> Thanx for replying. By live testing I mean, actual client connections
> that a server is supposed to accept. The client I developed is a very
> basic one and I have only tested it from localhost. I dont know if it
> will work from outside or not.
So you have no idea whether the client you are doing live testing with
actually works? Or does it work with other applications?
I'm trying to figure out what type of problem you are having. Is it that
the server works with a trivial test program and doesn't work with a more
complex client?
> Additionally, I have already deployed latest OpenSSL version and it
> does not work either with new libraries and make etc. I tried the
> binary test client in the OpenSSL installation to connect to my server
> (ofcourse from localhost). It worked too. The real world clients that
> are to work with my server are already in working condition and work
> with servers elsewhere. Now I am trying binary test server in OpenSSL
> installation to see if it performs handshake properly.
Okay, so the problem is that your server is not compatible with the
client.
Are you sure the client and server are speaking the same protocol? Can you
build a trivial test *server* and test it with the live *client*?
> Other thing that I forgot to mention in the previous mail. My server
> is multi-threaded. I have provided both callback functions and locks
> as per requirement. I followed the example code from "crypto/thread/"
> directory in OpenSSL installation.
Make sure you never call two OpenSSL functions for the same connection
at
the same time. OpenSSL requires you to ensure this.
Your problem is most likely one of these four types:
1) Bug in the client that your server just happens to trigger. Perhaps
this
can be fixed by changing your server either from one correct form to another
equally correct form that works, or even by 'breaking' it to match
corresponding breakage in the client.
2) Bug in your server that the live client just happens to trigger. For
example, the live client may do something quicker or more complex that your
trivial client doesn't do. In this case, you may need to make your test
client more complex or do more debugging in the live case.
3) No bug in either client or server, but the protocols are not what you
think they are. For example, perhaps the live client (and working servers)
do some negotiation before they start the SSL handshake. Your server sees
this non-SSL stuff and thinks it is the SSL handshake and therefore breaks
on it.
4) SSL incompatabilities or security problems. Perhaps the live client
only
supports certain encryption algorithms or key lengths, or it requires a
specific type of certificate that your server is not providing.
Your server never works with the live client no matter what, right? I
would
suggest making a trivial test server (or use the ones that come with
OpenSSL) to make sure that the client is really attempting to make an SSL
connection the way that you think it is.
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
