On 23/03/2022 18:08, Helde, Paavo wrote:
Great! That does suggest an unknown bug exists in master though...
If you can manage it would be useful for us if you tried the latest master version of
OpenSSL with the "no-asm" config option. My guess is new assembler code might
be the cause of thi
> Great! That does suggest an unknown bug exists in master though...
>
>If you can manage it would be useful for us if you tried the latest master
>version of OpenSSL with the "no-asm" config option. My guess is new assembler
>code might be the cause of this. If turning off assembler resolves the
On 23/03/2022 14:00, Helde, Paavo wrote:
- I notice that you are using the latest master version 3.1.0-dev. The master
branch is where all dev work goes on and consequently may be unstable. You
might be better off using the latest 3.0 stable version, i.e. 3.0.2
Thanks Matt, downgrading to
> Some things you could try:
> - Do you have an alternative compiler you could use? If its a compiler bug
> then swapping to a different compiler might resolve it
Compiler is regular gcc 10.2.1.
> - I notice that you are using the latest master version 3.1.0-dev. The master
> branch is where al
On 23/03/2022 12:39, Helde, Paavo via openssl-users wrote:
It would be interesting to see what output you get from s_client when you use the
"-trace" argument.
Also, is this TLSv1.3 specific? If you add the argument "-no_tls1_3" to
s_client does it start working?
Thanks for looking into th
3. märts 2022 13:55
To: Helde, Paavo ; openssl-users@openssl.org
Subject: [External] Re: SSL_connect() failing on SSL3_MT_NEWSESSION_TICKET on
Raspberry Pi
Use caution when opening links or attachments.
On 23/03/2022 07:39, Helde, Paavo via openssl-users wrote:
> Hi,
>
> We are in a
On 23/03/2022 07:39, Helde, Paavo via openssl-users wrote:
Hi,
We are in a process of porting our software to aarch64 (Raspberry Pi).
One problem what we have is with openssl, it appears that our build of
it always fails in SSL_connect(). I have debugged it a bit and it seems
the problem a
On 14/07/2021 13:31, Matt Caswell wrote:
>
>
> On 13/07/2021 19:44, Christian Schmidt wrote:
>> Hello all,
>>
>> I am currently trying to build both client and server of an application
>> that uses TLS 1.3 and mutual authentication using certificates. The
>> application works so far - I can estab
On 13/07/2021 19:44, Christian Schmidt wrote:
Hello all,
I am currently trying to build both client and server of an application
that uses TLS 1.3 and mutual authentication using certificates. The
application works so far - I can establish connections, certificates are
verified, data is succe
, Hari Sahaya ; openssl-users@openssl.org
Subject: Re: SSL_connect fails on systemd socket
On 29/01/2020 17:28, Tiwari, Hari Sahaya wrote:
> Yes, client is also on same version 1.0.2 In this case SSL
> handshake(SSL_connect & SSL_accept) is done through systemd socket/service,
> whi
: Tuesday, January 28, 2020 8:27 PM
> To: openssl-users@openssl.org
> Subject: Re: SSL_connect fails on systemd socket
>
>
>
> On 28/01/2020 14:03, Tiwari, Hari Sahaya wrote:
>> 140691172779952:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong
>> version number:s3_p
boun...@openssl.org] On Behalf Of
Matt Caswell
Sent: Tuesday, January 28, 2020 8:27 PM
To: openssl-users@openssl.org
Subject: Re: SSL_connect fails on systemd socket
On 28/01/2020 14:03, Tiwari, Hari Sahaya wrote:
> 140691172779952:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong
&g
On 28/01/2020 14:03, Tiwari, Hari Sahaya wrote:
> 140691172779952:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong
> version number:s3_pkt.c:365:
You don't say, but from the reference to s3_pkt.c above I assume you are
using OpenSSL 1.0.2
This error means that the server has received a record
Please ignore. Turned out another library I was linking against had a
function called MD5_Final and the linker was using this one instead of
OpenSSL's.
On 6/4/2014 4:12 PM, Brandon W Yuille wrote:
Hi,
I'm getting the following error when using SSL_Connect on a non-blocking
socket. I've incl
If SSL_get_error returns 5 after most SSL_* returns <=0, that is
SSL_ERROR_SYSCALL.
