From: Scott (cheesy4poofs_at_[hidden])
Date: 2006-11-02 11:07:14

• Next message: SourceForge.net: "[boost] [Boost-bugs] [ boost-Patches-1434821 ] rational::operator< fails for unsigned value types"
• Previous message: Jeff Garland: "Re: [boost] [thread] Roadmap for RW locks ?"
• Next in thread: Christian Henning: "Re: [boost] [asio] Unrecoverable errors upon connecting to a SSL server via a non-SSL client"
• Reply: Christian Henning: "Re: [boost] [asio] Unrecoverable errors upon connecting to a SSL server via a non-SSL client"

I've been testing our server for robustness by attempting invalid
connections to it. If the server is running without SSL and a client
attempts to connect via SSL, then the connection is basically refused and
everything is fine.

However, if the server is SSL and the client attempts a non-SSL connection,
problems start to appear. On the first attempt, everything *seems* to be
fine. The client gets a connection closed message (end of file) and the
server closes the connection because of a failed SSL handshake.

On the 2nd attempt, things go really bad. Inside the server session
constructor, the attempt to create a SSL context fails on
use_certificate_chain_file():

        typedef boost::asio::ssl::context Context;
        typedef boost::shared_ptr<Context> ContextPtr;
        sslContext = nw::Connection::ContextPtr(
                new nw::Connection::Context(ioservice,
boost::asio::ssl::context::sslv23));
        sslContext->set_options(
                        boost::asio::ssl::context::default_workarounds
                        | boost::asio::ssl::context::no_sslv2
                        | boost::asio::ssl::context::single_dh_use);
        sslContext->use_certificate_chain_file(chain);

A boost::error is thrown with a code of 10022, "An invalid argument was
supplied". It's basically happening in openssl_context_service.hpp:

    if (::SSL_CTX_use_certificate_chain_file(impl, filename.c_str()) != 1)
    {
      boost::asio::error e(boost::asio::error::invalid_argument);
      error_handler(e);
      return;
    }

However, it's the exact same arguments I used previously that worked fine.

Call Stack:

         kernel32.dll!7c81eb33()
         kernel32.dll!7c81eb33()
         msvcr71.dll!__crtExitProcess(int status=2089872920) Line 463 + 0x9
C
         0012f6f4()
         ntdll.dll!7c91056d()
         msvcr71.dll!free(void * pBlock=0x0012f714) Line 103 C
> NwEngineD.exe!boost::throw_exception<boost::asio::error>(const
boost::asio::error & e={...}) Line 40 C++
 
NwEngineD.exe!boost::asio::detail::throw_error_t::operator()<boost::asio::er
ror>() Line 49 + 0x9 C++
 
NwEngineD.exe!boost::asio::ssl::detail::openssl_context_service::use_certifi
cate_chain_file<boost::asio::detail::throw_error_t>() Line 215 C++
 
NwEngineD.exe!boost::asio::ssl::context_service::use_certificate_chain_file<
boost::asio::detail::throw_error_t>() Line 127 C++
 
NwEngineD.exe!boost::asio::ssl::basic_context<boost::asio::ssl::context_serv
ice>::use_certificate_chain_file(const
std::basic_string<char,std::char_traits<char>,std::allocator<char> > &
filename={...}) Line 271 C++

Any help would be greatly appreciated.

Thanks,
Scott

• Next message: SourceForge.net: "[boost] [Boost-bugs] [ boost-Patches-1434821 ] rational::operator< fails for unsigned value types"
• Previous message: Jeff Garland: "Re: [boost] [thread] Roadmap for RW locks ?"
• Next in thread: Christian Henning: "Re: [boost] [asio] Unrecoverable errors upon connecting to a SSL server via a non-SSL client"
• Reply: Christian Henning: "Re: [boost] [asio] Unrecoverable errors upon connecting to a SSL server via a non-SSL client"