[openssl-dev] [openssl.org #4060] a crash happened inside SSL_Connect function

Tiantian Liu via RT rt at openssl.org
Thu Sep 24 16:08:27 UTC 2015 

Hi,

I am a software developer who is struggling on an application development based on OpenSSL 1.0.1 (released on 2012-03-14) under Linux (32-bit Redhat).

I used to use the SSL functions from OpenSSL 0.9.8, and my application worked fine.  I applied the SSLv23_method() to setup the SSL context and communicate with customer's server over various SSL/TLS protocols.

While, recently my customer required me to upgrade my OpenSSL library, because their server only support TLS1.2. So I downloaded OpenSSL 1.0.1 source package, then complied and installed successfully.
I configured the OpenSSL as:
                #./config -prefix=/usr shared     //I have to generate the shared library like libssl.so, libcrypto.so

Then I found my SSL context, setup by SSLv23_method(), stopped working, I can't reach their server anymore.  It looked like they didn't understand my handshake message when I called SSL_Connect().

So I switched to the TLSv1_2_method()  to build SSL context. However, my program crashed every time when I called SSL_Connect(), I mean crash happened inside the SSL_Connect(), and it didn't return at all.

Now I have tried 2 methods:

1.       SSLv23_method() to build SSL context

SSL_METHOD *meth;
SSL_CTX *ctx;
......
meth = SSLv23_method();
ctx = SSL_CTX_new(meth);

//Only allow TLSv1_1 or higher
SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1);

......

The SSL_Connect() resulted in:
ConnectSSL [SSL_connect(ssl)] failed: 5
SSL_ERROR_SYSCALL: 5



2.       TLSv1_2_method() to build SSL context

SSL_METHOD *meth;
SSL_CTX *ctx;
......
meth = TLSv1_2_method();
ctx = SSL_CTX_new(meth);


then, the SSL_connect() crashed when I invoked it.

Currently, I don't know how to attack this issue, all the code worked fine before. I just changed the SSLv23_method  to TLSv1_2_method.  Is there any difference between that 2 functions? What I should do if I want to use the TLSv1_2_method?

I am very pleased if anyone of you have any idea to help me.
Thanks,
Tyler


-------------- next part --------------
_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-mod at openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod

More information about the openssl-dev mailing list