An error occurred on a socket I/O call. Look at errno on Unix or
[WSA]GetLastError() on Windows.
For Unix you can just use strerror() or perror() to get an explanation; for
Windows the MS CRT
doesn't know about
On Wed, Feb 26, 2014 at 04:52:11AM +, Afroz Jahan wrote:
> We could not able to trace out where exactly the problem is as
> SSL_connect() returned 0 with ErrorNo:5
> Error:error:0005:lib(0):func(0):DH lib
$ perl -le 'print $!=5;'
Input/output error
The problem is at the socket la
Dorin & others,
Has this got resolved? we have been experiencing exactly the same behaviour
in our Client Simulor.
any clue why we only see for first connect only?
however, we see varying blockage (from 3 to 40s) based on number of user
simulated. Does it depend on client simulator's memory uti
Hi Stephan,
I didn't handle properly fd_write and fd_read events after ssl_accept
returning WANT_READ or WANT_WRITE. So sometimes SSL handshake didn't
complete succesfully. I use plain socket descriptors with some WSA functions
for selecting events, instead of MFC-Windows AsyncSocket classes.
-
Hi Titonus,
would you care to share the solution? I am interested too.
Cheers,
Stephan
On Tue, Jun 11, 2013 at 12:07 PM, titonus wrote:
> Solved!
>
>
>
> --
> View this message in context:
> http://openssl.6102.n7.nabble.com/ssl-connect-fails-Windows-Non-blocking-tp45348p45480.html
> Sent fro
Solved!
--
View this message in context:
http://openssl.6102.n7.nabble.com/ssl-connect-fails-Windows-Non-blocking-tp45348p45480.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project
More info:
Client SSL log:
[SSL_connect:before/connect initialization]
[SSL_connect:SSLv2/v3 write client hello A]
[SSL_connect:Error en SSLv2/v3 read server hello A]
[SSL_connect:SSLv3 read server hello A]
[SSL_connect:SSLv3 read server certificate A]
[SSL_connect:SSLv3 read server key exchange A
>From: owner-openssl-us...@openssl.org On Behalf Of Derek Cole
>Sent: Sunday, 14 October, 2012 17:36
>I am trying to use SSL_connect. I have bound a socket to my interface,
>set up the context, and call SSL_connect(). This is returning a -1,
>which I catch, and call SSL_get_error() to fall throu
Nevermind.
I didn't realize that I did have the call in there for my socket connect()
(which was in another part of the code for non-ssl connections...it is
needed for both). I had though SSL_connect took care of that too.
On Sun, Oct 14, 2012 at 5:35 PM, Derek Cole wrote:
> Hello,
>
> I am try
> Since I wait until the SSL_connect() function succeeds I
> wanted to know if there is a better approach.
Yes, there is a better approach, for example the one mentioned
in the manual:
* http://www.openssl.org/docs/ssl/SSL_connect.html
> If the underlying BIO is non-blocking, SSL_connect() will a
Ohh .. ok. But I just want the SSL_connect to succeed because I want to
fetch the certificate of an HTTPS website. So after the success of
SSL_connect() function, I would call SSL_get_peer_certificate().
Since I wait until the SSL_connect() function succeeds I wanted to know if
there is a better ap
On Mon November 21 2011, Arjun SM wrote:
> Well yes, these are not errors. My bad for naming the variable as 'error'.
>
Not my point -
Your logic shows that you think the connection has failed when it has
simple not yet finished with its protocol.
Not finished because you didn't respond to the w
Well yes, these are not errors. My bad for naming the variable as 'error'.
~Arjun
On Thu, Nov 17, 2011 at 11:50 PM, Michael S. Zick wrote:
> On Thu November 17 2011, Arjun SM wrote:
> > Hi,
> > Thanks for the reply.
> > I have called the ssl_connect() function again after checking for
> > SS
On Thu November 17 2011, Arjun SM wrote:
> Hi,
> Thanks for the reply.
> I have called the ssl_connect() function again after checking for
> SSL_ERROR_WANT_READ
> and SSL_ERROR_WANT_WRITE. But I wanted to know if I can optimize my code.
