Security Basics mailing list archives
Re: a problem about openssl lib:SSL_connect()
From: "berg" <zealberg () 163 com>
Date: Fri, 8 Sep 2006 09:10:25 +0800
I resolved this problem, use something named BIO. But I still do not know why SSL_connect() causes buf overflow.... the code below, use nonblock socket. int https_check(unsigned long dip, unsigned short dport, unsigned int timeout, char *url) { int status = -1; SSL *ssl = NULL; SSL_CTX *ctx = NULL; BIO *sbio = NULL; unsigned long ndip = htonl(dip); int ret; struct timeval tv; gettimeofday(&tv, NULL); tv.tv_sec += timeout; ERR_load_crypto_strings(); ERR_load_SSL_strings(); OpenSSL_add_all_algorithms(); ctx = SSL_CTX_new(SSLv23_client_method()); if (ctx == NULL) { dbg_mon_err("SSL_CTX_new"); goto RET; } sbio = BIO_new_ssl_connect(ctx); BIO_get_ssl(sbio, &ssl); if (ssl == NULL) { dbg_mon_err("SSL_new"); goto RET; } SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); BIO_set_conn_ip(sbio, &ndip); BIO_set_conn_int_port(sbio, &dport); BIO_set_nbio(sbio, 1); do { if (ck_timeout(&tv)) // own function, check if time out { dbg_mon_err("timeout"); // own debug function goto RET; } ret = BIO_do_connect(sbio); if (ret == 0) { dbg_mon_err("connect_failed"); goto RET; } else if (ret < 0 && !BIO_should_retry(sbio)) { dbg_mon_err("BIO_do_connect_retry"); goto RET; } usleep(10); }while (ret < 0); do { if (ck_timeout(&tv)) { dbg_mon_err("timeout"); goto RET; } ret = BIO_do_handshake(sbio); if (ret == 0) { dbg_mon_err("connect_failed"); goto RET; } else if (ret < 0 && !BIO_should_retry(sbio)) { dbg_mon_err("BIO_do_connect_retry"); goto RET; } usleep(10); } while (ret < 0); // own function, send and recv https packets, use BIO_read() and BIO_write() if ( (status=send_https_request(sbio, dip, url)) > 0) { status = recv_https_response(sbio, &tv); } RET: BIO_free_all(sbio); return status; } Best Regards Berg ----- Original Message ----- From: "berg" <zealberg () 163 com> To: <security-basics () securityfocus com> Sent: Thursday, September 07, 2006 4:33 PM Subject: a problem about openssl lib:SSL_connect()
Hello, everyone I met a problem while using the function SSL_connect(), it always returns -1, and output some chaotic characters to the console(It seems that memory overflow). And I did not capture the ssl handshake packets. Does anyone knows the reason, and how to use it? Thanks for any advise. My codes as follow: ............ int sd; int ret; SSL *ssl; SSL_CTX *ctx; // initial ssl library SSL_library_init(); SSL_load_error_strings(); // create ssl context ctx = SSL_CTX_new(SSLv23_client_method()); if (ctx == NULL) { return -1; } SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL); // create ssl ssl = SSL_new(ctx); if (ssl == NULL) { return -1; } // the function below returns a normal tcp connection socket description sd = create_https_socket(dip, dport); if (sd <= 0) { return -1; } ret = SSL_set_fd(ssl, sd); if (ret == 0) { close(sd); return -1; } RAND_poll(); while (RAND_status() == 0) { unsigned short rand_ret = rand() % 65536; RAND_seed(&rand_ret, sizeof(rand_ret)); } // error occur ret = SSL_connect(ssl); printf("ret=%d\n", ret); // the value of ret is -1 if( ret != 1 ) { close(sd); return -1; } ........... Best Regards Berg
Current thread:
- a problem about openssl lib:SSL_connect() berg (Sep 07)
- Re: a problem about openssl lib:SSL_connect() berg (Sep 08)