> I'm seeing weird OpenSSL behaviour and I suspect it's a bug in
> the library.
It sounds like a typical protocol error.
> The problem is that SSL_write() sometimes returns SSL_ERROR_SSL with
> errno equal to EAGAIN.
This is your problem. You are confusing yourself by checking 'errno'.
SSL_write does not set 'errno' to a useful value, so there is no reason to
check it.
> SSL_write() returned -1
<0 The write operation was not successful, because either an error
occurred or action must be taken by the calling process. Call
SSL_get_error() with the return value ret to find out the reason.
> SSL_get_error() returned 1
> // the above corresponds to SSL_ERROR_SSL ("A failure in the SSL library
> occurred, usually a protocol error. The OpenSSL error queue contains
> more information on the error.")
SSL_ERROR_SSL
A failure in the SSL library occurred, usually a protocol error.
The OpenSSL error queue contains more information on the error.
In other words, the error was not due to a system call as this would result
in SSL_ERROR_SYSCALL, so 'errno' isn't going to be useful.
> ERR_get_error() returned 67596407
> ERR_error_string() returned error:04077077:rsa routines:RSA_verify:wrong
> signature length
>
> ERR_get_error() returned 218910726
> ERR_error_string() returned error:0D0C5006:asn1 encoding
> routines:ASN1_item_verify:EVP lib
>
> ERR_get_error() returned 0
Well, there you go. The other side sent a signature with the wrong length.
> errno is 11 // which corresponds to EAGAIN
Nothing told you to consult 'errno'. If you check 'errno' when an error code
doesn't tell you to, it will contain random junk.
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