> Below is my code
>
> int counter = 6;
> while (
Hi,
Thanks for the reply.
I have called the ssl_connect() function again after checking for
SSL_ERROR_WANT_READ
and SSL_ERROR_WANT_WRITE. But I wanted to know if I can optimize my code.
Below is my code
int counter = 6;
while (status < 0 && --counter >0 )
{
if(statu
Hi, Arjun,
For non-blocking case, you have to handle SSL_ERROR_WANT_READ and
SSL_ERROR_WANT_WRITE
In that case you need to redo *SSL_connect.*
*
*
Huaqing
On Tue, Nov 15, 2011 at 5:51 AM, Arjun SM wrote:
> Hi all,
>I am newbie to openssl any help is greatly appreciated.
>
> I have a requir
Thanks Steve,
Currently my test program does not setup the locking callbacks as well as the
thread ID callback. In general, should I must setup them in multi-threading
openssl application? If so, should the following two functions be used to setup
the locking callbacks and the thread ID callbac
On Tue, May 31, 2011, Yan, Bob wrote:
> Hi,
>
> I have an application which has more than 100 SSL client threads and each of
> those threads tried to connect to a SSL server simultaneously. Occasionally
> the application process got coredump on the call to ssl_connect(), please see
> the stack
On Sun, Mar 27, 2011, Yolanda Liu (liuyu) wrote:
> Hi:
>
> Our application crashed during startup when tried to connect to the
> remote server via libCurl which calls SSL_connect with the following
> error:
>
> fips.c(146): OpenSSL internal error, assertion failed: FATAL FIPS
> SELFTEST FAILURE
On 3/3/2011 6:50 AM, ikuzar wrote:
Hello,
I have got a SSL_ERROR_WANT_READ after a call to SSL_connect. I 'd like
to know what should I do exactly ?
Thanks
Retry the connect operation later, ideally after confirming that the
underlying socket is readable.
DS
___
This may be a stretch, but did you confirm the socket is within the
range of sockets your platform allows you to 'select' on? For example,
Linux by default doesn't permit you to 'select' on socket numbers 1,025
and up, though you can have more than 1,024 file descriptors in use
without a pro
On Wed, Nov 3, 2010 at 9:12 AM, David Schwartz wrote:
> On 11/2/2010 6:25 PM, Md Lazreg wrote:
>
>> r=select(m_sock_fd + 1, &fds, 0, 0, ptv);
>> if (r <= 0 && (Errno == EAGAIN || Errno == EINTR))/*if we timed
>> out with EAGAIN try again*/
>> {
>> r = 1;
>>
On 11/2/2010 6:25 PM, Md Lazreg wrote:
r=select(m_sock_fd + 1, &fds, 0, 0, ptv);
if (r <= 0 && (Errno == EAGAIN || Errno == EINTR))/*if we timed
out with EAGAIN try again*/
{
r = 1;
}
This code is broken. If 'select' returns zero, checking errno
> From: owner-openssl-us...@openssl.org On Behalf Of Sam Jantz
> Sent: Tuesday, 07 September, 2010 17:29
> Where are SSL_accept, and SSL_connect defined? Specifically
> for TLSv1, and SSLv3 connections. I found the definition
> in ssl_lib.c but then that calls s->meth
> From: owner-openssl-us...@openssl.org On Behalf Of Kyle Hamilton
> Sent: Friday, 18 September, 2009 15:07
> Once you receive SSL_ERROR_SSL, the next step is to use
> ERR_get_error(3ssl) to figure out what the specific SSL error was.
> Before you do this, you should call ERR_load_crypto_strings(3
Once you receive SSL_ERROR_SSL, the next step is to use
ERR_get_error(3ssl) to figure out what the specific SSL error was.
Before you do this, you should call ERR_load_crypto_strings(3ssl) and
SSL_load_error_strings(3ssl) so that you can get the full string; if
you don't, you'll get a hexadecimal c
Hi David and others,
I was gone attending a conference and could not reply earlier.
David, I believe I am following your advise. Trying to connect and
wait only when SSL tells me to do so.
So here is what I have been doing, followed by the code.
1) Open a socket and make it non-blocking.
