Thanks Gayatri. This is what i am doing, but i dont have any buffer to send initially, my data transfer start from server side. What i was doing is, calling SSL_connect after initialization and then in the socket read and write code, i was doing encrypt and decrypt accordingly, but the very first moment i send data to s_server, it gives error, "unknown protocol" Thanks.
// Harshvir On Wed, May 25, 2011 at 10:02 AM, Gayathri Sundar <suraj...@gmail.com>wrote: > So finally u have agreed to my initial suggestion of state machines :) > > The basic steps in terms of am algorithm are as follows > > A. Create the ssl ctx and ssl. Obj > B. Create a pair of memory bios and attach them to the ssl obj, one is > for read and the other is for write. > C. Create the tcp fds and complete the tcp handshake > D. Once tcp connect is done, u have an fd on which u receive and send data > E. Initialize ur state machine for ssl connect pending > F. Take the buffer to be sent, copy it to the memory write bio, > encrypt it using ssl connect, then do a tcp send > G. While still connect pending, do tcp read, copy to read bio, call > ssl connect to decrypt. > > Thanks > --Gayathri > > On Wednesday, May 25, 2011, Harshvir Sidhu <hvssi...@gmail.com> wrote: > > Hi, > > I am trying to implement State Machine based on the demo application, > that is a server code. > > Like i am writting the client side. > > So when i try to do handshake, by calling SSL_connect, which i have > used memory bios, after that i check for data available, and then i read > data and send to server, on server side i am getting error. > > > > 180:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown > protocol:.\ssl\s23_srvr.c:584: shutting down SSL > > > > My question is which is a good place to do handshake in case we use > state machine, i am doing just after initializing ctx and ssl, and then i > send data 1 time and in performing rest of operations in my receive > callback, but s_server give me error on first packet only. > > > > > > Thanks. > > > > // Harshvir > > > > 2011/5/25 Michael Ströder <mich...@stroeder.com> > > > > Eric S. Eberhard wrote: > > or ... keep it simple and at least consider using stunnel. > > > > I use stunnel myself in some situations. It's a great tool. > > > > But bear in mind that the application then has no access to > authentication information of the SSL layer. > > > > Ciao, Michael. > > > > > > > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org < > http://www.openssl.org/> > > User Support Mailing List openssl-users@openssl.org > > Automated List Manager majord...@openssl.org > > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
