What scenario will cause openssl can't send "client hello" request?
Hi all, Our program that use openssl can't work normally with 'https' protocol. Then we use ethereal to sniff data on the port 443 and find that client doens't send "client hello" message to server after it finish tcp handshake. Does anyone known about this? BTW: the openssl lib is fine under another environment. Does anyone have any idea? Any suggestion and help are welcome and greatly appreciated. Thanks. BRs Javen
Re: What scenario will cause openssl can't send "client hello" request?
Hello, [EMAIL PROTECTED] wrote on 04/01/2008 04:57:18 PM: > Hi all, > > Our program that use openssl can't work normally with 'https' protocol. Then we use > ethereal to sniff data on the port 443 and find that client doens't send "client hello" > message to server after it finish tcp handshake. Does anyone known about this? BTW: the > openssl lib is fine under another environment. Does anyone have any idea? Any suggestion > and help are welcome and greatly appreciated. Thanks. You should look at your application log files (OpenSSL library messages). Establishing tcp connection is one thing while initializing OpenSSL library, creating client_hello packet is another. Log files may answer your question. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: What scenario will cause openssl can't send "client hello" request?
> Our program that use openssl can't work normally with > 'https' protocol. Then we use ethereal to sniff data on > the port 443 and find that client doens't send "client hello" > message to server after it finish tcp handshake. Does anyone > known about this? BTW: the openssl lib is fine under another > environment. Does anyone have any idea? Any suggestion and help > are welcome and greatly appreciated. Thanks. You're asking us to find the bug in a program we can't see. All we can do is guess. FWIW, I once had this exact same problem when I was writing my very first piece of code to implement OpenSSL and BIO pairs. The problem was that nothing triggered by code to send data on the socket. No data had been received on the socket, no data had been sent by the application, so there seemed to be no reason to do anything at all. Your problem may be a deadlock issue where you are waiting for something to happen (on the socket or the application I/O side) and everything else is waiting for you to call some OpenSSL function that will trigger the sending of the client hello. Are you calling into the OpenSSL library? If not, how is the client hello going to get sent?! (Some code has to run in order to send any data.) If so, what function and what is it returning? DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: What scenario will cause openssl can't send "client hello" request?
Dears, I am using libcurl to perform "http" and "https" request. We have traced the log from libcurl. It also an debug callback function to openssl. - == Info: About to connect() to 10.64.12.55 port 443 == Info: Trying 10.64.12.55... == Info: connected == Info: Connected to 10.64.12.55 (10.64.12.55) port 443 == Info: successfully set certificate verify locations: == Info: CAfile: D:\Source\CA.cer CApath: none == Info: SSLv3, TLS handshake, Client hello (1): <= Send SSL data, zd bytes (0xzx) zx: ...]..G..Z)4U_9s.._..WBz ..~6.9.8.5...3.2./...f. zx: c.b.a...e.d.` == Info: Unknown SSL protocol error in connection to 10.64.12.55:443 == Info: Closing connection #0 It seems that client have send 'client' hello message. So at first we think maybe there are something between our client and server cut the connection off. So we use ethereal to catch the network tracfic on port 443. But the result surprised all of us. Ethereal can't catch anything but tcp's handshake. BTW: There is another https server, which is also use openssl, in this computer. It work in LAN environment with its client. Its secure channel work fine. Our server is out of the LAN. The "Unknown SSL protocol error" was printed by libcurl, it use SSL_connect to setup the secure channel, but SSL_connect return error and libcurl get nothing when it try to retrieve detail error message from openssl. so it print "unknown ssl protocol error". 2008/4/2, David Schwartz <[EMAIL PROTECTED]>: > > > > Our program that use openssl can't work normally with > > 'https' protocol. Then we use ethereal to sniff data on > > the port 443 and find that client doens't send "client hello" > > message to server after it finish tcp handshake. Does anyone > > known about this? BTW: the openssl lib is fine under another > > environment. Does anyone have any idea? Any suggestion and help > > are welcome and greatly appreciated. Thanks. > > You're asking us to find the bug in a program we can't see. All we can do > is > guess. > > FWIW, I once had this exact same problem when I was writing my very first > piece of code to implement OpenSSL and BIO pairs. The problem was that > nothing triggered by code to send data on the socket. No data had been > received on the socket, no data had been sent by the application, so there > seemed to be no reason to do anything at all. > > Your problem may be a deadlock issue where you are waiting for something > to > happen (on the socket or the application I/O side) and everything else is > waiting for you to call some OpenSSL function that will trigger the > sending > of the client hello. > > Are you calling into the OpenSSL library? If not, how is the client hello > going to get sent?! (Some code has to run in order to send any data.) If > so, > what function and what is it returning? > > DS > > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] >
