Lutz, Thanks for that. OK I'll just have to set to work with printf's ( and returns, as currently it crashes so badly I don't get the printf's). This could take a while, but probably quicker than setting up an on-target debuggerer. It's probably something deeply occult.
thanks again Steve -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Lutz Jaenicke Sent: 26 June 2003 13:26 To: [EMAIL PROTECTED] Subject: Re: Problem with X509_set_verify() On Thu, Jun 26, 2003 at 01:07:22PM +0100, steve thornton wrote: > I'm using OSSL 0.9.7b ported for an ARM based platform (I'm currently doing > the port myself, and it is operational), which uses non-blocking sockets > (custom version). I am using OpenSSL 0.9.7b on an ARM based platform myself (Xscale based Intel IXP425, Linux, if that matters). > If I run the code below, but with return ok; rather than return 1; everthing > works just dandy. But if I try to override the verification by returning 1, > then the handshake stops there, and the embedded system actally crashes > irrevocably. I've noticed a few other wierdnesses like this due to the > platform which I have been able to fix , but I need to know whether this > happens on an "ordinary" build or not. Testing this myself on vanilla > OpenSSL is a real pain the way things are set up here. It does not crash on plain OpenSSL. Postfix/TLS uses a non-blocking setup like a lot of other applications do and neither I have seen problems like these nor do I remember any similar report. Overriding the verification result is exactly the purpose, that the verify_callback() has been designed for. I don't know enough about your platform, but no platform should ever crash due to an application, no matter how buggy the application might be. Therefore I also don't know what to propose in your special case. Normally if an application is crashing, I can at least get a backtrace. Even a crashing Linux-kernel will leave a Panic to be traced. But even if it would not... printf() is the ultimate debugging aid :-) Best regards, Lutz PS. Just to prevent misunderstandings: Postfix/TLS and the IXP425 work are in no way technical related. -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
