[openssl-users] Upgrading to 1.1.1
Angus Robertson - Magenta Systems Ltd
angus at magsys.co.uk
Thu Nov 16 17:59:00 UTC 2017
I'm updating our Delphi SSL code to support 1.1.1 in addition to 1.0.2
and 1.1.0, common code with a few version checks. This is using Windows
10.
With 1.1.1, SSL connections fail to initialise, failing with the first
BIO_read after setting up the context and BIOs. There is no real error
(I can see), read just fails and BIO_should_retry says no with a zero
reason.
We are using SSL filter I/O with a BIO pair, we handle all I/O using
non-blocking Windows APIs.
There was no particular issue updating to 1.1.0, apart from new context
stuff, but 1.1.1 seems to have changed something to make our code fail.
I can not see anything in the TLS/1.3 notes that relates to simple SSL
initialisation.
The main APIs called are, in order:
SSL_new(myContext)
BIO_new(BIO_f_ssl)
BIO_new_bio_pair
SSL_set_ex_data
SSL_set_session
SSL_set_tlsext_host_name
SSL_set_connect_state
SSL_set_bio
SSL_set_info_callback
SSL_set_msg_callback
BIO_set_ssl
BIO_read - 0 bytes
which is where it dies, after a SSL_CB_HANDSHAKE_START info message and
a 512 byte write client hello.
The openssl.exe built with 1.1.1 seems to work OK making a client
connection, but uses different BIO I/O.
Is some new initialisation required for 1.1.1?
Angus
More information about the openssl-users
mailing list