Hi Matt & Vi I tried the SSLv23_method(), and precluded/excluded all SSLv2, SSLv3, TLSv1. I only enabled the TLSv1.2 by SSL_CTX_set_option(). You can see my previous code:
/*setup up by SSLv23_method*/ meth = SSLv23_method(); ctx = SSL_CTX_new(meth); ............ ............ /*Only allow TLSv1.2 protocol*/ SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1); While the above code didn't work. I couldn't reach the server. Though the SSL_connect() didn't crash, it returned as: 17:49:12.939 [5499]- SSL_connect res : -1 17:49:12.939 [5499]- Going to call SSL_connect(): 15 17:49:12.939 [5499]- SSL_connect res : -1 17:49:12.939 [5499]- Going to call SSL_connect(): 15 17:49:12.939 [5499]- SSL_connect res : -1 17:49:12.939 [5499]- Going to call SSL_connect(): 15 17:49:12.940 [5499]- SSL_connect res : -1 17:49:12.940 [5499]- Going to call SSL_connect(): 15 17:49:12.940 [5499]- SSL_connect res : -1 17:49:12.940 [5499]- Going to call SSL_connect(): 15 17:49:12.940 [5499]- SSL_connect res : -1 17:49:12.940 [5499]- Going to call SSL_connect(): 15 17:49:12.940 [5499]- SSL_connect res : -1 17:49:12.940 [5499]- Going to call SSL_connect(): 15 17:49:12.940 [5499]- SSL_connect res : -1 17:49:12.941 [5499]- Going to call SSL_connect(): 15 17:49:12.941 [5499]- SSL_connect res : -1 17:49:12.941 [5499]- Going to call SSL_connect(): 15 17:49:12.941 [5499]- SSL_connect res : -1 17:49:12.941 [5499]- Going to call SSL_connect(): 15 I will continue to investigate, and keep updating the ticket. I will adopt your idea to see if I can obtain more information during crash. Thanks, Tyler -----Original Message----- From: Matt Caswell via RT [mailto:[email protected]] Sent: September-29-15 4:25 AM To: Tiantian Liu Cc: [email protected] Subject: Re: [openssl-dev] [openssl.org #4060] AutoReply: a crash happened inside SSL_Connect function I agree with everything Viktor said. In particular that you should continue to use SSLv23_method. Some additional comments below: On 28/09/15 16:31, Tiantian Liu via RT wrote: > sslerror = SSL_get_error(ssl, res); > if (sslerror == SSL_ERROR_WANT_READ) { > isexp = is_expired(exptime); > if (isexp == 1) { > strcpy(error, "SSL connect error"); > return 0; > } > continue; > } > strcpy(error, "SSL connect error"); > return 0; You need to handle more that just SSL_ERROR_WANT_READ here. You should also handle SSL_ERROR_WANT_WRITE. You could get either returned from a call to SSL_connect. Please can you supply a backtrace from your crash? Also a packet capture between your application and the server would be useful. Matt _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
