My initial analysis of this was very misleading. I have to apologize for that. The problem was that during the first part of the handshake (clienthello), the call failed without anything being written out. Tracing ssl23_client_hello() in s23_clnt.c showed that the following statement returned false and as a result -1 was returned as the error. if (RAND_pseudo_bytes(...) <=0) return -1;
And for any instances of error for which an internal OpenSSL ERR is not set, SSL_ERROR_SYSCALL is used, which is further misleading. I did a cursory search of anywhere that a call to RAND_pseudo_bytes can fail and there are tens of such instances for which OpenSSL ERR is not set. In fact, there's only one instance of a call to RANDerr which is inside md_rand.c. I guess this would be something for OpenSSL guys to ponder. Another strange thing is no matter how many times we ran the application, the call always failed on the same spot; the same call to RAND_pseudo_byes each time, not before or after. This was regardless of how many successful calls were made prior to. Jeff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
