Re: BIO_read is continuously returning -1
When I tried to print the values returned by BIO_read it shows -1, 8, 12, 30, 24, 79, 407, 47, 10, 2, 61, 2, 3, 2, 80, 2, 2, -1, -1, -1. , -1 I tried to catch the error using perror which shows the error message Error 0 till the return value 2, after that Resource temporarily unavailable for all -1 returned values. If you want to see code then let me know. On 12/28/05, Pankaj [EMAIL PROTECTED] wrote: I am quite new for the OpenSSL programming. I am using Perl client program and C client program for connecting to the same server. Perl script works fine with the get_https request. But in C, I am getting -1 return value from the server while reading. C program implimentation is same as of sslcat method of SSLeay.pm module. I tried to differentiate between the reply header and found that there is only single difference between them as : Perl client script: CONNECTION: close C Script: HTTP/1.1 302 Found Proxy-Connection: Keep-Alive Connection: Keep-Alive i.e. 2 extra lines with difference in Connection header. Rest of the returned header content is same for both. I am not understanding that if server is getting connected for the Perl script (which uses Net::SSLeay::get_https() method), then what is the problem with the C code? While debugging I found that it getting connected, accepts request and replys back with the series of chunks (in BIO_read), but it seems that it is not ending (no 0 return). contineously it is giving -1. I am using openssl-0.9.7g version. If you require code then I will provide in next email. Any help in this regard will greatly appreciated. -- Best Regards, Pankaj Solanki [EMAIL PROTECTED] The Price of Greatness is responsibility over each of your thoughts -- Best Regards, Pankaj Solanki [EMAIL PROTECTED] Ph : 09810823740. The Price of Greatness is responsibility over each of your thoughts __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: BIO_read is continuously returning -1
Hi Pankaj., This difference in the HTTP response header is very critical. It influences the way in which the Client is going to behave. In case of 1, as the Connection: Close header is sent as part of the response, the http server will initiate the tcp teardown and need not bother sending the content length of the application payload. In case of 2, the client is expected to keep the HTTP connection alive, so that perhaps subsequent http requests can be pipelined, this is a feature of HTTP1.1. when a 302 is sent from the server, it means that either a REDIRECT req needs to be sent by the client as the http resource is not available in the requested path, so this redirect url will be as part of the Redirect header of the HTTP response, also as the connection keep alive has been set, the redirect request from the client will have to go on the same tcp connection over which the 302 was got, which is not supported by your ssl server? Thanks --Gayathri When I tried to print the values returned by BIO_read it shows -1, 8, 12, 30, 24, 79, 407, 47, 10, 2, 61, 2, 3, 2, 80, 2, 2, -1, -1, -1. , -1 I tried to catch the error using perror which shows the error message Error 0 till the return value 2, after that Resource temporarily unavailable for all -1 returned values. If you want to see code then let me know. On 12/28/05, Pankaj [EMAIL PROTECTED] wrote: I am quite new for the OpenSSL programming. I am using Perl client program and C client program for connecting to the same server. Perl script works fine with the get_https request. But in C, I am getting -1 return value from the server while reading. C program implimentation is same as of sslcat method of SSLeay.pm module. I tried to differentiate between the reply header and found that there is only single difference between them as : Perl client script: CONNECTION: close C Script: HTTP/1.1 302 Found Proxy-Connection: Keep-Alive Connection: Keep-Alive i.e. 2 extra lines with difference in Connection header. Rest of the returned header content is same for both. I am not understanding that if server is getting connected for the Perl script (which uses Net::SSLeay::get_https() method), then what is the problem with the C code? While debugging I found that it getting connected, accepts request and replys back with the series of chunks (in BIO_read), but it seems that it is not ending (no 0 return). contineously it is giving -1. I am using openssl-0.9.7g version. If you require code then I will provide in next email. Any help in this regard will greatly appreciated. -- Best Regards, Pankaj Solanki [EMAIL PROTECTED] The Price of Greatness is responsibility over each of your thoughts -- Best Regards, Pankaj Solanki [EMAIL PROTECTED] Ph : 09810823740. The Price of Greatness is responsibility over each of your thoughts __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: BIO_read is continuously returning -1