2) Add
Rij:
> > If you get SSL_ERROR_WANT_READ, you need to epoll/select for
? > readability. If
> > you get SSL_ERROR_WANT_WRITE, you need to epoll/select for readability.
> I am assuming the above was a typo and you meant writeability for
> SSL_ERROR_WRITE.
Correct.
> Ok. That's interesting. I actu
> If you get SSL_ERROR_WANT_READ, you need to epoll/select for readability. If
> you get SSL_ERROR_WANT_WRITE, you need to epoll/select for readability.
>
I am assuming the above was a typo and you meant writeability for
SSL_ERROR_WRITE.
Ok. That's interesting. I actually followed the concept from
Rij wrote:
> I am using a non-blocking socket to connect to a server. I have the
> following code which works fine. The issue is that the while loop
> executes almost 3000 times! Is this expected? When I am waiting for
> select/epoll to return, I was expecting it to return only when the
> connect
The server must also be willing to support the same ciphersuite. In
this case, the server probably doesn't have the AES ciphers enabled.
(I hope that you only have TLS_RSA_WITH_NULL_SHA as a debugging aid,
or have evaluated the risk of information disclosure against the
security policy of your app
The SSL_set_cipher_list() call is in the wrong format. Please look at
the man page for 'ciphers(3ssl)'.
-Kyle H
On Wed, May 6, 2009 at 6:06 PM, Vivek Mathew -X (vivmathe - WIPRO at
Cisco) wrote:
> Hi David & OpenSSL-users,
>
> We did compile against the new header files.
>
> I checked this a li
Hi David & OpenSSL-users,
We did compile against the new header files.
I checked this a little more on the Server side. On the Server side, I
use IIS 6.0.
It looks like even before it hits my Server side code, Windows may be
cutting the TCP connection.
The Server has Windows Server 2003, Ente
Hi David & OpenSSL-users,
We did compile against the new header files.
I checked this a little more on the Server side. On the Server side, I
use IIS 6.0.
It looks like even before it hits my Server side code, Windows may be
cutting the TCP connection.
The Server has Windows Server 2003, Ente
On Wed, Apr 01, 2009, Mark Laubach wrote:
> Hi,
> I looked through the archives and didn't find a similar message.
>
> Issue: ssl_connect() now fails with error to same server when
> changing to 0.9.8j (or 0.9.8k) from any previous version.
>
> Server: Tomcast v6018, using self-signed, also trie
> Hi Srinivas,
> We compiled our code with the new version of lib files from
> openssl-0.9.8j version and replaced the new client dll's.
> Is any specific step has to be followed?
> Regards,
> Sweta
Did you compile against the new header files?
The client is saying the server cut the TCP conne
Sent: Friday, March 27, 2009 3:16 AM
To: openssl-users@openssl.org; openssl-users@openssl.org
Cc: Suresh Pallavur Hariharan -X (surharih - WIPRO at Cisco); Sweta
Singh -X (swesingh - WIPRO at Cisco)
Subject: Re: SSL_connect() fails after upgrade from OpenSSL 0.9.7d to
OpenSSL 0.9.8j
Hi Vivek.
If it is returning SSL_ERROR_SYSCALL, you need to examine the value of
errno, possibly with perror().
Basically, the library is returning this because the underlying OS has
signalled (via errno) that some system call has failed with an error
condition.
If you don't understand what could be causin
Hi Vivek.
How did u upgrade i would like to know the process like how did you uninstall the previous version and install new version. I am sorry fo you but i neded some inf on how to do this.
Sincerely,
srinivas J
-Original Message- From: "Vivek Mathew -X (vivmathe - WIPRO at Cisco)"
SSL_get_error() returns 1 and ERR_error_string( ERR_get_error() )
returns "error::lib(0):func(0):reason(0)".
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
I'm curious: what does SSL_get_last_error give? What stack does
ERR_get_error give?
-Kyle H
On Tue, Jul 29, 2008 at 11:36 AM, Alen Puzic <[EMAIL PROTECTED]> wrote:
> We are using dynamic linking - using dlopen to open the shared objects
> and then load the function symbols we are using. All the
We are using dynamic linking - using dlopen to open the shared objects
and then load the function symbols we are using. All the symbols load
correctly and I haven't seen any function calls causing any crashes
yet. I just get an SSL_connect() error on the client end which results
in error SSL_ERROR_
On Mon, Jul 28, 2008 at 09:39:04AM -0400, Kenneth Goldman wrote:
> In my experience, openssl releases routinely break compatibility.
