On Tue, Sep 15, 2009, mclellan_d...@emc.com wrote: > hello OpenSSL community. We use OpenSSL 0.9.8d on many platforms, > including z/Linux 64-bit. We are using client certificate > authentication at the server. > > When any client that is NOT the same architecture -- i.e. NOT z/Linux > 64-bit -- the server complains during SSL_accept() processing the client > certificate with this error (gotten from ERR_error_string_n()): > > error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt > error] > > When the client and server are the same platform -- both z/Linux 64-bit > -- we do NOT see this error. > > The reverse is also true: When a z/linux 64-bit client connects to any > OTHER server platofmr we see the same error at the server. > > Has anyone seen this? Are we blazing new ground here? > > Thanks for any advice or pointers you have, whether or not you've seen > these conditions cause this difficulty. >
Sounds like a compiler bug or a bug in the OpenSSL bignum library triggered on that platform. Does OpenSSL pass "make test"? I'd suggest trying OpenSSL 0.9.8k or better still a recent snapshot and see if it still happens. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
