hi all,
More debug on server side suggests that the problem is with the packet that
is send to the ssl23_get_client_hello method
264 p=s->packet;
(gdb) n
266 memcpy(buf,p,n);
(gdb) print p
$6 = (unsigned char *) 0x4033bc00 "[Security]\n\370"
here p[x] doesnt have any numeric values , and so p doesnt match any of
the condition of ssl2 , ssl3 or tls1 , it returns unknown protocol.
Any thoughts ?
Thanks
Anil
On Wed, Jun 24, 2009 at 9:26 PM, Anil Tambe <tambe.a...@gmail.com> wrote:
> i guess in my case , server is not able to understand the client hello
> message ..
> any thoughts ? how do i debug it more ..
>
>
> On Thu, Jun 18, 2009 at 3:03 PM, Anil Tambe <tambe.a...@gmail.com> wrote:
>
>> Yes client is not able to connect and ssl23_get_client_hello is returning
>> -1 and so its going in
>> in s23_srvr.c .
>>
>>
>> 568 if ((type < 1) || (type > 3))
>> (gdb) n
>> 571
>> SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL);
>> (gdb) n
>> 572 goto err;
>>
>> The value of type is 0 . i.e which is set default ..
>>
>> i notice that the SSL passed to sl23_get_client_hello has value of packet
>> as 0.
>>
>> (gdb) print p
>> $10 = (unsigned char *) 0x403390b0 "[Security]\n\250"
>> (gdb) print *p[0]
>> $12 = 0
>> (gdb) print *p[1]
>> $13 = 0
>> (gdb) print *p[2]
>> $14 = 0
>> (gdb) print *p[3]
>> $15 = 0
>> (gdb) print *p[11]
>> $16 = 0
>>
>> Any suggestion what i should be looking at ..
>> Any suggestion how do i reproduce this with openssl sample , i.e s_client
>> and s_server ?
>>
>> Thanks
>> Anil
>>
>> On Thu, Jun 18, 2009 at 10:45 AM, David Schwartz <dav...@webmaster.com>wrote:
>>
>>>
>>> Anil Tambe wrote:
>>>
>>> > Getting the Below error :
>>>
>>> > error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
>>> > As of now i am not able to reproduce the issue in stand alone openssl,
>>> > this is coming from the parent application which is consuming openssl.
>>>
>>> What is the problem? Are clients unable to connect? Seeing this error in
>>> a
>>> log is perfectly normal and doesn't necessarily indicate any problem.
>>> This
>>> generally indicates a protocol mismatch on the two sides of a connection,
>>> which can occur very commonly on the Internet.
>>>
>>> For example, if someone types "http://www.example.com:4040/"; instead of
>>> "https://www.example.com:4040/"; one side will be speaking SSL and one
>>> side
>>> won't. Odds are the SSL-speaking side will find some SSL protocol
>>> violation,
>>> since the other side isn't speaking SSL at all.
>>>
>>> DS
>>>
>>>
>>> ______________________________________________________________________
>>> OpenSSL Project http://www.openssl.org
>>> User Support Mailing List openssl-users@openssl.org
>>> Automated List Manager majord...@openssl.org
>>>
>>
>>
>
