Netmeisters, I would appreciate your help with the following, although it is not strictly (or not only) and OpenSSL problem.
I am trying to connect a Pocket PC to a Linux server. The Pocket PC uses Schannel (which on the PPC apparently includes SSLv2 and SSLv3 but not TLS) and the Linux server has OpenSSL. At this point I am just trying to get small test programs to work. For the server, the test program is a slightly modified version of the sserver program from Rescorla's book. I have included most of the code from the client below, if it matters, but basically all this does is make a socket, "turn on" SSL on the socket, and tell the security functions to use SSLv3 protocols. The server program also should be using SSLv3, because of a call to SSLv3_method(). Here is what ssldump reports: New TCP connection #2: net-204-140.dhcp.mcw.edu(1499) <-> dp1.derm.mcw.edu(9734) 2 1 0.1544 (0.1544) C>S Handshake ClientHello Version 3.0 cipher suites SSL_RSA_WITH_RC4_128_MD5 SSL_RSA_WITH_RC4_128_SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA SSL_RSA_WITH_DES_CBC_SHA SSL_RSA_EXPORT1024_WITH_RC4_56_SHA SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA SSL_RSA_EXPORT_WITH_RC4_40_MD5 SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 compression methods NULL 2 2 0.1548 (0.0003) S>C Alert level fatal value handshake_failure 2 0.1552 (0.0003) S>C TCP FIN 2 0.1574 (0.0022) C>S TCP FIN and here is what I get from sserver: SSL accept error 31654:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:772: According to the table in the back of Rescorla's book, OpenSSL does support these suites, but the names (as listed in his book anyway) are different; they begin with TLS rather than SSL. If I don’t try to set the client for SSLv3 but just leave it at the default something similar happens anyway. Any suggestions would be much appreciated. Matthew Fleming, MD Associate Professor Dept. of Dermatology Medical College of Wisconsin E-mail: [EMAIL PROTECTED] S-mail: Dept. of Dermatology Medical College of Wisconsin 8701 Watertown Plank Rd. Milwaukee, WI 53226 Phone:414.456.4072 Fax:414.456.6518 Windows CE code: DWORD optval = SO_SEC_SSL; err=setsockopt(s, SOL_SOCKET, SO_SECURE, (LPSTR)&optval, sizeof(optval)); if (err==SOCKET_ERROR) { errmsg.Format(_T("Error in setsockopt for SO_SECURE %d"), WSAGetLastError()); MessageBox(errmsg); } DWORD dwBytes; SSLPROTOCOL protocol; protocol.dwProtocol=SSL_PROTOCOL_SSL3; protocol.dwVersion=0; protocol.dwFlags=0; SSLPROTOCOLS protocols; protocols.ProtocolList[0]=protocol; protocols.dwCount=1; err = WSAIoctl( s, SO_SSL_SET_PROTOCOLS, &protocols, sizeof(protocols), NULL, 0, &dwBytes, NULL, NULL); if (SOCKET_ERROR==err) { errmsg.Format(_T("Error in setting protocol %d"), WSAGetLastError()); MessageBox(errmsg); } //register certificate validation callback SSLVALIDATECERTHOOK hfunc; hfunc.HookFunc = certificate_validation_procedure; hfunc.pvArg = NULL; err = WSAIoctl( s, SO_SSL_SET_VALIDATE_CERT_HOOK, &hfunc, sizeof(hfunc), NULL, 0, &dwBytes, NULL, NULL); if (SOCKET_ERROR==err) { errmsg.Format(_T("Error in registering certificate validation callback %d"), WSAGetLastError()); MessageBox(errmsg); } // do name resolution hostent *pHostent; pHostent=gethostbyname("dp1.derm.mcw.edu"); memcpy(&tcpaddr.sin_addr,pHostent->h_addr_list[0],sizeof(IN_ADDR)); //or not //tcpaddr.sin_addr.s_addr=inet_addr("141.106.204.30"); int res=connect(s, (SOCKADDR *)&tcpaddr, sizeof(tcpaddr)); if (res==SOCKET_ERROR) { CString err; err.Format(_T("Connection error %d\n"), WSAGetLastError()); MessageBox(err); } send(s, ch, 1, 0); ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]