Dear all, I'm fiddling since two days with BIO_do_handshake(), and always have no luck. I'm afraid, it's time to cry for help now.
*Short description:* After BIO_do_handshake() always returns -1, I always get the message: /error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher/ from my error printing loop, which is: while( (code=ERR_get_error_line_data( &file, &line, &data, &flags ) ) != 0 ) { ERR_error_string_n( code, errX, sizeof(errX) ); syslog( LOG_ERROR, "!> %s", errX ); }; *Detailed description:* The code until the BIO_do_handshake() doing as follows: 1) building a BIO chain, consisting of an accept_socket BIO and a buffer BIO. 2) accept / pop as usually 3) BIO_gets / BIO_puts, all working fine in non-SSL mode please note: it is a FTP Server, completely written in OpenSSL BIO_xxxx and working fine since 2 weeks - until I try to add SSL to my BIO chain when we arrive here, it is the 1st command from the sftp client: 4) if seen "AUTH TLS" or "AUTH SSL", I do answering: "234 AUTH command ok; starting SSL connection.\r\n", this sets the client into SSL mode, too. Next, I do inserting a SSL BIO by the following sequence: (stripped error-check here, but can say, all functions returning ok so far) SSL_CTX * ctx; SSL * ssl; BIO * sslBIO, *bSock; ctx = SSL_CTX_new( SSLv23_method() ); SSL_CTX_set_options( ctx, (SSL_OP_NO_SSLv2 | SSL_OP_ALL) ); SSL_CTX_set_mode( ctx, SSL_MODE_AUTO_RETRY ); SSL_CTX_set_cipher_list( ctx, "ALL:DEFAULT:LOW" ); /* also not working: "ALL:!ADH:!LOW:!EXP:!MD5" */ SSL_CTX_set_default_verify_paths( ctx ); // CAFILE is ..../debug/servercert.pem // CAPATH is ...../debug path itself, there is also serverkey.pem SSL_CTX_load_verify_locations( ctx, CAFILE, CAPATH ) ); SSL_CTX_set_verify( ctx, SSL_VERIFY_PEER, verify_cert_callback_foo ); SSL_CTX_set_verify_depth( ctx, VERIFY_DEPTH + 1 ); sslBIO = BIO_new_ssl( ctx, 0 /*server*/ ); BIO_get_ssl(sslBIO, &ssl); SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); bBuff = myContext->bio; /* this is the bio I'm already using: BUFFER+ACCEPT_SOCKET */ bSock = BIO_pop( bBuff ); /* get the raw socket-bio */ BIO_set_callback( sslBIO, BIO_debug_callback_foo ); /* reassemble the chain, now with SSL in the middle: */ myContext->bio = BIO_push( bBuff, BIO_push( sslBIO, bSock ) ); BIO_do_handshake( sslBIO ); !Bang! here I die .... Need to say: Windows XP pro SP3, Client is TotalCommander 7.02 with built in sftp via OpenSSL Any hint? Help? Suggestion? Any knowledge of Bug in Totalcommander? Any Idea of another cost-free sftp client, I can try? I would appreciate EVERYTHING that brings me a step further... with best regards, Modem Man ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org