Hi, I am testing my application with the 1.0.1 beta and noticed the errors generated are not very friendly when SRP credentials are incorrect. The problem is that the error codes returned in no way indicate that the problem is incorrect credentials. Instead I see errors about "bad record mac" (see below).
Everything works just fine when the correct credentials are used. What I need a way to discern if incorrect credentials were supplied, or there is some other error. As it stands now, I would have to assume that the credentials are wrong whenever SSL_connect() or SSL_accept() fail, which seems like a poor assumption. Is there some better way to determine that SRP authenication has failed? I'm still fairly new to SSL and SRP and am grateful for any and all help. Norm Green VMware, Inc. Here is the error I get on the client: SSL_connect() failed, rc=0. resultCode=1 (SSL_ERROR_SSL) 0xfffffd7fffdf83a0 0xfffffd7fffdf839c 0xfffffd7fffdf8390 0xfffffd7fffdf838c SSL call: ERR_get_error_line_data with args: result=336151548 SSL call: ERR_error_string_n with args: (nothing returned) Details: error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac s3_pkt.c at 1240 And on the server: SSL_accept() failed, rc=-1. resultCode=1 (SSL_ERROR_SSL) 0xfffffd7fffdf8b00 0xfffffd7fffdf8afc 0xfffffd7fffdf8af0 0xfffffd7fffdf8aec SSL call: ERR_get_error_line_data with args: result=336130329 SSL call: ERR_error_string_n with args: (nothing returned) Details: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac s3_pkt.c at 480 Setting a breakpoint with the debugger, here is where the error is set (I've omitted the higher stack frames from my application): Client: (dbx) where current thread: t@1 =>[1] ERR_put_error(lib = 20, func = 148, reason = 1020, file = 0xfffffd7ffe3dde80 "s3_pkt.c", line = 1240), line 730 in "err.c" [2] ssl3_read_bytes(s = 0x4a6f20, type = 22, buf = 0x4a7720 "^T", len = 4, peek = 0), line 1240 in "s3_pkt.c" [3] ssl3_get_message(s = 0x4a6f20, st1 = 4576, stn = 4577, mt = -1, max = 16384, ok = 0xfffffd7fffdf8288), line 450 in "s3_both.c" [4] ssl3_get_new_session_ticket(s = 0x4a6f20), line 2001 in "s3_clnt.c" [5] ssl3_connect(s = 0x4a6f20), line 545 in "s3_clnt.c" [6] SSL_connect(s = 0x4a6f20), line 947 in "ssl_lib.c" Server: current thread: t@1 =>[1] ERR_put_error(lib = 20, func = 143, reason = 281, file = 0xfffffd7ffd9dde80 "s3_pkt.c", line = 480), line 730 in "err.c" [2] ssl3_get_record(s = 0x44c910), line 480 in "s3_pkt.c" [3] ssl3_read_bytes(s = 0x44c910, type = 22, buf = 0x470270 "^P", len = 4, peek = 0), line 989 in "s3_pkt.c" [4] ssl3_get_message(s = 0x44c910, st1 = 8608, stn = 8609, mt = -1, max = 514, ok = 0xfffffd7fffdf8ae0), line 450 in "s3_both.c" [5] ssl3_get_cert_verify(s = 0x44c910), line 2904 in "s3_srvr.c" [6] ssl3_accept(s = 0x44c910), line 674 in "s3_srvr.c" [7] SSL_accept(s = 0x44c910), line 938 in "ssl_lib.c" ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
