[openssl-dev] [openssl.org #4060] a crash happened inside SSL_Connect function
Viktor Dukhovni
openssl-users at dukhovni.org
Thu Sep 24 16:29:43 UTC 2015
On Thu, Sep 24, 2015 at 04:08:27PM +0000, Tiantian Liu via RT wrote:
> I used to use the SSL functions from OpenSSL 0.9.8, and my application
> worked fine. I applied the SSLv23_method() to setup the SSL context and
> communicate with customer's server over various SSL/TLS protocols.
>
> While, recently my customer required me to upgrade my OpenSSL library,
> because their server only support TLS1.2. So I downloaded OpenSSL 1.0.1
> source package, then complied and installed successfully.
> I configured the OpenSSL as:
> #./config -prefix=/usr shared
>
> Then I found my SSL context, setup by SSLv23_method(), stopped working,
> I can't reach their server anymore. It looked like they didn't understand
> my handshake message when I called SSL_Connect().
Did you recompile your application code against the *headers* and
libraries from OpenSSL 1.0.1? The 0.9.8 release is not binary-compatible
with the 1.0.1 release.
> 1. SSLv23_method() to build SSL context
That's what you should use. You should not explicitly select a
fixed protocol version in most cases.
> SSL_METHOD *meth;
> SSL_CTX *ctx;
> ......
> meth = SSLv23_method();
> ctx = SSL_CTX_new(meth);
>
> SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1);
So far, so good. I assume that you also initialized the library
before this via SSL_library_init() or similar.
> The SSL_Connect() resulted in:
> ConnectSSL [SSL_connect(ssl)] failed: 5
> SSL_ERROR_SYSCALL: 5
You should print the error stack, and examime "errno". Perhaps
the connection to the server failed. Looking at the output of
"strace" may also shed light on the reason for the failure.
--
Viktor.
More information about the openssl-dev
mailing list