[asio] Unrecoverable errors upon connecting to a SSL server via a non-SSL client
I've been testing our server for robustness by attempting invalid connections to it. If the server is running without SSL and a client attempts to connect via SSL, then the connection is basically refused and everything is fine. However, if the server is SSL and the client attempts a non-SSL connection, problems start to appear. On the first attempt, everything *seems* to be fine. The client gets a connection closed message (end of file) and the server closes the connection because of a failed SSL handshake. On the 2nd attempt, things go really bad. Inside the server session constructor, the attempt to create a SSL context fails on use_certificate_chain_file(): typedef boost::asio::ssl::context Context; typedef boost::shared_ptr<Context> ContextPtr; sslContext = nw::Connection::ContextPtr( new nw::Connection::Context(ioservice, boost::asio::ssl::context::sslv23)); sslContext->set_options( boost::asio::ssl::context::default_workarounds | boost::asio::ssl::context::no_sslv2 | boost::asio::ssl::context::single_dh_use); sslContext->use_certificate_chain_file(chain); A boost::error is thrown with a code of 10022, "An invalid argument was supplied". It's basically happening in openssl_context_service.hpp: if (::SSL_CTX_use_certificate_chain_file(impl, filename.c_str()) != 1) { boost::asio::error e(boost::asio::error::invalid_argument); error_handler(e); return; } However, it's the exact same arguments I used previously that worked fine. Call Stack: kernel32.dll!7c81eb33() kernel32.dll!7c81eb33() msvcr71.dll!__crtExitProcess(int status=2089872920) Line 463 + 0x9 C 0012f6f4() ntdll.dll!7c91056d() msvcr71.dll!free(void * pBlock=0x0012f714) Line 103 C
NwEngineD.exe!boost::throw_exception<boost::asio::error>(const boost::asio::error & e={...}) Line 40 C++
NwEngineD.exe!boost::asio::detail::throw_error_t::operator()<boost::asio::er ror>() Line 49 + 0x9 C++ NwEngineD.exe!boost::asio::ssl::detail::openssl_context_service::use_certifi cate_chain_file<boost::asio::detail::throw_error_t>() Line 215 C++ NwEngineD.exe!boost::asio::ssl::context_service::use_certificate_chain_file< boost::asio::detail::throw_error_t>() Line 127 C++ NwEngineD.exe!boost::asio::ssl::basic_context<boost::asio::ssl::context_serv ice>::use_certificate_chain_file(const std::basic_string<char,std::char_traits<char>,std::allocator<char> > & filename={...}) Line 271 C++ Any help would be greatly appreciated. Thanks, Scott
You might also want to try to post your issue at the asio user list: asio-users@lists.sourceforge.net Christian On 11/2/06, Scott <cheesy4poofs@cox.net> wrote:
I've been testing our server for robustness by attempting invalid connections to it. If the server is running without SSL and a client attempts to connect via SSL, then the connection is basically refused and everything is fine.
However, if the server is SSL and the client attempts a non-SSL connection, problems start to appear. On the first attempt, everything *seems* to be fine. The client gets a connection closed message (end of file) and the server closes the connection because of a failed SSL handshake.
On the 2nd attempt, things go really bad. Inside the server session constructor, the attempt to create a SSL context fails on use_certificate_chain_file():
typedef boost::asio::ssl::context Context; typedef boost::shared_ptr<Context> ContextPtr; sslContext = nw::Connection::ContextPtr( new nw::Connection::Context(ioservice, boost::asio::ssl::context::sslv23)); sslContext->set_options( boost::asio::ssl::context::default_workarounds | boost::asio::ssl::context::no_sslv2 | boost::asio::ssl::context::single_dh_use); sslContext->use_certificate_chain_file(chain);
A boost::error is thrown with a code of 10022, "An invalid argument was supplied". It's basically happening in openssl_context_service.hpp:
if (::SSL_CTX_use_certificate_chain_file(impl, filename.c_str()) != 1) { boost::asio::error e(boost::asio::error::invalid_argument); error_handler(e); return; }
However, it's the exact same arguments I used previously that worked fine.
Call Stack:
kernel32.dll!7c81eb33() kernel32.dll!7c81eb33() msvcr71.dll!__crtExitProcess(int status=2089872920) Line 463 + 0x9 C 0012f6f4() ntdll.dll!7c91056d() msvcr71.dll!free(void * pBlock=0x0012f714) Line 103 C
NwEngineD.exe!boost::throw_exception<boost::asio::error>(const
boost::asio::error & e={...}) Line 40 C++
NwEngineD.exe!boost::asio::detail::throw_error_t::operator()<boost::asio::er ror>() Line 49 + 0x9 C++
NwEngineD.exe!boost::asio::ssl::detail::openssl_context_service::use_certifi cate_chain_file<boost::asio::detail::throw_error_t>() Line 215 C++
NwEngineD.exe!boost::asio::ssl::context_service::use_certificate_chain_file< boost::asio::detail::throw_error_t>() Line 127 C++
NwEngineD.exe!boost::asio::ssl::basic_context<boost::asio::ssl::context_serv ice>::use_certificate_chain_file(const std::basic_string<char,std::char_traits<char>,std::allocator<char> > & filename={...}) Line 271 C++
Any help would be greatly appreciated.
Thanks, Scott
_______________________________________________ Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
participants (2)
-
Christian Henning -
Scott