Hi,
I'm trying to understand why this following code is failing the second or
third time... Is it a good way ( meaning first accept() without ssl, then do
those association, then SSL_Accept() ) ----
<<< tls_socket is just a plain listner socket
sock = accept (tls_socket, (struct sockaddr *) &sa, &slen);
if (sock < 0)
{
TRACE (trace (__FILE__, __LINE__, ERROR, NULL, "Error
accepting TLS socket\n"));
}
else
{
TRACE (trace (__FILE__, __LINE__, INFO1, NULL,
"Accepted socket from accept() is = %i\n", sock) );
if (ssl_ctx == NULL)
{
TRACE (trace (__FILE__, __LINE__, INFO1, NULL,
"TLS connection rejected.\n"));
close(sock);
return -1;
}
if (!SSL_CTX_check_private_key (ssl_ctx))
{
TRACE (trace (__FILE__, __LINE__, ERROR, NULL,
"SSL CTX private key check error\n"));
}
ssl = SSL_new (ssl_ctx);
if (ssl==NULL)
{
TRACE (trace (__FILE__, __LINE__, ERROR, NULL,
"***Cannot create ssl connection context\n"));
return -1;
}
if (!SSL_check_private_key (ssl))
{
TRACE (trace (__FILE__, __LINE__, ERROR, NULL,
"***SSL private key check error\n"));
}
//ps BIO_s_socket() and BIO_new_socket() returns the socket BIO
method.
//ps This is a wrapper round the platform's socket routines.
sbio = BIO_new_socket (sock, BIO_NOCLOSE);
if (sbio == NULL)
{
TRACE (trace (__FILE__, __LINE__, ERROR, NULL,
"***BIO_new_socket error\n"));
}
SSL_set_bio (ssl, sbio, sbio); /* cannot fail */
i = SSL_accept (ssl); /** <<<<< here is the error ***>>>
if (i<=0)
{
TRACE (trace (__FILE__, __LINE__, ERROR, NULL,
"***SSL_accept() call failed\n"));
i = SSL_get_error (ssl, i);
print_ssl_error (i);
SSL_shutdown (ssl);
close (sock);
SSL_free (ssl);
