I am new to SSL, and need to build an application talking to another host
on top of SSLv3.
I've installed SSLeay 0.9.0b on my FreeBSD unix server, installed Apache
mod_ssl, obtained and installed the Verisign Certificate, and done some
initial testing. So far so good.
I planned on using s_client for the socket based part of the project, but
for some reason it won't do the trick.
what I do is:
cat My Request | s_client -connect xxx.xxx.xxx.xxx:yyyy -ssl3 \
-quiet -cert /root/ssl/verisign_cert.pem -key \
-key /root/ssl/verisign_key.pem -state > MyOutput
But the socket is "stuck", it never terminates but hangs forever, although
I got all my data in MyOutput. (if I ctrl-C after "read finished A", all my
data is in the file)
As far as I can see (from state, se below) the write and the read
terminated properly, but the socket still hangs...
If I run the above WITHOUT the -quiet flag, no data is written/read, the
socket terminates, but no output is there.
I'm I using s_client improperly (where is the man page/doc for s_client),
or what ???
Are there any other ways to do a SSLv3 socket with like:
cat something | ssl3socket host port certfile keyfile > xxxxxx
Any suggestion/hint is appreciated, but approaches i C or perl is preferred
kind regards
Søren Schrøder
[EMAIL PROTECTED]
---- start ssl state for a "-quiet" s_client session -----
SSL_connect:before SSL initalisation
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=1 /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification
Authority
verify error:num=19:self signed certificate in certificate chain
verify return:0
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client certificate A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write certificate verify A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
---- start ssl state without "-quiet" -----
SSL_connect:before SSL initalisation
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=1 /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification
Authority
verify error:num=19:self signed certificate in certificate chain
verify return:0
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client certificate A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write certificate verify A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
DONE
SSL3 alert write:warning:close notify
---------------------------------------
-----------------------------------------------------------
Soeren Schroeder - Sysadm Cybercity Internet
mailto:[EMAIL PROTECTED] - PGP key available upon request
-----------------------------------------------------------
* a day not wasted is a day wasted *
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
