Hi Nelson:
Thanks for your response.
I think my upgradation process is just fine. Otherwise my code would
have failed all the time. But I am able to perform the handshake
sometimes. I think that the problem is with some events getting
handled while my upgradation is in process. I'll come to this later.
For now, to answer your question, here's what I do.
1) I don't call the NSS_Init as mentioned in the documentation about SSL
as mozilla already initializes it.
2) First of all I configure the server session cache by calling
SSL_ConfigMPServerSIDCache.
3) I obtain the certificate (PK11_FindCertFromNickname) and the private
key (PK11_FindKeyByAnyCert).
4) Then I call SSL_ImportFD() to upgrade the socket.
5) After this I configure the socket to handshake as a server by calling
SSL_ConfigSecureServer.
6) Now I call SSL_ResetHandshake(socket, PR_TRUE).
All these functions execute successfully without any errors.
As per one of my previous emails, I am writing a HTTPS proxy. So when
it sees a connect request, it responds with "200 OK" and at this point
it proceeds to upgrade the socket to handle SSL. During my debugging I
found that sometimes I hit breakpoints set in
nsSocketInputStream::Read() function. The interesting part is this
happens while I am stepping through the above mentioned steps. That
means the read (or whatever the correcponsing events are) are taking
precedence over my upgradation code and hence my handshake fails. If
the nsSocketInputStream::Read() happens after upgrade is complete,
then the handshake happens correctly as then the socket is completely
configured. Now, I might be completely wrong here but this is the best
way I could explain my observations while debugging.
Please let me know if you need more information. Please suggest, if
possible, how I can arrive at a solution.
Thanks.
Best Regards,
Umesh.
> Umesh Bywar wrote:
>
>> I am having a problem in configuring a socket to do hand shake as
>> server. I
>> have a socket on which some communication has already taken place. When
>> I try
>> to upgrade the socket to SSL, the SSL_LOCK_READER(ss) in
>> SSL_ResetHandshake
>> throws an exception and everything is aborted.
>
> I gather that you mean: it crashes.
>
>> Basically, _PR_MD_LOCK(&lock->ilock) in prulock.c throws the exception.
>
> I'll bet lock is NULL.
>
>> Now, before I
>> proceed on upgrading the socket, I've written something to the client
>> and
>> client has sent its response, but I don't read it. I proceed to the
>> socket
>> upgradation instead.
>
> By what means do you attempt this "upgrade"?
> What functions do you call?
> Do you check them to see if they return a failure indication?
> Do you check the error code if they fail?
>
>> Is it what is causing the problem in locking the reader?
>> Any idea how to tackle this? Strangely enough, this doesn't happen all
>> the
>> time. Sometimes the SSL_ResetHandshake successfully upgrades the
>> socket.
>
> There are other steps that must be performed first. You cannot use
> SSL_ResetHandshake until you have converted the socket to an SSL socket.
> That is what I would call the "upgrade". How do you do that?
> What steps do you do?
> Note, I don't want to read code here. You can just give a short summary.
>
> /Nelson
>
> _______________________________________________
> dev-tech-crypto mailing list
> dev-tech-crypto@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-tech-crypto
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
