Re: Header size, again... Programmers nightmare

Mon, 09 Oct 2000 11:50:45 -0700 

On Mon, Oct 09, 2000 at 03:53:43PM +0200, Carsten Rhod Gregersen wrote:
> Hi,
> 
> Formerly I posted a report concerning connection test with
> client authorisation against a IBM payment gateway.
> 
> You requested that I tried with the openssl program again
> but with debug turned on.
> 
> I've done that and now I'm experiencing every programmers
> nightmare, with -debug it works, without -debug it doesn't.....
> 
> IBM still tell me that the connection is dropped because the
> header size don't match the packets. This of course could
> also be a IBM ssl-stack problem, but they deny that..
> (off course)
> 
> The test work both way's with verisign's test certificates,
> but not with a TDK certifikate (Danish certifier).
> 
> Can anybody give me some help to debug without -debug ???
> Especially I've tried to look at the code and find some way
> to print out some info that matches the things IBM tells me
> (size's of headers and so on).
> 
> 
> 
> Here's a session that fails. I also have the session as a solaris
> "snoop" file. But I think that this info is quite too big to send in this
> mail ????:
> 
> verify depth is 1
> CONNECTED(00000003)
> SSL_connect:before/connect initialization
> SSL_connect:SSLv3 write client hello A
> SSL_connect:SSLv3 read server hello A
> depth=1 /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification
> Authority
> verify return:1
> depth=0 /C=DK/ST=Denmark/L=Ballerup/O=PBS Finans A/S/OU=Card
> Processing/CN=systisogw.pbs.dk
> verify return:1
> SSL_connect:SSLv3 read server certificate A
> SSL_connect:SSLv3 read server certificate request A
> SSL_connect:SSLv3 read server done A
> SSL_connect:SSLv3 write client certificate A
> SSL_connect:SSLv3 write client key exchange A
> SSL_connect:SSLv3 write certificate verify A
> SSL_connect:SSLv3 write change cipher spec A
> SSL_connect:SSLv3 write finished A
> SSL_connect:SSLv3 flush data
                    ^^^^^^^^^^
> SSL_connect:failed in SSLv3 read finished A
> 28822:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
> failure:s3_pkt.c:448:

I would look at the 'flush data', there is a good chance that it works
differently when debugging is on (ie buffering turned off).

Bye
Richard

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to