OK, I haven't found the problem. It does appear to be an OpenSSL bug. I use
SSL_CTX_set_verify ( ctx, SSL_VERIFY_PEER, verifyCallbackProc ); and int verifyCallbackProc ( int ok, X509_STORE_CTX *store ) { return 1; } this causes the verification code to hang in the middle of the handshake. Can anybody confirm that this happens with standard OpenSSL builds? Steve -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of steve thornton Sent: 26 June 2003 11:07 To: [EMAIL PROTECTED] Subject: RE: Problem with X509_set_verify() I think I've found the problem (in my code) but will take a while to make sure. As far as "horrible crash" goes - it freezes in mid handshake (as the verify callback explodes), and causes the real-time embedded kernel to lock up all its signal queues, causing the whole (very complex) system to gradually nosedive into deadlock. The display device goes crazy foe while as it twitches in its death throes. After a while I get an auto reset. This of course has nothing to do with OpenSSL. cheers Steve -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Lutz Jaenicke Sent: 26 June 2003 10:28 To: [EMAIL PROTECTED] Subject: Re: Problem with X509_set_verify() On Thu, Jun 26, 2003 at 10:07:08AM +0100, steve thornton wrote: > Actually, I take that back, it does get called whether the chain passes or > fails. However, it still crashes horribly when ok is altered. Any clues? Hmm. I don't use the function directly but indirectly via the SSL layer. See the Postfix/TLS pachtkit (file pfixtls.c after applying the patch, available from my homepage) on how I use it. Anyway, I am currently trying to imagine a "horrible crash". I assume it is similar to the Enterprise being hit by a photone torpedo: sparks are coming out of the consoles, computers explode and smoke fills the bridge... Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]