Forgot to mention that perhaps your client does not understand HTTP 1.1? Check whether the redirect request came back to the server. Hi Pankaj., This difference in the HTTP response header is very critical. It influences the way in which the Client is going to behave. In case of 1, as the Connection: Close header is sent as part of the response, the http server will initiate the tcp teardown and need not bother sending the content length of the application payload. In case of 2, the client is expected to keep the HTTP connection alive, so that perhaps subsequent http requests can be pipelined, this is a feature of HTTP1.1. when a 302 is sent from the server, it means that either a REDIRECT req needs to be sent by the client as the http resource is not available in the requested path, so this redirect url will be as part of the Redirect header of the HTTP response, also as the connection keep alive has been set, the redirect request from the client will have to go on the same tcp connection over which the 302 was got, which is not supported by your ssl server? Thanks --Gayathri When I tried to print the values returned by BIO_read it shows -1, 8, 12, 30, 24, 79, 407, 47, 10, 2, 61, 2, 3, 2, 80, 2, 2, -1, -1, -1. , -1 I tried to catch the error using perror which shows the error message Error 0 till the return value 2, after that Resource temporarily unavailable for all -1 returned values. If you want to see code then let me know. On 12/28/05, Pankaj [EMAIL PROTECTED] wrote: I am quite new for the OpenSSL programming. I am using Perl client program and C client program for connecting to the same server. Perl script works fine with the get_https request. But in C, I am getting -1 return value from the server while reading. C program implimentation is same as of sslcat method of SSLeay.pm module. I tried to differentiate between the reply header and found that there is only single difference between them as : Perl client script: CONNECTION: close C Script: HTTP/1.1 302 Found Proxy-Connection: Keep-Alive Connection: Keep-Alive i.e. 2 extra lines with difference in Connection header. Rest of the returned header content is same for both. I am not understanding that if server is getting connected for the Perl script (which uses Net::SSLeay::get_https() method), then what is the problem with the C code? While debugging I found that it getting connected, accepts request and replys back with the series of chunks (in BIO_read), but it seems that it is not ending (no 0 return). contineously it is giving -1. I am using openssl-0.9.7g version. If you require code then I will provide in next email. Any help in this regard will greatly appreciated. -- Best Regards, Pankaj Solanki [EMAIL PROTECTED] The Price of Greatness is responsibility over each of your thoughts -- Best Regards, Pankaj Solanki [EMAIL PROTECTED] Ph : 09810823740. The Price of Greatness is responsibility over each of your thoughts __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
problems generating certificates
edit ur openssl.cnf to point to the correct ca certificate and its private key..obviously the file is not the path that the cnf is looking at.. hi everybody, well finally get install openssl v0.9.8a, now when i try to generate certificates to be used with freeradius (eap-tls or eap-peap) i use these commands to CERTIFICATE AUTHORITY GENERATION: #openssl req -new -x509 -keyout newreq.pem -out newreq.pem -passin pass:clue1 -passout pass:clue1 #openssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out root.p12 -cacerts -passin pass:clue1 -passout pass:clue1 #openssl pkcs12 -in root.p12 -out root.pem -passin pass:clue1 -passout pass:clue1 (i copied root.p12 from freeradius files) #openssl x509 -inform PEM -outform DER -in root.pem -out root.der #rm -rf newreq.pem and these to SERVER CERTIFICATE GENERATION: #openssl req -new -keyout newreq.pem -out newreq.pem -passin pass:whatever -passout pass:clue1 #openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever -key whatever -extensions xpserver_ext -extfile xpextensions -infiles newreq.pem right here, when using this command i get this error: Error opening CA private key ./demoCA/private/cakey.pem 4161:error:02001002:system library:fopen:No such file or directory:bss_file.c:349:fopen ('./demoCA/private/cakey.pem' ,'r') 4161:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:351: unable to load CA private key well i really don't understand what this mean but reviewed ./demoCA/private/cakey.pem and effectively it's there, so why openssl cann't locate it?? why unable to load CA private key?? so, i tried this: #openssl x509 -inform PEM -outform DER -in demoCA/cacert.pem -out demoCA/cacert.der but now get this: 4201:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:644:Expecting: TRUSTED CERTIFICATE excuse if this question is so trivial but i really don't understand it. could any body help and tell me what is happening?? thanks for your patience and help. greetings _ Charla con tus amigos en línea mediante MSN Messenger: http://messenger.latam.msn.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: d2i/i2d for SEQUENCE OF Certificate
