------=_Part_6061_3934683.1207117826897
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Dears,

I am using libcurl to perform "http" and "https" request. We have traced the
log from libcurl. It also an debug callback function to openssl.
---------------------------------------------------------------------------------------------------------------------------------------------------------------------
== Info: About to connect() to 10.64.12.55 port 443
== Info: Trying 10.64.12.55... == Info: connected
== Info: Connected to 10.64.12.55 (10.64.12.55) port 443
== Info: successfully set certificate verify locations:
== Info: CAfile: D:\Source\CA.cer
CApath: none
== Info: SSLv3, TLS handshake, Client hello (1):
<= Send SSL data, zd bytes (0xzx)
zx: ...]..G..Z....)4U_9s......_..WBz ..~....6.9.8.5.......3.2./...f.
zx: ....c.b.a.......e.d.`............
== Info: Unknown SSL protocol error in connection to 10.64.12.55:443
== Info: Closing connection #0
--------------------------------------------------------------------------------------------------------------------------------------------------------------------
It seems that client have send 'client' hello message. So at first we think
maybe there are something between our client and server cut the connection
off. So we use ethereal to catch the network tracfic on port 443. But the
result surprised all of us. Ethereal can't catch anything
but tcp's handshake.
BTW: There is another https server, which is also use openssl, in this
computer. It work in LAN environment with its client. Its secure channel
work fine. Our server is out of the LAN.

The "Unknown SSL protocol error" was printed by libcurl, it use SSL_connect
to setup the secure channel, but SSL_connect return error and libcurl
get nothing when it try to retrieve detail error message from openssl. so it
print "unknown ssl protocol error".


2008/4/2, David Schwartz :
>
>
> > Our program that use openssl can't work normally with
> > 'https' protocol. Then we use ethereal to sniff data on
> > the port 443 and find that client doens't send "client hello"
> > message to server after it finish tcp handshake. Does anyone
> > known about this? BTW: the openssl lib is fine under another
> > environment. Does anyone have any idea? Any suggestion and help
> > are welcome and greatly appreciated. Thanks.

>
> You're asking us to find the bug in a program we can't see. All we can do
> is
> guess.
>
> FWIW, I once had this exact same problem when I was writing my very first
> piece of code to implement OpenSSL and BIO pairs. The problem was that
> nothing triggered by code to send data on the socket. No data had been
> received on the socket, no data had been sent by the application, so there
> seemed to be no reason to do anything at all.
>
> Your problem may be a deadlock issue where you are waiting for something
> to
> happen (on the socket or the application I/O side) and everything else is
> waiting for you to call some OpenSSL function that will trigger the
> sending
> of the client hello.
>
> Are you calling into the OpenSSL library? If not, how is the client hello
> going to get sent?! (Some code has to run in order to send any data.) If
> so,
> what function and what is it returning?
>
> DS
>
>
> __________________________________________________ ____________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majordomo@openssl.org
>


------=_Part_6061_3934683.1207117826897
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Dears,

 

I am using libcurl to perform "http" and "https" request. We have traced the log from libcurl. It also  an debug callback function to openssl.

---------------------------------------------------------------------------------------------------------------------------------------------------------------------

== Info: About to connect() to 10.64.12.55 port 443
== Info:   Trying 10.64.12.55... == Info: connected

== Info: Connected to 10.64.12.55 (10.64.12.55) port 443

== Info: successfully set certificate verify locations:
== Info:   CAfile: D:\Source\CA.cer
  CApath: none
== Info: SSLv3, TLS handshake, Client hello (1):
<= Send SSL data, zd bytes (0xzx)
zx: ...]..G..Z....)4U_9s......_..WBz ..~....6.9.8.5.......3.2./...f.

zx: ....c.b.a.......e.d.`............
== Info: Unknown SSL protocol error in connection to 10.64.12.55:443

== Info: Closing connection #0

--------------------------------------------------------------------------------------------------------------------------------------------------------------------
It seems that client have send 'client' hello message. So at first we think maybe there are something between our client and server cut the connection off. So we use ethereal to catch the network tracfic on port 443. But the result surprised all of us. Ethereal can't catch anything but tcp's handshake. 


BTW: There is another https server, which is also use openssl, in this computer. It work in LAN environment with its client. Its secure channel work fine. Our server is out of the LAN.

 

The "Unknown SSL protocol error" was printed by libcurl, it use SSL_connect to setup the secure channel, but SSL_connect return error and libcurl get nothing when it try to retrieve detail error message from openssl. so it print "unknown ssl protocol error".



 

2008/4/2, David Schwartz <davids@webmaster.com>:

> Our program that use openssl can't work normally with
> 'https' protocol. Then we use ethereal to sniff data on

> the port 443 and find that client doens't send "client hello"
> message to server after it finish tcp handshake. Does anyone
> known about this? BTW: the openssl lib is fine under another

> environment. Does anyone have any idea? Any suggestion and help
> are welcome and greatly appreciated. Thanks.

You're asking us to find the bug in a program we can't see. All we can do is
guess.


FWIW, I once had this exact same problem when I was writing my very first
piece of code to implement OpenSSL and BIO pairs. The problem was that
nothing triggered by code to send data on the socket. No data had been

received on the socket, no data had been sent by the application, so there
seemed to be no reason to do anything at all.

Your problem may be a deadlock issue where you are waiting for something to
happen (on the socket or the application I/O side) and everything else is

waiting for you to call some OpenSSL function that will trigger the sending
of the client hello.

Are you calling into the OpenSSL library? If not, how is the client hello
going to get sent?! (Some code has to run in order to send any data.) If so,

what function and what is it returning?

DS


__________________________________________________ ____________________
OpenSSL Project                                 http://www.openssl.org

User Support Mailing List                    penssl-users@openssl.org" target="_blank">openssl-users@openssl.org
Automated List Manager                           majordomo@openssl.org




------=_Part_6061_3934683.1207117826897--
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org