[openssl-dev] [openssl.org #4060] a crash happened inside SSL_Connect function
Tiantian Liu via RT
rt at openssl.org
Thu Sep 24 16:08:27 UTC 2015
Hi,
I am a software developer who is struggling on an application development based on OpenSSL 1.0.1 (released on 2012-03-14) under Linux (32-bit Redhat).
I used to use the SSL functions from OpenSSL 0.9.8, and my application worked fine. I applied the SSLv23_method() to setup the SSL context and communicate with customer's server over various SSL/TLS protocols.
While, recently my customer required me to upgrade my OpenSSL library, because their server only support TLS1.2. So I downloaded OpenSSL 1.0.1 source package, then complied and installed successfully.
I configured the OpenSSL as:
#./config -prefix=/usr shared //I have to generate the shared library like libssl.so, libcrypto.so
Then I found my SSL context, setup by SSLv23_method(), stopped working, I can't reach their server anymore. It looked like they didn't understand my handshake message when I called SSL_Connect().
So I switched to the TLSv1_2_method() to build SSL context. However, my program crashed every time when I called SSL_Connect(), I mean crash happened inside the SSL_Connect(), and it didn't return at all.
Now I have tried 2 methods:
1. SSLv23_method() to build SSL context
SSL_METHOD *meth;
SSL_CTX *ctx;
......
meth = SSLv23_method();
ctx = SSL_CTX_new(meth);
//Only allow TLSv1_1 or higher
SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1);
......
The SSL_Connect() resulted in:
ConnectSSL [SSL_connect(ssl)] failed: 5
SSL_ERROR_SYSCALL: 5
2. TLSv1_2_method() to build SSL context
SSL_METHOD *meth;
SSL_CTX *ctx;
......
meth = TLSv1_2_method();
ctx = SSL_CTX_new(meth);
then, the SSL_connect() crashed when I invoked it.
Currently, I don't know how to attack this issue, all the code worked fine before. I just changed the SSLv23_method to TLSv1_2_method. Is there any difference between that 2 functions? What I should do if I want to use the TLSv1_2_method?
I am very pleased if anyone of you have any idea to help me.
Thanks,
Tyler
-------------- next part --------------
_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-mod at openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
More information about the openssl-dev
mailing list