Hello everyone,
I have a client that attempts to open a secured session with the server. After
calling SSL_connect(), on failure, the client would free the SSL object, and
read the response on normal tcp socket.
On the other hand, the server calls SSL_accept(), and on failure, would free
the SSL object, and return the error message to the client on normal tcp socket.
But what I see is, the client receives some 9 bytes of data after SSL_connect
fails.
This data seems to be SSL control data, as it reaches the client even before
the server actually sends out the error message. The 9 bytes are (16 03 00 00
04 0e 00 00 00).
The client is on Windows and the server is on Linux. The server is performing
SSL_accept on non-blocking socket. The SSL connection failure is due to server
certificate verification failure.
Here is the code snippet from the client code that is in trouble, and receives
these 9 bytes. the value returned in beresp is the first byte of these 9.
Am I missing something while handling SSL_connect failures?
===================================================
if ( SSL_connect(sock->ssl) != 1 ) {
printf("\t%s'", ERR_reason_error_string(ERR_get_error()));
SSL_free(sock->ssl);
ssl = NULL;
}
else
secured = 1;
}
beresp = get_char(sock);
===================================================
Please let me know if I can provide any more information that might be of help
to understand the scenario
Thanks,
~ Urjit
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the
property of Persistent Systems Ltd. It is intended only for the use of the
individual or entity to which it is addressed. If you are not the intended
recipient, you are not authorized to read, retain, copy, print, distribute or
use this message. If you have received this communication in error, please
notify the sender and delete all copies of this message. Persistent Systems
Ltd. does not accept any liability for virus infected mails.
