> From: owner-openssl-us...@openssl.org On Behalf Of manoj dhyani > Sent: Friday, 03 February, 2012 00:13
> I am using the following WSDL > https://nestlepreview.i-nexus.com/nestlepreview/webservices/v1/nexus.wsdl > and trying to get data using the operations from the WSDL, the > webservice client is written in C using Axis2/c 1.5 with openSSL enabled > openSSL version 0.0.8l corrected later to 0.9.8l also 1.0.0f > the certificated is verified and instead of getting a response > axis2c throws a timeout error > on debugging axis2/c > the SSL_read() call is failing with error SSL_ERROR_XERO_RETURN Do you mean *returning*? 0 returned from SSL_read() is NOT SSL_ERROR_ZERO_RETURN, only 0 from SSL_get_error() is. 0 from SSL_read() means more-or-less-normal end-of-data. (Like recv at the TCP level, or fread or read on a file.) Is this the first SSL_read(), or has Axis2/c already read some data and is trying for more? > The same WSDL if used in SoapUI works fine or with any other Java based clients > any idea how to debug this issue ? is this a server side problem > or client, if other client works I am not sure if it's server side > issue or network issue If other clients work, it's logical the error is likely in your client, although not absolutely certain -- there could be a problem elsewhere that your client (only) exposes. On the other hand, if the problem is in your client code (at WS level) and the underlying layers (Axis2/C and OpenSSL) are correct, I would expect/hope to see a SOAP-level error, not just end-of-data. You mention network; did you try other client(s) from your *same* machine, or at least your same network connection (&routing etc)? Most network problems would show up during the TCP connection or the SSL handshake, but possibly if the SOAP-level data here is large (and I didn't read through the WSDL to try to figure out) it might trigger an error, and an error at network level could do (forced) FIN and thus (abnormal) end-of-data at SSL level. You note later that you can't decrypt a Wireshark trace without the server privatekey. You can still see the lengths and timing of records; after adjusting for MAC and possibly padding (but on a default poke at the server I got RSA-RC4-SHA which doesn't pad) is your client sending data that's reasonable size for an HTTP header and SOAP body? And receiving similarly? Are you receiving an encrypted alert just before FIN? If so, even without decrypting you can guess it's *probably* "shutdown", which would mean either the server thinks it sent a complete/valid reply or it had some internal error, possibly provoked by your request somehow. And if there is any encrypted data received (that is, not encrypted handshake which is the Finished, nor encrypted alert) you should see it in Axis2/C's buffer(s) in the debugger. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
