Hi, I'm trying to understand why this following code is failing the second or third time... Is it a good way ( meaning first accept() without ssl, then do those association, then SSL_Accept() ) ----
<<< tls_socket is just a plain listner socket sock = accept (tls_socket, (struct sockaddr *) &sa, &slen); if (sock < 0) { TRACE (trace (__FILE__, __LINE__, ERROR, NULL, "Error accepting TLS socket\n")); } else { TRACE (trace (__FILE__, __LINE__, INFO1, NULL, "Accepted socket from accept() is = %i\n", sock) ); if (ssl_ctx == NULL) { TRACE (trace (__FILE__, __LINE__, INFO1, NULL, "TLS connection rejected.\n")); close(sock); return -1; } if (!SSL_CTX_check_private_key (ssl_ctx)) { TRACE (trace (__FILE__, __LINE__, ERROR, NULL, "SSL CTX private key check error\n")); } ssl = SSL_new (ssl_ctx); if (ssl==NULL) { TRACE (trace (__FILE__, __LINE__, ERROR, NULL, "***Cannot create ssl connection context\n")); return -1; } if (!SSL_check_private_key (ssl)) { TRACE (trace (__FILE__, __LINE__, ERROR, NULL, "***SSL private key check error\n")); } //ps BIO_s_socket() and BIO_new_socket() returns the socket BIO method. //ps This is a wrapper round the platform's socket routines. sbio = BIO_new_socket (sock, BIO_NOCLOSE); if (sbio == NULL) { TRACE (trace (__FILE__, __LINE__, ERROR, NULL, "***BIO_new_socket error\n")); } SSL_set_bio (ssl, sbio, sbio); /* cannot fail */ i = SSL_accept (ssl); /** <<<<< here is the error ***>>> if (i<=0) { TRACE (trace (__FILE__, __LINE__, ERROR, NULL, "***SSL_accept() call failed\n")); i = SSL_get_error (ssl, i); print_ssl_error (i); SSL_shutdown (ssl); close (sock); SSL_free (ssl);