cURL / Mailing Lists / curl-library / Single Mail


Re:Re: Re: SSL read error: 5 - What could be the reson?

From: Daniel Stenberg <>
Date: Tue, 14 Jan 2003 17:32:16 +0100 (MET)

On Tue, 14 Jan 2003, Naren D wrote:

> Let's just say SSL support is not complete with Curl.

I've never assumed otherwise.

> I glanced through the source code and I found that there was no support for
> servers that intiate authentication for sending response.

Sorry, what exactly does this mean and what kind of change are you

> "A pitfall to avoid: Don't assume that SSL_read() will just read from the
> underlying transport or that SSL_write() will just write to it -- it is
> also possible that SSL_write() cannot do any useful work until there is
> data to read, or that SSL_read() cannot do anything until it is possible to
> send data. One reason for this is that the peer may request a new TLS/SSL
> handshake at any time during the protocol, requiring a bi-directional
> message exchange; both SSL_read() and SSL_write() will try to continue any
> pending handshake. "

And you're saying that this applies to how curl works?

> I guess the server I am trying to post the message to, is an exception they
> are referring to. My posted message reaches the server but I don't get the
> response.

And why is this?

> I didn't find the call "SSL_set_accept_state()" in the Curl source code.

"SSL_set_accept_state() sets ssl to work in server mode."

Right, I can't see how we need "server mode". Care to explain?

> So Curl doesn't seem to understand the request for a new TLS/SSL handshake
> before the secure server sends the response. Curl uses the same handle for
> both SSL read and SSL write calls.

And why is that bad?

> Where as Perl uses the same OpenSSL but their modules are coded to handle
> this situation. So I gave up on Curl and embedded perl interpreter in my
> C++ code.

... and? This is an open source project. It gets no better than we make it.
Sure, ducking from the problems is one way but it sure doesn't improve curl.

I'm listening to suggestions.

 Daniel Stenberg -- curl, cURL, Curl, CURL. Groks URLs.
This SF.NET email is sponsored by: FREE  SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your  SSL security issues.
Received on 2003-01-14