Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

SSL/TCP Sockets

by Trihedralguy (Pilgrim)
on Jun 13, 2009 at 13:47 UTC ( #771232=perlquestion: print w/ replies, xml ) Need Help??
Trihedralguy has asked for the wisdom of the Perl Monks concerning the following question:

Sorry this question isn't 100% perl, however I've found that generally the Monks are very wise when it comes to things like this and I really need help! I'm working on a project in which I need to open an SSL / TCP connection via port 7001 to a Windows machine from a Red Hat Linux box. Unfortunately this is the first time I've ever done anything with TCP, let alone working with SSL in a manner that is not HTTPS. I've been mostly trying to open a socket via perl modules (IO::Socket::SSL, etc), however I'm not against trying anything else. I'm not sure exactly where my problem is, I've tried to Telnet-SSL into the box, I receive a prompt and when I type any characters at all, the server instantly "hangs up". I've put a sniffer on the connection and it doesn't appear to be a firewall/network issue. Using the Perl modules, anytime I turn debug on, I get a lot of errors around the hand-shaking process, so much that I assume the connection is not being established at all with SSL.

What am I doing wrong here? Is there a way to start up an SSL conversation to see if at least I can get somewhere? Is there anyway I can prove that the other server is indeed trying to establish an SSL connection as I'm trying to establish a connection with it? or Perhaps I'm not using the right scripts to start the handshaking process?

Again sorry if this is in the wrong place, I'm really stumped, and I've always gotten so much valuable help from the people here, so I thought maybe I could get some assistance. If I can't get any answers here, does anyone have any suggestions towards other places I may get solutions from?

Thanks again for any bits of information anyone can provide!

Tri

Comment on SSL/TCP Sockets
Re: SSL/TCP Sockets
by Spudnuts (Pilgrim) on Jun 14, 2009 at 18:03 UTC
    Tri,

    I'd look into using some pre-built tools for the initial testing and then venture into writing my own SSL testing suite if there were different needs beyond what the pre-built tools handle.

    Give this site a glance and see if any of its suggestions are helpful: Testing SSL with Command Line Tools.

      Thanks Spudnuts for the reply!

      I ran that command that was on that page to test a connection and I got a similar answer to what I already suspected.


      trihedralguy@protego:~$ openssl s_client -connect 10.111.0.1:7001 -debug CONNECTED(00000003) write to 0x9211190 0x92117d0 (118 bytes => 118 (0x76)) 0000 - 80 74 01 03 01 00 4b 00-00 00 20 00 00 39 00 00 .t....K... ..9.. 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5............ 0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 05 00 ..3..2../....... 0030 - 00 04 01 00 80 00 00 15-00 00 12 00 00 09 06 00 ................ 0040 - 40 00 00 14 00 00 11 00-00 08 00 00 06 04 00 80 @............... 0050 - 00 00 03 02 00 80 8e f0-b9 c5 25 e5 0c 56 54 88 ..........%..VT. 0060 - aa fb c5 a9 4c a5 0a 6e-f7 db c1 85 6d 0a 70 af ....L..n....m.p. 0070 - f7 3c 7e 6f 7b 0e .<~o{. read from 0x9211190 0x9216d30 (7 bytes => 0 (0x0)) 3587:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188


      More poking around to do I think.
Re: SSL/TCP Sockets
by Trihedralguy (Pilgrim) on Jun 15, 2009 at 16:48 UTC
    Here is what I've gotten so far, by turning debug on with IO:Socket:SSL

    DEBUG: .../IO/Socket/SSL.pm:1436: new ctx 161730848 DEBUG: .../IO/Socket/SSL.pm:310: socket not yet connected DEBUG: .../IO/Socket/SSL.pm:312: socket connected DEBUG: .../IO/Socket/SSL.pm:325: ssl handshake not started DEBUG: .../IO/Socket/SSL.pm:368: Net::SSLeay::connect -> 0 DEBUG: .../IO/Socket/SSL.pm:416: connection failed - connect returned +0 DEBUG: .../IO/Socket/SSL.pm:1177: SSL connect attempt failed because o +f handshake problemserror:00000000:lib(0):func(0):reason(0) DEBUG: .../IO/Socket/SSL.pm:1471: free ctx 161730848 open=161730848 DEBUG: .../IO/Socket/SSL.pm:1479: OK free ctx 161730848 DEBUG: .../IO/Socket/SSL.pm:1177: SSL object already closederror:00000 +000:lib(0):func(0):reason(0) DEBUG: .../IO/Socket/SSL.pm:1177: IO::Socket::INET configuration faile +derror:00000000:lib(0):func(0):reason(0) Could not create socket: IO::Socket::INET configuration failederror:00 +000000:lib(0):func(0):reason(0) at ./proc_ssl.pl line 10.
      did you ever figure this out?
        I found the problem to be due to the openssl library in use. The "fix" was to switch from 1.0.1 back to 0.9.8. If you use 1.0.1 openssl command line to connect to a server you will receive the same error regarding handshaking failure.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://771232]
Approved by planetscape
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (6)
As of 2014-07-30 22:45 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (241 votes), past polls