Re: non-blocking SSL_Accept.

Thu, 23 Aug 2001 09:21:51 -0700 


Lutz -- Thanks for your suggestion, it has allowed to get a little bit
further, but am still not sure what is going on.

Here is the information from the callback and my application.

Slot 0x80e7800: assigned to new connection from ip:port on fd 18
slot 0x80e7800: RCONN_SSL_ACCEPTING
slot 0x80e7800: SSL_accept:before/accept initialization
slot 0x80e7800: SSL_accept:SSLv3 read client hello A
slot 0x80e7800: SSL_accept:SSLv3 write server hello A
slot 0x80e7800: SSL_accept:SSLv3 write certificate A
slot 0x80e7800: SSL_accept:SSLv3 write key exchange A
slot 0x80e7800: SSL_accept:SSLv3 write server done A
slot 0x80e7800: SSL_accept:SSLv3 flush data
slot 0x80e7800: SSL_accept:error in SSLv3 read client certificate A
slot 0x80e7800: SSL_accept:error in SSLv3 read client certificate A
slot 0x80e7800: SSL_ACCEPT wants to read more
slot 0x80e7800: RCONN_SSL_ACCEPTING
slot 0x80e7800: SSL_accept:error in SSLv3 read client certificate A
slot 0x80e7800: SSL_ACCEPT wants to read more
slot 0x80e7800: RCONN_SSL_ACCEPTING
slot 0x80e7800: SSL_accept:error in SSLv3 read client certificate A
slot 0x80e7800: SSL_ACCEPT wants to read more
slot 0x80e7800: RCONN_SSL_ACCEPTING

Seem like the server is reading the hello, writing back all it's
information but then never hearing anything again.

Why would the server want to read the client certificate if we are not
doing client authentication?

Thanks for any insight.

-jr





On Wed, 22 Aug 2001, Lutz Jaenicke wrote:

> On Wed, Aug 22, 2001 at 06:52:33PM -0400, James A. Russo wrote: > I am
> working on an event driven (non-blocking) SSL proxy, but am >
> experiencing a problem with SSL_accept on some connections. > > The
> connection is accepted, and SSL_accept is called. It normally takes a
> > few calls to SSL_accept (with some returning WANT_*) in order for
> the SSL > connection to be established. This is fine. However,
> sometimes the > connection is never accepted and the SSL_Accept
> constantly returns > WANT_READ and doesn't go anywhere. > > Is there
> any way I can find out what stage/state the accept is in? I could >
> then use this information to better find out what is going on.
>
> Have a look into the "info_callback" part in openssl/apps/s_cb.c and s_server.c.
> I didn't find the time to write the manual pages, yet.

>
> You may also consider using www.rtfm.com/ssldump to assist you in tracking
> it down...
>
> Best regards,
>       Lutz
>

-- 
James A. Russo
Systems Engineer
Verio, Inc.
[EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to