Date: Mon, 31 Oct 2005 00:04:28 EST-10EDT,10,-1,0,7200,3,-1,0,7200,3600 Subject: [UnixOS2_Archive] No. 642 ************************************************** Sunday 30 October 2005 Number 642 ************************************************** Subjects for today 1 Re: Binding to socket (fixed) SSL problem : Dave Bamford **= Email 1 ==========================** Date: Sat, 29 Oct 2005 22:22:26 +0100 From: Dave Bamford Subject: Re: Binding to socket (fixed) SSL problem Yuri Dario wrote: >Hi Dave, > > > > > >>gcc I am using to build this app 3.3.5. What version of openSSL >>would be best to try to get. >> >> > >get http://os2power.dnsalias.com/openssl-0.9.8.zip > >this is the full source tree with static libraries and binaries build with 3.3.5 > > > > Thanks Yuri I used your compiled openssl but I still get the same problem. A call to connect to the socket returns SSL error 5. I copied all your includes to my path, the crypto.a and ssl.a to my library path and the dlls to a path in my dll. here is the code and you can see near the bottom the printf statement I added to display the error, this returns 5 I don't know why. Can anyone shed some light on this please. Dave Bamford // -------------------------------------------------------------------------- // // File // Name: SocketStreamTLS.cpp // Purpose: Socket stream encrpyted and authenticated by TLS // Created: 2003/08/06 // // -------------------------------------------------------------------------- #include "Box.h" #define TLS_CLASS_IMPLEMENTATION_CPP #include #include #include #include #include #include "SocketStreamTLS.h" #include "SSLLib.h" #include "ServerException.h" #include "TLSContext.h" #include "MemLeakFindOn.h" // Allow 5 minutes to handshake (in milliseconds) #define TLS_HANDSHAKE_TIMEOUT (5*60*1000) // -------------------------------------------------------------------------- // // Function // Name: SocketStreamTLS::SocketStreamTLS() // Purpose: Constructor // Created: 2003/08/06 // // -------------------------------------------------------------------------- SocketStreamTLS::SocketStreamTLS() : mpSSL(0), mpBIO(0) { } // -------------------------------------------------------------------------- // // Function // Name: SocketStreamTLS::SocketStreamTLS(int) // Purpose: Constructor, taking previously connected socket // Created: 2003/08/06 // // -------------------------------------------------------------------------- SocketStreamTLS::SocketStreamTLS(int socket) : SocketStream(socket), mpSSL(0), mpBIO(0) { } // -------------------------------------------------------------------------- // // Function // Name: SocketStreamTLS::~SocketStreamTLS() // Purpose: Destructor // Created: 2003/08/06 // // -------------------------------------------------------------------------- SocketStreamTLS::~SocketStreamTLS() { if(mpSSL) { // Attempt to close to avoid problems Close(); // And if that didn't work... if(mpSSL) { ::SSL_free(mpSSL); mpSSL = 0; mpBIO = 0; // implicity freed by the SSL_free call } } // If we only got to creating that BIO. if(mpBIO) { ::BIO_free(mpBIO); mpBIO = 0; } } // -------------------------------------------------------------------------- // // Function // Name: SocketStreamTLS::Open(const TLSContext &, int, const char *, int) // Purpose: Open connection, and perform TLS handshake // Created: 2003/08/06 // // -------------------------------------------------------------------------- void SocketStreamTLS::Open(const TLSContext &rContext, int Type, const char *Name, int Port) { SocketStream::Open(Type, Name, Port); Handshake(rContext); } // -------------------------------------------------------------------------- // // Function // Name: SocketStreamTLS::Handshake(const TLSContext &, bool) // Purpose: Perform TLS handshake // Created: 2003/08/06 // // -------------------------------------------------------------------------- void SocketStreamTLS::Handshake(const TLSContext &rContext, bool IsServer) { if(mpBIO || mpSSL) {THROW_EXCEPTION(ServerException, TLSAlreadyHandshaked)} // Create a BIO for this socket mpBIO = ::BIO_new(::BIO_s_socket()); if(mpBIO == 0) { SSLLib::LogError("Create socket bio"); THROW_EXCEPTION(ServerException, TLSAllocationFailed) } int socket = GetSocketHandle(); BIO_set_fd(mpBIO, socket, BIO_NOCLOSE); // Then the SSL object mpSSL = ::SSL_new(rContext.GetRawContext()); if(mpSSL == 0) { SSLLib::LogError("Create ssl"); THROW_EXCEPTION(ServerException, TLSAllocationFailed) } // Make the socket non-blocking so timeouts on Read work int nonblocking = true; if(::ioctl(socket, FIONBIO, &nonblocking) == -1) { THROW_EXCEPTION(ServerException, SocketSetNonBlockingFailed) } // Set the two to know about each other ::SSL_set_bio(mpSSL, mpBIO, mpBIO); bool waitingForHandshake = true; while(waitingForHandshake) { // Attempt to do the handshake int r = 0; if(IsServer) { r = ::SSL_accept(mpSSL); } else { r = ::SSL_connect(mpSSL); } // check return code int se; switch((se = ::SSL_get_error(mpSSL, r))) { case SSL_ERROR_NONE: // No error, handshake succeeded waitingForHandshake = false; break; case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_WRITE: // wait for the requried data if(WaitWhenRetryRequired(se, TLS_HANDSHAKE_TIMEOUT) == false) { // timed out THROW_EXCEPTION(ConnectionException, Conn_TLSHandshakeTimedOut) } break; default: // (and SSL_ERROR_ZERO_RETURN) // Error occured if(IsServer) { SSLLib::LogError("Accept"); THROW_EXCEPTION(ConnectionException, Conn_TLSHandshakeFailed) } else { printf("ssl error = %d\n",se); SSLLib::LogError("Connect"); THROW_EXCEPTION(ConnectionException, Conn_TLSHandshakeFailed) } } } // And that's it }