Dear all,
I'm fiddling since two days with BIO_do_handshake(), and always have no
luck.
I'm afraid, it's time to cry for help now.
*Short description:*
After BIO_do_handshake() always returns -1, I always get the message:
/error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher/
from my error printing loop, which is:
while( (code=ERR_get_error_line_data( &file, &line, &data, &flags ) ) !=
0 ) {
ERR_error_string_n( code, errX, sizeof(errX) );
syslog( LOG_ERROR, "!> %s", errX );
};
*Detailed description:*
The code until the BIO_do_handshake() doing as follows:
1) building a BIO chain, consisting of an accept_socket BIO and a buffer
BIO.
2) accept / pop as usually
3) BIO_gets / BIO_puts, all working fine in non-SSL mode
please note: it is a FTP Server, completely written in OpenSSL
BIO_xxxx and working fine since 2 weeks - until I try to add SSL to my
BIO chain
when we arrive here, it is the 1st command from the sftp client:
4) if seen "AUTH TLS" or "AUTH SSL", I do answering:
"234 AUTH command ok; starting SSL connection.\r\n",
this sets the client into SSL mode, too.
Next, I do inserting a SSL BIO by the following sequence:
(stripped error-check here, but can say, all functions returning ok
so far)
SSL_CTX * ctx;
SSL * ssl;
BIO * sslBIO, *bSock;
ctx = SSL_CTX_new( SSLv23_method() );
SSL_CTX_set_options( ctx, (SSL_OP_NO_SSLv2 | SSL_OP_ALL) );
SSL_CTX_set_mode( ctx, SSL_MODE_AUTO_RETRY );
SSL_CTX_set_cipher_list( ctx, "ALL:DEFAULT:LOW" ); /* also not
working: "ALL:!ADH:!LOW:!EXP:!MD5" */
SSL_CTX_set_default_verify_paths( ctx );
// CAFILE is ..../debug/servercert.pem
// CAPATH is ...../debug path itself, there is also serverkey.pem
SSL_CTX_load_verify_locations( ctx, CAFILE, CAPATH ) );
SSL_CTX_set_verify( ctx, SSL_VERIFY_PEER, verify_cert_callback_foo );
SSL_CTX_set_verify_depth( ctx, VERIFY_DEPTH + 1 );
sslBIO = BIO_new_ssl( ctx, 0 /*server*/ );
BIO_get_ssl(sslBIO, &ssl);
SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
bBuff = myContext->bio; /* this is the bio I'm already using:
BUFFER+ACCEPT_SOCKET */
bSock = BIO_pop( bBuff ); /* get the raw socket-bio */
BIO_set_callback( sslBIO, BIO_debug_callback_foo );
/* reassemble the chain, now with SSL in the middle: */
myContext->bio = BIO_push( bBuff, BIO_push( sslBIO, bSock ) );
BIO_do_handshake( sslBIO );
!Bang! here I die ....
Need to say: Windows XP pro SP3, Client is TotalCommander 7.02 with
built in sftp via OpenSSL
Any hint? Help? Suggestion?
Any knowledge of Bug in Totalcommander?
Any Idea of another cost-free sftp client, I can try?
I would appreciate EVERYTHING that brings me a step further...
with best regards,
Modem Man
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
