On 11/22/04 02:20 PM, Louis LeBlanc sat at the `puter and typed:
> Hey everyone. Been a long time since I've been able to spend much time
> on SSL code, but here I am again.
>
> My app is a client side HTTP/HTTPS application, and the problem that
> recently showed up (more likely it was just recently noticed) is a
> problem of sorts with SSL_read(). But only with some servers.
> Connections to other servers work just fine.
>
> Here's a snippet of the code giving problems:
>
> n = SSL_read(c->data, c->buf+c->bufend, len);
>
> if (n <= 0)
> { int sslerr = ERR_get_error();
> errcode = SSL_get_error(c->data, n);
> if (errno) eptr = strerror(errno);
> if (sslerr)
> { (void *)ERR_error_string(sslerr, errbuf); errptr = errbuf; }
> switch(errcode)
> {
> case SSL_ERROR_SYSCALL:
> /* Some kind of I/O error; */
> if (DebugSSL)
> {
> if (sslerr) /* SSL IO error? */
> { /* SSL_13013:I:Problem in SSL_read():%s: %s:%d */
> if (errptr && *errptr)
> ERROR(errmsgs[SSL_13013], errptr, __FILE__, __LINE__);
> else
> ERROR(errmsgs[SSL_13013], "SSL_ERROR_SYSCALL" ,
> __FILE__, __LINE__);
> }
> else if (eptr && *eptr) /* Some system error - check errno */
> ERROR(errmsgs[SSL_13013], eptr, __FILE__, __LINE__);
> else if (n == 0)
> ERROR(errmsgs[SSL_13013], "SSL_ERROR_SYSCALL/EOF" ,
> __FILE__, __LINE__); // XXXXXXX
> else
> ERROR(errmsgs[SSL_13013], "SSL_ERROR_SYSCALL/SOCKET" ,
> __FILE__, __LINE__);
> }
> sslsock_shutdown(c);
> return -1;
> break;
>
> . . . // leaving out unrelated error handling
>
> }
> }
>
> The error being logged is SSL_ERROR_SYSCALL/EOF - the section marked
> with "XXXXXXX". Far as I can tell, this really shouldn't happen. There
> appear to be no problems in the SSL_connect phase. This code snippet is
> from the first read after the connection is established - the first
> attempt to read the headers.
>
> My first assumption was that I must have mishandled the error condition
> somehow. I reread the manpages for SSL_read() and SSL_get_error(), and
> unless I'm interpreting these pages incorrectly, I have it right in the
> code above.
>
> Also, I should note that regular browsers have no problem conecting to
> the server, and my client app has no trouble connecting to other secure
> servers. The problem has been occurring with my app linked to OpenSSL
> 0.9.7a, but is easily reproduced with 0.9.7e.
>
> Here's the server string returned by the origin:
> Server: IBM_HTTP_SERVER/1.3.19 Apache/1.3.20 (Unix)
>
> Anyone have any ideas how best to debug this?
I guess there are no ideas out there. Not surprised. I've gone
through the online docs, the Rescorla book, and the O'Reilly book. No
idea, no mention of SSL_ERROR_SYSCALL, nothing. Nada.
I guess my last option is to parse the code. Still not sure that'll
tell me anything.
Once again, any and all relevant suggestions and ideas are welcome.
Lou
--
Louis LeBlanc [EMAIL PROTECTED]
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
http://www.keyslapper.org ԿԬ
QOTD:
Money isn't everything, but at least it keeps the kids in touch.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