If you just want to encode that one structure (as opposed to embedding it in another) then check out and adapt the definition of GENERAL_NAMES in crypto/x509v3/v3_genn.c Thank you for point! http://www.e-mail.ru ÔÅÄÅÐÀËÜÍÀß ÏÎ×ÒÎÂÀß ÑËÓÆÁÀ E-MAIL.RU http://www.e-mail.ru Òîëüêî äî 31 äåêàáðÿ êîìïàíèÿ Êëþ÷ ÏëàñòÊîíñòðóêòîð ïðåäëàãàåò ñêèäêè äî 32% íà ïëàñòèêîâûå îêíà è äâåðè! Çâîíèòå ñåé÷àñ. Tel/fax: (495) 784-64-84 URL: http://www.kpk.ru __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: BIO_read is continuously returning -1
Thanks Gayatri, I dont have access to the server, so I wont be able to verify that. I dont think that it is needed as both clients interacting with same server. For one client it is working and for second it is not, so I dont think that server has any problem. Also how can I make a client to get Connection: Close header as part of the response from server? I think there is some small mistake I am making, but not able to figure it out. Here is part of the code which creats connection object SSL_load_error_strings(); OpenSSL_add_ssl_algorithms(); ssl_ctx=SSL_CTX_new(SSLv23_client_method()); SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); /* tried to reset to all option again */ ssl=SSL_new(ssl_ctx); SSL_set_connect_state(ssl); ssl_bio=BIO_new(BIO_f_ssl()); BIO_set_ssl(ssl_bio,ssl,BIO_CLOSE); sprintf(host, %s:%i, host_name, port_num); out=BIO_new(BIO_s_connect()); BIO_set_conn_hostname(out,host); BIO_set_nbio(out,1); out=BIO_push(ssl_bio,out); You may be able to catch the problem. Thanks, Pankaj On 12/28/05, Gayathri Sundar [EMAIL PROTECTED] wrote: Forgot to mention that perhaps your client does not understand HTTP 1.1? Check whether the redirect request came back to the server. Hi Pankaj., This difference in the HTTP response header is very critical. It influences the way in which the Client is going to behave. In case of 1, as the Connection: Close header is sent as part of the response, the http server will initiate the tcp teardown and need not bother sending the content length of the application payload. In case of 2, the client is expected to keep the HTTP connection alive, so that perhaps subsequent http requests can be pipelined, this is a feature of HTTP1.1. when a 302 is sent from the server, it means that either a REDIRECT req needs to be sent by the client as the http resource is not available in the requested path, so this redirect url will be as part of the Redirect header of the HTTP response, also as the connection keep alive has been set, the redirect request from the client will have to go on the same tcp connection over which the 302 was got, which is not supported by your ssl server? Thanks --Gayathri When I tried to print the values returned by BIO_read it shows -1, 8, 12, 30, 24, 79, 407, 47, 10, 2, 61, 2, 3, 2, 80, 2, 2, -1, -1, -1. , -1 I tried to catch the error using perror which shows the error message Error 0 till the return value 2, after that Resource temporarily unavailable for all -1 returned values. If you want to see code then let me know. On 12/28/05, Pankaj [EMAIL PROTECTED] wrote: I am quite new for the OpenSSL programming. I am using Perl client program and C client program for connecting to the same server. Perl script works fine with the get_https request. But in C, I am getting -1 return value from the server while reading. C program implimentation is same as of sslcat method of SSLeay.pm module. I tried to differentiate between the reply header and found that there is only single difference between them as : Perl client script: CONNECTION: close C Script: HTTP/1.1 302 Found Proxy-Connection: Keep-Alive Connection: Keep-Alive i.e. 2 extra lines with difference in Connection header. Rest of the returned header content is same for both. I am not understanding that if server is getting connected for the Perl script (which uses Net::SSLeay::get_https() method), then what is the problem with the C code? While debugging I found that it getting connected, accepts request and replys back with the series of chunks (in BIO_read), but it seems that it is not ending (no 0 return). contineously it is giving -1. I am using openssl-0.9.7g version. If you require code then I will provide in next email. Any help in this regard will greatly appreciated. -- Best Regards, Pankaj Solanki [EMAIL PROTECTED] The Price of Greatness is responsibility over each of your thoughts -- Best Regards, Pankaj Solanki [EMAIL PROTECTED] Ph : 09810823740. The Price of Greatness is responsibility over each of your thoughts __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- Best Regards, Pankaj Solanki [EMAIL PROTECTED] Ph : 09810823740. The Price of Greatness is responsibility over each of your thoughts
Re:Re: BIO_read is continuously returning -1
