multiple SSL BIO chain error (regression from 0.9.6?)

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

multiple SSL BIO chain error (regression from 0.9.6?)

Francesc Romà i Frigolé

I'd really appreciate help in porting code that works fine with 0.9.6b
but fails in newer versions. I'd like to know if something has changed
in the way BIOs should be used or is the newer openssl code that is


I want to create a BIO chain consisting of a socket BIO plus an SSL
BIO plus another SSL BIO. It works fine with ancient version of
openssl 0.9.6b but fails with 0.9.7x (including 0.9.7g).  Haven't
tryed with 0.9.8 beta yet.

The error I get is: "error:1409F080:SSL routines:SSL3_WRITE_PENDING:bio not set"


I create a socket BIO and then add two SSL BIOs like this:
      bio_socket = BIO_new_connect( "localhost:1313" );
      BIO* bio_ssl        = bio_ssl_push(bio_socket);
      BIO* bio_ssl_ssl = bio_ssl_push(bio_ssl);

where I have defined bio_ssl_push as a wrapper for BIO_push that adds
SSL to the chain:

BIO* bio_ssl_push( BIO* append)
  SSL_CTX* ctx = SSL_CTX_new( SSLv23_client_method() );
  SSL*     ssl = SSL_new(ctx);
  SSL_set_mode( ssl, SSL_MODE_AUTO_RETRY );

  BIO* bio     = BIO_new( BIO_f_ssl() );
  BIO_set_ssl( bio, ssl, BIO_NOCLOSE );

  BIO_push( bio, append );

  int err = SSL_connect(ssl);
  printf("SSL_connect: %d\n", err);

  return bio;

which seems to work fine as both SSL_connect return '1' (success), but
gives error when reading or writing like this:

   #define MESSAGE "eureka!\n"
   BIO_write( bio_ssl_ssl, MESSAGE, strlen(MESSAGE) )

the error being: "error:1409F080:SSL routines:SSL3_WRITE_PENDING:bio not set"

Testing environment:
    I use redirected to "./openssl s_server -accept 4444"
    operating system: red hat Linux  2.4.9-e.35.2RS  (but the same
happens in windows XP)

When it works I get the text "Eureka!" at the openssl server, and this
is the program´s output:
    OpenSSL version: OpenSSL 0.9.6b [engine] 9 Jul 2001
    SSL_connect: 1
    SSL_connect: 1

When it doesn´t work the output of the test program is:
    OpenSSL version: OpenSSL 0.9.7g 11 Apr 2005
    SSL_connect: 1
    SSL_connect: 1
    error:1409F080:SSL routines:SSL3_WRITE_PENDING:bio not set

and the openssl server screen shows:
    shutting down SSL
thanks in advance,

OpenSSL Project                       
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]