> This occurs for letter as well as number changes.
>
> Compiling against the new version is not enough. You must
> link with the same version. Dynamic linking of
In my experience, openssl releases routinely break compatibility.
This occurs for letter as well as number changes.
Compiling against the new version is not enough. You must
link with the same version. Dynamic linking offers a
third possibility for inconsistency.
The symptom I typically see is
Prabhu S wrote:
>if(l_ssl_err_code == SSL_ERROR_WANT_READ || l_ssl_err_code ==
>SSL_ERROR_WANT_WRITE)
>{
>l_fds=select(sd+1, &filedes_set,NULL,NULL,
&l_connect_timeout);
Why are you 'select'ing for readability even if the library returns
'SSL_ERROR
Thanks. It worked. Now i am able to communicate with the server using https.
I have done changes like :
from:
#define SOAP_SSL_DEFAULT(SOAP_SSL_REQUIRE_SERVER_AUTHENTICATION
| SOAP_SSLv3_TLSv1)
to:
#define SOAP_SSL_DEFAULT SOAP_SSL_NO_AUTHENTICATION
in stdsoap2.h. Once we have the pro
Hello,
[EMAIL PROTECTED] wrote on 04/11/2008 12:20:12 PM:
> Thanks for the response. this was useful.
> Now I got the readable message as : *** error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>
> I have checked this & server certificate is expired. As this is
Thanks for the response. this was useful.
Now I got the readable message as : *** error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
I have checked this & server certificate is expired. As this is an internal
server for us, so as of now i want to ignore this error &
Hello,
[EMAIL PROTECTED] wrote on 04/11/2008 06:05:31 AM:
> Thanks for the reply. I really appreciate it ! I have tried initializing
the library,
> but still facing same problem.
> - Is there anyway to decode the error string "error:0001::lib(0)
:func(0) :reason
> (1)", to find out what is
Thanks for the reply. I really appreciate it ! I have tried initializing the
library, but still facing same problem.
- Is there anyway to decode the error string "error:0001::lib(0)
:func(0) :reason(1)", to find out what is actually going wrong ? means what
does reason(1) stands here for ?
- Is
Hello,
> I am facing some problem when trying to use a https service.
SSL_connect() is failing
> with error -1 (in stub code ...generated using gsoap ... code snippet
below), which
> means some fatal error occured at the protocol level or connection
failure occured.
> Further getting the SS
Hello,
> Thanks to the responses I was able to get openssl compiled in debug
> mode. Once I removed the optimization flag from the make file my
> compiler error went away. I've since traced through the code and it
> leaves me pretty much just as puzzled as before.
Without optimization library ma
Thanks to the responses I was able to get openssl compiled in debug mode.
Once I removed the optimization flag from the make file my compiler error
went away. I've since traced through the code and it leaves me pretty much
just as puzzled as before.
The function ssl3_client_hello in s3_clnt.c is
Hello,
> and now to switch to new gcc compiler you should only set:
> $ export PATH=/usr/local/gcc-4.1.1/bin
Should be:
$ export PATH=/usr/local/gcc-4.1.1/bin:$PATH
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
_
Hello,
> Thanks for the quick response. Unfortunately I run into a compilation
> error when trying to compile in debug mode (I had not compiled the
> libraries before as I obtained precompiled libraries). Unfortunately
> I am stuck on gcc 2.8.1 and can't install a new compiler and I'm
> afraid th
yuck.
ok in that case just try getting rid of the optimiser flags? worked for me.
that's all i can suggest...