Original Message Subject: Re:Re: BIO_read is continuously returning -1 From:Gayathri Sundar [EMAIL PROTECTED] Date:Wed, December 28, 2005 4:59 am To: openssl-users@openssl.org -- If the Client Http Request has Http Version as 1.0 in its GET request or if the Connection: Close header is sent as part of the Client's GET request, the Server has to come back with Connection: Close..if the server follows RFC strictly..safest way is for the client to send HTTP 1.0 as its protocol version. The snipped is fine, can you give the code that sends the HTTP Request once SSL handshake is thro? Thanks --Gayathri Thanks Gayatri, I dont have access to the server, so I wont be able to verify that. I dont think that it is needed as both clients interacting with same server. For one client it is working and for second it is not, so I dont think that server has any problem. Also how can I make a client to get Connection: Close header as part of the response from server? I think there is some small mistake I am making, but not able to figure it out. Here is part of the code which creats connection object SSL_load_error_strings(); OpenSSL_add_ssl_algorithms(); ssl_ctx=SSL_CTX_new(SSLv23_client_method()); SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); /* tried to reset to all option again */ ssl=SSL_new(ssl_ctx); SSL_set_connect_state(ssl); ssl_bio=BIO_new(BIO_f_ssl()); BIO_set_ssl(ssl_bio,ssl,BIO_CLOSE); sprintf(host, %s:%i, host_name, port_num); out=BIO_new(BIO_s_connect()); BIO_set_conn_hostname(out,host); BIO_set_nbio(out,1); out=BIO_push(ssl_bio,out); You may be able to catch the problem. Thanks, Pankaj On 12/28/05, Gayathri Sundar [EMAIL PROTECTED] wrote: Forgot to mention that perhaps your client does not understand HTTP 1.1? Check whether the redirect request came back to the server. Hi Pankaj., This difference in the HTTP response header is very critical. It influences the way in which the Client is going to behave. In case of 1, as the Connection: Close header is sent as part of the response, the http server will initiate the tcp teardown and need not bother sending the content length of the application payload. In case of 2, the client is expected to keep the HTTP connection alive, so that perhaps subsequent http requests can be pipelined, this is a feature of HTTP1.1. when a 302 is sent from the server, it means that either a REDIRECT req needs to be sent by the client as the http resource is not available in the requested path, so this redirect url will be as part of the Redirect header of the HTTP response, also as the connection keep alive has been set, the redirect request from the client will have to go on the same tcp connection over which the 302 was got, which is not supported by your ssl server? Thanks --Gayathri When I tried to print the values returned by BIO_read it shows -1, 8, 12, 30, 24, 79, 407, 47, 10, 2, 61, 2, 3, 2, 80, 2, 2, -1, -1, -1. , -1 I tried to catch the error using perror which shows the error message Error 0 till the return value 2, after that Resource temporarily unavailable for all -1 returned values. If you want to see code then let me know. On 12/28/05, Pankaj [EMAIL PROTECTED] wrote: I am quite new for the OpenSSL programming. I am using Perl client program and C client program for connecting to the same server. Perl script works fine with the get_https request. But in C, I am getting -1 return value from the server while reading. C program implimentation is same as of sslcat method of SSLeay.pm module. I tried to differentiate between the reply header and found that there is only single difference between them as : Perl client script: CONNECTION: close C Script: HTTP/1.1 302 Found Proxy-Connection: Keep-Alive Connection: Keep-Alive i.e. 2 extra lines with difference in Connection header. Rest of the returned header content is same for both. I am not understanding that if server is getting connected for the Perl script (which uses Net::SSLeay::get_https() method), then what is the problem with the C code? While debugging I found that it getting connected, accepts request and replys back with the series of chunks (in BIO_read), but it seems that it is not ending (no 0 return). contineously it is giving -1. I am using openssl-0.9.7g version. If you require code then I will provide in next email. Any help in this regard will greatly appreciated. -- Best Regards, Pankaj Solanki [EMAIL PROTECTED] The Price of Greatness is responsibility over each of your thoughts -- Best Regards, Pankaj Solanki [EMAIL PROTECTED] Ph : 09810823740. The Price of Greatness is responsibility over each of your thoughts
RE: Newbie question X509 certificate stores
What do you mean fails to open the store? What does the data look like that you are feeding into d2i_PKCS7()? Doies it have lines with -BEGIN in it? I cannot find this anywhere in the data. If the data is available as a file try: openssl pkcs7 -in file -inform DER openssl pkcs7 -in file and if both of those fail: openssl asn1parse -inform DER -in file I have saved the data blob to a file (which I have attached to the posting). All of the above commands fail with the same errors as d2i_PKCS7(). The asn1parse command complains about a bad Boolean. I am stumped here. Chris cert_store_data Description: Binary data
Re: BIO_read is continuously returning -1
