On Sat, Apr 24, 2010, Modem Man wrote:
> Dear all,
>
> I'm fiddling since two days with BIO_do_handshake(), and always have no
> luck.
> I'm afraid, it's time to cry for help now.
>
> *Short description:*
> After BIO_do_handshake() always returns -1, I always get the message:
> /error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher/
>
> from my error printing loop, which is:
> while( (code=ERR_get_error_line_data( &file, &line, &data, &flags ) ) !=
> 0 ) {
> ERR_error_string_n( code, errX, sizeof(errX) );
> syslog( LOG_ERROR, "!> %s", errX );
> };
>
>
> *Detailed description:*
> The code until the BIO_do_handshake() doing as follows:
>
> 1) building a BIO chain, consisting of an accept_socket BIO and a buffer
> BIO.
> 2) accept / pop as usually
> 3) BIO_gets / BIO_puts, all working fine in non-SSL mode
> please note: it is a FTP Server, completely written in OpenSSL
> BIO_xxxx and working fine since 2 weeks - until I try to add SSL to my
> BIO chain
> when we arrive here, it is the 1st command from the sftp client:
>
> 4) if seen "AUTH TLS" or "AUTH SSL", I do answering:
> "234 AUTH command ok; starting SSL connection.\r\n",
> this sets the client into SSL mode, too.
> Next, I do inserting a SSL BIO by the following sequence:
> (stripped error-check here, but can say, all functions returning ok
> so far)
>
> SSL_CTX * ctx;
> SSL * ssl;
> BIO * sslBIO, *bSock;
>
> ctx = SSL_CTX_new( SSLv23_method() );
> SSL_CTX_set_options( ctx, (SSL_OP_NO_SSLv2 | SSL_OP_ALL) );
> SSL_CTX_set_mode( ctx, SSL_MODE_AUTO_RETRY );
> SSL_CTX_set_cipher_list( ctx, "ALL:DEFAULT:LOW" ); /* also not
> working: "ALL:!ADH:!LOW:!EXP:!MD5" */
> SSL_CTX_set_default_verify_paths( ctx );
> // CAFILE is ..../debug/servercert.pem
> // CAPATH is ...../debug path itself, there is also serverkey.pem
> SSL_CTX_load_verify_locations( ctx, CAFILE, CAPATH ) );
> SSL_CTX_set_verify( ctx, SSL_VERIFY_PEER, verify_cert_callback_foo );
> SSL_CTX_set_verify_depth( ctx, VERIFY_DEPTH + 1 );
>
> sslBIO = BIO_new_ssl( ctx, 0 /*server*/ );
> BIO_get_ssl(sslBIO, &ssl);
> SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
>
> bBuff = myContext->bio; /* this is the bio I'm already using:
> BUFFER+ACCEPT_SOCKET */
> bSock = BIO_pop( bBuff ); /* get the raw socket-bio */
> BIO_set_callback( sslBIO, BIO_debug_callback_foo );
> /* reassemble the chain, now with SSL in the middle: */
> myContext->bio = BIO_push( bBuff, BIO_push( sslBIO, bSock ) );
> BIO_do_handshake( sslBIO );
> !Bang! here I die ....
>
> Need to say: Windows XP pro SP3, Client is TotalCommander 7.02 with
> built in sftp via OpenSSL
>
> Any hint? Help? Suggestion?
> Any knowledge of Bug in Totalcommander?
> Any Idea of another cost-free sftp client, I can try?
>
> I would appreciate EVERYTHING that brings me a step further...
>
Have you included OpenSSL_add_all_algorithms() and/or SSL_library_init()?
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]