_PENDING:bio not set"

DESCRIPTION

I create a socket BIO and then add two SSL BIOs like this:
      bio_socket = BIO_new_connect( "localhost:1313" );
      BIO_do_connect(bio_socket);
      BIO* bio_ssl        = bio_ssl_push(bio_socket);
      BIO* bio_ssl_ssl = bio_ssl_push(bio_ssl);

where I have defined bio_ssl_push as a wrapper for BIO_push that adds
SSL to the chain:

BIO* bio_ssl_push( BIO* append)
{
  SSL_CTX* ctx = SSL_CTX_new( SSLv23_client_method() );
  SSL*     ssl = SSL_new(ctx);
  SSL_set_mode( ssl, SSL_MODE_AUTO_RETRY );

  BIO* bio     = BIO_new( BIO_f_ssl() );
  BIO_set_ssl( bio, ssl, BIO_NOCLOSE );

  BIO_push( bio, append );

  int err = SSL_connect(ssl);
  printf("SSL_connect: %d\n", err);

  return bio;
}

which seems to work fine as both SSL_connect return '1' (success), but
gives error when reading or writing like this:

   #define MESSAGE "eureka!\n"
   BIO_write( bio_ssl_ssl, MESSAGE, strlen(MESSAGE) )

the error being: "error:1409F080:SSL routines:SSL3_WRITE_PENDING:bio not set"

Testing environment:
    I use stunnel.org redirected to "./openssl s_server -accept 4444"
    operating system: red hat Linux  2.4.9-e.35.2RS  (but the same
happens in windows XP)

When it works I get the text "Eureka!" at the openssl server, and this
is the program´s output:
    OpenSSL version: OpenSSL 0.9.6b [engine] 9 Jul 2001
    SSL_connect: 1
    SSL_connect: 1

When it doesn´t work the output of the test program is:
    OpenSSL version: OpenSSL 0.9.7g 11 Apr 2005
    SSL_connect: 1
    SSL_connect: 1
    error:1409F080:SSL routines:SSL3_WRITE_PENDING:bio not set

and the openssl server screen shows:
    CIPHER is DHE-RSA-AES256-SHA
    ERROR
    shutting down SSL
    CONNECTION CLOSED
   
thanks in advance,

Francesc
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]