Thanks for the quick response. Unfortunately I run into a
compilation error when trying to compile in debug mode (I had not
compiled the libraries before as I obtained precompiled
Thanks for the quick response. Unfortunately I run into a compilation error
when trying to compile in debug mode (I had not compiled the libraries
before as I obtained precompiled libraries). Unfortunately I am stuck on
gcc 2.8.1 and can't install a new compiler and I'm afraid that may prevent
me
this is exactly the symptom i got when the optimiser on my compiler
got a few things confused and SSL_connect() was thinking a simple
allocation had failed when it had in fact succeeded. i got round that
by building a library without the optimiser flags.
can you do a regular ./configure? if so
Original message
>Date: Fri, 30 Mar 2007 12:01:54 -0700
>From: "David Schwartz" <[EMAIL PROTECTED]>
>Subject: RE: SSL_connect and SSL_accept
>To:
>
>
>> So what you are saying is the scenario we have been discussing so far is
>> possibl
> So what you are saying is the scenario we have been discussing so far is
> possible ONLY in case of memory allocation issues NOT OTHERWISE.
> I guess I will have a look at the SSL_connect code before I just
> trust this
> :-)
I would still recommend coding to handle this case. Perhaps the next
I have spent quite some time with SSL_connect, and apart from tcp level
socket failures (transient/fatal) and SSL Handshake failures it cannot
return error, so ur case is NOT POSSIBLE unless the HOST has run out of
memory wherein Openssl_malloc itself fails. So I dont suppose you need to
worry ab
ure (timeout),
it would report failure to the client
~ Urjit
- Original Message -
From: "Gayathri Sundar" <[EMAIL PROTECTED]>
To:
Sent: Friday, March 30, 2007 9:25 AM
Subject: Re: SSL_connect and SSL_accept
I am quite clear with your problem and am not confused. The only point I
ha
r has a non blocking socket
it calls SSL_accept()
if succeeds, it would report success to the client
if failure (timeout), it would report failure to the client
~ Urjit
- Original Message -
From: "Gayathri Sundar" <[EMAIL PROTECTED]>
To:
Sent: Friday, March 30, 2007
Sundar" <[EMAIL PROTECTED]>
To:
Sent: Thursday, March 29, 2007 4:07 PM
Subject: Re: SSL_connect and SSL_accept
Urjit.,
1st of all theoritically your are 100% correct, after all SSL runs in the
SESSION layer, but it depends on the underlying transport connection, and
if that has pr
: "Gayathri Sundar" <[EMAIL PROTECTED]>
To:
Sent: Thursday, March 29, 2007 4:07 PM
Subject: Re: SSL_connect and SSL_accept
Urjit.,
1st of all theoritically your are 100% correct, after all SSL runs in the
SESSION layer, but it depends on the underlying transport connection,
Urjit Gokhale wrote:
> I believe you are confusing tcp/ip connection establishment and SSL session
> establishment.
>
... and you should also remember that a reliable transport is a
prerequisite for tls.
> The problem may occur when:
> 1) Server is waiting for first SSL handshake packet in SSL_a
with respect to the current thread. So I will
send a new post for that.
Thank you everyone for responding.
~ Urjit
- Original Message -
From: "Gayathri Sundar" <[EMAIL PROTECTED]>
To:
Sent: Thursday, March 29, 2007 1:02 PM
Subject: RE: SSL_connect and SSL_accept
Yes, I agr
send a
new post for that.
Thank you everyone for responding.
~ Urjit
- Original Message -
From: "Gayathri Sundar" <[EMAIL PROTECTED]>
To:
Sent: Thursday, March 29, 2007 1:02 PM
Subject: RE: SSL_connect and SSL_accept
Yes, I agree with you, but then why would the CLIENT g
Hi,
> > I am unable to think of a scenerio why ur case is possible
> unless some
> > serious network congestion has developed and pkts were
> lost..i dont see
> > how..but the experts might able to give u a better idea.
>
> You get a SYN, send a SYN ACK, other side sends an ACK, then the other
Yes, I agree with you, but then why would the CLIENT get an ERROR?
>2) The client calls SSL_connect(). The underlying socket is in blocking
>mode
>3) SSL_connect() returns error.
>4) The server does not notice this, and continues to wait in SSL_accept().
if SSL_connect indeed has returned with ER
> I am unable to think of a scenerio why ur case is possible unless some
> serious network congestion has developed and pkts were lost..i dont see
> how..but the experts might able to give u a better idea.
