AW: Hanging in SSL_connect !

2001-05-04 Thread Rainer Kaufmann 

Hi Marc,

thanks for your help ! The problem for me was to find a function which
switches the socket to nonblocking mode.
Found function ioctlsocket(m_hSocket, FIONBIO, &ulArg); with ulArg > 0.  :-)

Thank you !!!

-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]Im Auftrag von Marc Sherman
Gesendet: Donnerstag, 3. Mai 2001 18:32
An: '[EMAIL PROTECTED]'
Betreff: RE: Hanging in SSL_connect !


How about setting m_hSocket to non-blocking mode. I think SSL_connect() will
return SSL_ERROR_WANT_READ in the case you describe.

Marc

> -Original Message-
> From: Rainer Kaufmann [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 03, 2001 11:12 AM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Hanging in SSL_connect !
>
>
> Hi,
>
> has somebody an idea to avoid the SSL library to hang in
> SSL_connect when
> the other side does not respond ?
> Starting a timer and calling SSL_shutdown and closesocket on
> timeout, causes
> the SSL library to crash :-(
> I think the problem is the library waiting in socket::recv after
> ssl3_get_server_hello when there is nothing to read. A simple
> socket::select
> would solve this...
>
> Any ideas ?
>
> Thanks, Rainer
>
>
> -Ursprüngliche Nachricht-
> Von: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]Im Auftrag von Rainer Kaufmann
> Gesendet: Mittwoch, 2. Mai 2001 17:34
> An: [EMAIL PROTECTED]
> Betreff: Ttimeout when trying to connect to an non-SSL port ?
>
>
> Hi,
>
> me again :-) I'm running into serious problems when trying to
> connect to a
> server which does know nothing about SSL.
> Connecting to a telnet server with the following code snippet
> runs into an
> infinite loop.
>
> ---
>   SSL_METHOD* pSSLMeth;
>   X509* pcrtCertificate;
>
>   // Should timeout by itself
>   if(connect(m_hSocket, psa, sizeof(SOCKADDR)) == SOCKET_ERROR)
>   {
> throw "CSSLSocket::Connect";
>   }
>   pSSLMeth = SSLv3_client_method();
>   m_psscContext = SSL_CTX_new (pSSLMeth);
>
>   // Create context and connect file descriptor(handle)
>   m_pSSL = SSL_new (m_psscContext);
>   ASSERT(m_pSSL != NULL);
>   SSL_set_fd(m_pSSL, m_hSocket);
>   SSL_connect(m_pSSL);
> 
>
> Thanks, Rainer
>
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
>
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Ttimeout when trying to connect to an non-SSL port ?

2001-05-02 Thread Rainer Kaufmann 

Hi,

me again :-) I'm running into serious problems when trying to connect to a
server which does know nothing about SSL.
I.e. connecting to a telnet server with the following code snippet seems to
run into an infinite loop.

---
  SSL_METHOD* pSSLMeth;
  X509* pcrtCertificate;

  // Should timeout by itself
  if(connect(m_hSocket, psa, sizeof(SOCKADDR)) == SOCKET_ERROR)
  {
throw "CSSLSocket::Connect";
  }
  pSSLMeth = SSLv3_client_method();
  m_psscContext = SSL_CTX_new (pSSLMeth);

  // Set timeout according connect timeout ???
  SSL_CTX_set_timeout(m_psscContext, 1);//(ANSWER_TIMEOUT_TIME / 1000) + 4);

  // Create context and connect file descriptor(handle)
  m_pSSL = SSL_new (m_psscContext);
  ASSERT(m_pSSL != NULL);
  SSL_set_fd(m_pSSL, m_hSocket);
  SSL_connect(m_pSSL);

SSL_connect never returns, using SSL_CTX_set_timeout did have to effect.
Please help..

Thanks, Rainer


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Client certificates on smart card ?

2001-05-02 Thread Rainer Kaufmann 

Hello,

I have a question using certificates when using client authentication on
server side.
Normally the client's X509 certificate is stored on the local harddisk and
SSL_CTX_use_certificate_file is used to tell the library were it can be
found, is that right ?
Is it possible to 'forward' an authentication request to the client side
somehow into a smart card ?
What I searching is something like a callback function which is in the
context 'server wants you to authenticate and sent data .Fill struct
 with your answer or simply SSL_write()'.

Thanks, Rainer

-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]Im Auftrag von George Lind
Gesendet: Mittwoch, 2. Mai 2001 16:54
An: '[EMAIL PROTECTED]'
Betreff: how do you generate a CRL?


How do you generate a CRL with the openssl tool?

Thanks,
George

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]