Hello,
I'd really appreciate help in porting code that works fine with 0.9.6b
but fails in newer versions. I'd like to know if something has changed
in the way BIOs should be used or is the newer openssl code that is
broken.
SYNOPSIS
I want to create a BIO chain consisting of a socket BIO plus an SSL
BIO plus another SSL BIO. It works fine with ancient version of
openssl 0.9.6b but fails with 0.9.7x (including 0.9.7g). Haven't
tryed with 0.9.8 beta yet.
The error I get is: "error:1409F080:SSL routines:SSL3_WRITE_PENDING:bio not set"
DESCRIPTION
I create a socket BIO and then add two SSL BIOs like this:
bio_socket = BIO_new_connect( "localhost:1313" );
BIO_do_connect(bio_socket);
BIO* bio_ssl = bio_ssl_push(bio_socket);
BIO* bio_ssl_ssl = bio_ssl_push(bio_ssl);
where I have defined bio_ssl_push as a wrapper for BIO_push that adds
SSL to the chain:
BIO* bio_ssl_push( BIO* append)
{
SSL_CTX* ctx = SSL_CTX_new( SSLv23_client_method() );
SSL* ssl = SSL_new(ctx);
SSL_set_mode( ssl, SSL_MODE_AUTO_RETRY );
BIO* bio = BIO_new( BIO_f_ssl() );
BIO_set_ssl( bio, ssl, BIO_NOCLOSE );
BIO_push( bio, append );
int err = SSL_connect(ssl);
printf("SSL_connect: %d\n", err);
return bio;
}
which seems to work fine as both SSL_connect return '1' (success), but
gives error when reading or writing like this:
#define MESSAGE "eureka!\n"
BIO_write( bio_ssl_ssl, MESSAGE, strlen(MESSAGE) )
the error being: "error:1409F080:SSL routines:SSL3_WRITE_PENDING:bio not set"
Testing environment:
I use stunnel.org redirected to "./openssl s_server -accept 4444"
operating system: red hat Linux 2.4.9-e.35.2RS (but the same
happens in windows XP)
When it works I get the text "Eureka!" at the openssl server, and this
is the program´s output:
OpenSSL version: OpenSSL 0.9.6b [engine] 9 Jul 2001
SSL_connect: 1
SSL_connect: 1
When it doesn´t work the output of the test program is:
OpenSSL version: OpenSSL 0.9.7g 11 Apr 2005
SSL_connect: 1
SSL_connect: 1
error:1409F080:SSL routines:SSL3_WRITE_PENDING:bio not set
and the openssl server screen shows:
CIPHER is DHE-RSA-AES256-SHA
ERROR
shutting down SSL
CONNECTION CLOSED
thanks in advance,
Francesc
______________________________________________________________________
OpenSSL Project
http://www.openssl.orgUser Support Mailing List
[hidden email]
Automated List Manager
[hidden email]