You get a SYN, send a SYN ACK, other side sends an ACK, then the other
side's Internet conn
>I am wondering if the following scenario possible:
>1) The server calls SSL_accept(). The underlying socket is in blocking mode
>2) The client calls SSL_connect(). The underlying socket is in blocking
>mode
>3) SSL_connect() returns error.
>4) The server does not notice this, and continues to wait
> > If the scenario mentioned above is possible, then the server
> > will be blocked in the SSL_accept() (until the underlying tcp
> > connection is broken) and hence wont be able to service other
> > clients' connection requests
>
> This is the Toyota Principle, "you asked for it, you got it." If
> If the scenario mentioned above is possible, then the server
> will be blocked in the SSL_accept() (until the underlying tcp
> connection is broken) and hence wont be able to service other
> clients' connection requests
This is the Toyota Principle, "you asked for it, you got it." If you don't
Hello,
> Recently I installed pure-ftpd with TLS support.
>
> However, when I try to connect I get an answer like:
>
> Fatal error: SSL_connect: error:0D0680A8:asn1 encoding
> routines:ASN1_CHECK_TLEN:wrong tag
>
>
> Does any one have an ideia what is this? Where can be the problem? How
> to so
-users@openssl.orgSent: Tuesday, 16 May, 2006 7:31:51 PMSubject: Re: SSL_connect ( ) hangs
On Tue, May 16, 2006 at 09:40:52AM +, Sendil kumar wrote:> I have a peculiar problem. When my SSL client (in blocking mode)> makes a connection with NonSSL server , the client hangs . I need the> client t
> I have a peculiar problem. When my SSL client (in blocking mode)
> makes a connection with NonSSL server , the client hangs . I need
> the client to terminate the connection with the server if the server
> is not ssl enabled one. I tried a lot of options but all failed .
> Please give any soluti
On Tue, May 16, 2006 at 09:40:52AM +, Sendil kumar wrote:
> I have a peculiar problem. When my SSL client (in blocking mode)
> makes a connection with NonSSL server , the client hangs . I need the
> client to terminate the connection with the server if the server is not
> ssl enabled one. I tr
On 5/5/06, Andrew Dennison <[EMAIL PROTECTED]> wrote:
The issue arises on the second connection attempt after having already
established a successful connection. What I am attempting to do is to
shutdown the SSL layer and perform a full handshake to re-establish a new
SSL connection without aff
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On
Behalf Of Andrew DennisonSent: Friday, May 05, 2006 7:23
PMTo: openssl-users@openssl.orgSubject: SSL_connect
returns 0, with no error
I
am currently experiencing an issue using SSL_connect() on a non-block
ilton
Sent: Tuesday, January 31, 2006 4:32 PM
To: openssl-users@openssl.org
Subject: Re: SSL_connect fails with SSL_ERROR_SSL
Okay. The question is:
You have a CA. Did you encode the "CA:true" attribute in it?
You created a server certificate signed by that CA. How?
You created a clien
ot using .PEM certificates, I am using what the keytool created,
> got the CSR signed.
>
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Samy Thiyagarajan
> Sent: Tuesday, January 31, 2006 4:03 PM
> To: openssl-users@openssl.org
>
PROTECTED]
[mailto:[EMAIL PROTECTED]On Behalf Of Samy
ThiyagarajanSent: Tuesday, January 31, 2006 4:03 PMTo:
openssl-users@openssl.orgSubject: Re: SSL_connect fails with
SSL_ERROR_SSLDear all,Using
openssl (openssl 0.9.7), I have set up a CA and this CA has issued 2certs
- one for clie
Dear all,
Using openssl (openssl 0.9.7), I have set up a CA and this CA has issued
2
certs - one for client and the other for the server. I have checked that
these certificates are ok.
I am attempting to write a SSL client-server program.
SSL Server:- Java. It has a keystore, which contain
Hi Seema,
> Thus, there seems to be a need for ssl_connect to timeout, in order to
> protect against such buggy servers. My query was:
>
> 1) Does ssl_connect have such an internal timeout mechanism
> after which the
> OpenSSL will give up on the connection attempt and return
> failure for the
t by: openssl-users@openssl.org
owner-openssl-use cc
[EMAIL PROTECTED]
Subject
1 - 100 of 121 matches
Mail list logo