On Wed, Dec 28, 2005, Pankaj wrote: I am quite new for the OpenSSL programming. I am using Perl client program and C client program for connecting to the same server. Perl script works fine with the get_https request. But in C, I am getting -1 return value from the server while reading. A -1 return value from BIO_read() is not necessarily an error. Check out the BIO_read() manual page for more details. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Newbie question X509 certificate stores
On Wed, Dec 28, 2005, Chris Morrison wrote: What do you mean fails to open the store? What does the data look like that you are feeding into d2i_PKCS7()? Doies it have lines with -BEGIN in it? I cannot find this anywhere in the data. If the data is available as a file try: openssl pkcs7 -in file -inform DER openssl pkcs7 -in file and if both of those fail: openssl asn1parse -inform DER -in file I have saved the data blob to a file (which I have attached to the posting). All of the above commands fail with the same errors as d2i_PKCS7(). The asn1parse command complains about a bad Boolean. I am stumped here. There seems to be a problem with whatever has been used to save the data. It is prepending the byte 0, 1 to the start of the structure. If you skip these OpenSSL has no problems parsing the PKCS#7 data. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Newbie question X509 certificate stores
I'm having a very similar problem as this one. I have a file I made from data sent from an AS2 system. The HTTP headers before the data are (abbreviated to the S/MIME stuff): Subject: EDIINTDATA Message-Id: [EMAIL PROTECTED] Disposition-Notification-To: inXServices Disposition-Notification-Options: signed-receipt-protocol=optional,pkcs7-signature; signed-receipt-micalg=optional,sha1 Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name=smime.p7m Content-Disposition: inline; filename=smime.p7m Content-Length: 1334 I saved the 1334 bytes after the blank line following the Content-Length to a file. I can't seem to use that file with OpenSSL. On Wed, Dec 28, 2005 at 12:45:18AM +0100, Dr. Stephen Henson wrote: What does the data look like that you are feeding into d2i_PKCS7()? Doies it have lines with -BEGIN in it? No. If the data is available as a file try: openssl pkcs7 -in file -inform DER openssl pkcs7 -inform DER -in src/fo/van/as2/msg.enc unable to load PKCS7 object 23182:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:946: 23182:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:304:Type=PKCS7 openssl pkcs7 -in file openssl pkcs7 -in src/fo/van/as2/msg.enc unable to load PKCS7 object 23183:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:637:Expecting: PKCS7 and if both of those fail: openssl asn1parse -inform DER -in file openssl asn1parse -inform DER -in src/fo/van/as2/msg.enc 0:d=0 hl=2 l= 10 prim: EOC There are also some proprietary store outputs from CryptoAPI which can be produced which OpenSSL cannot handle. Steve. Supposedly the public key produced is X.509. However, I can't read that with OpenSSL, either. I an read the private key (which is documented by the AS2 software as PKS#1 RSA private key -- I assume they mean PKCS#1). I can provide the file to anyone who can assist with this. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Newbie question X509 certificate stores
On Wed, Dec 28, 2005, George Garvey wrote: I'm having a very similar problem as this one. I have a file I made from data sent from an AS2 system. The HTTP headers before the data are (abbreviated to the S/MIME stuff): Subject: EDIINTDATA Message-Id: [EMAIL PROTECTED] Disposition-Notification-To: inXServices Disposition-Notification-Options: signed-receipt-protocol=optional,pkcs7-signature; signed-receipt-micalg=optional,sha1 Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name=smime.p7m Content-Disposition: inline; filename=smime.p7m Content-Length: 1334 I saved the 1334 bytes after the blank line following the Content-Length to a file. I can't seem to use that file with OpenSSL. You should be able to use the smime utility on the whole message including headers for example: openssl smime -verify -in message or to output a standard PKCS#7 structure in PEM format: openssl smime -pk7out -in message then the standard pkcs7 utility should tolerate it. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: BIO_read is continuously returning -1
I am quite new for the OpenSSL programming. I am using Perl client program and C client program for connecting to the same server. Perl script works fine with the get_https request. But in C, I am getting -1 return value from the server while reading. Why do you keep calling BIO_read? What are you waiting for? You should only be looping on BIO_read if there is nothing you want to do until the server does something. Why did you tell the server that you supported HTTP 1.1 if you don't? Do you support chunked encoding? What about connection keep-alive? DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]