0.2h. When we call SSL_do_handshake,
> > sometimes we notice that handshake fails with error SSL_ERROR_SSL.
> > As per the documentation for this error, it is non recoverable and
> fatal
> > error. Documentation also mentions to check the error queue for
&
All,
> >
> > We are using Openssl version 1.0.2h. When we call SSL_do_handshake,
> > sometimes we notice that handshake fails with error SSL_ERROR_SSL.
> > As per the documentation for this error, it is non recoverable and fatal
> > error. Documentation also
On 19/02/2020 05:16, Mahendra SP wrote:
> Hi All,
>
> We are using Openssl version 1.0.2h. When we call SSL_do_handshake,
> sometimes we notice that handshake fails with error SSL_ERROR_SSL.
> As per the documentation for this error, it is non recoverable and fatal
> err
Hi All,
We are using Openssl version 1.0.2h. When we call SSL_do_handshake,
sometimes we notice that handshake fails with error SSL_ERROR_SSL.
As per the documentation for this error, it is non recoverable and fatal
error. Documentation also mentions to check the error queue for further
details
Hi,
As far as I know, there is no point going again to the loop when we have
SSL_ERROR_SSL.
Suppose in case of SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE this would
have made sense.
Maybe there is a timeout or watchdog which stops it from consuming a lot of
time and closes the socket.
Since
perly.
The problem seems to be the handling of SSL_ERROR_SSL. The code currently
handles SSL_ERROR_SSL by checking the system errno, and returning to its I/O
loop (select(2)/SSL_read/SSL_write) if it is EAGAIN, EINTR, or 0. In this
case, errno is 0, so it keeps trying again indefinitely.
Ending
Hi all
What is the state of the SSL connection after SSL_ERROR_SYSCALL or
SSL_ERROR_SSL?
1) Is the secure session teared down? (I mean within the OpenSSL state machine)
2) If not, may a retry of SSL_write or SSL_read succeed w/o a re-handshake?
Regards
Alon
There's probably something wrong with your code, but from the
information you've presented it's difficult to be more precise. I don't
see what your question has to do with developing OpenSSL, so I've
dropped openssl-dev from the thread.
http://www.catb.org/~esr/faqs/smart-questions.html
_
Hi
i use the follow to write to ssl
int hb_inetSSLWrite( SSL* pSSL, int iSock,int iTimeout char * msg, int
length, int* iRet)
{
int ret;
int sslerr;
int r;
fd_set fd_r, fd_w;
struct timeval tv;
do
{
ret = SSL_write(pSSL, msg, length);
sslerr = SSL_get_error(pS
Hi,
I got some weird error. help needed urgent.
SSL_write() is returned with error "SSL3_WRITE_PENDING:bad write retry".
I have tried with flags "PARTIAL_WRITE" and "AUTO_RETRY" and "MOVING
BUFFER".
Still i am facing this problem. Any temporary workaround will also be
appreciated.
Thanks & Regar
sion.
>
> Best regards,
> Lutz
>
> - Forwarded message from sandeep.kuma...@wipro.com -
>
> Subject: SSL_write returned SSL_ERROR_SSL
> Date: Tue, 3 Nov 2009 19:25:03 +0530
> Thread-Topic: SSL_write returned SSL_ERROR_SSL
> Thread-Index: AcpcjT4Rk9sPCTZ0QEa
> From: owner-openssl-us...@openssl.org On Behalf Of Lutz Jaenicke
> Sent: Tuesday, 03 November, 2009 14:13
> - Forwarded message from sandeep.kuma...@wipro.com -
> Subject: SSL_write returned SSL_ERROR_SSL
> Date: Tue, 3 Nov 2009 19:25:03 +0530
> Thread-Topic:
Forwarding to openssl-users for public discussion.
Best regards,
Lutz
- Forwarded message from sandeep.kuma...@wipro.com -
Subject: SSL_write returned SSL_ERROR_SSL
Date: Tue, 3 Nov 2009 19:25:03 +0530
Thread-Topic: SSL_write returned SSL_ERROR_SSL
Thread-Index
> From: owner-openssl-us...@openssl.org On Behalf Of Kyle Hamilton
> Sent: Friday, 18 September, 2009 15:07
> Once you receive SSL_ERROR_SSL, the next step is to use
> ERR_get_error(3ssl) to figure out what the specific SSL error was.
> Before you do this, you should call ERR_load
Once you receive SSL_ERROR_SSL, the next step is to use
ERR_get_error(3ssl) to figure out what the specific SSL error was.
Before you do this, you should call ERR_load_crypto_strings(3ssl) and
SSL_load_error_strings(3ssl) so that you can get the full string; if
you don't, you'll get a h
Hi
I am using Linux provided SSL Library "OpenSSL 0.9.7a Feb 19 2003".
The problem is that SSL_Connect fails with error SSL_ERROR_SSL
I am not able to trace the possible reason for error.
Any help is valuable as I need to resolve the issue urgently.
Regards
Anuradha Gupta
Techni
Are you appropriately calling SSL_clear() after your connection is shut down?
-Kyle H
On Mon, Apr 27, 2009 at 3:08 PM, Dave Thompson
wrote:
>> From: owner-openssl-us...@openssl.org On Behalf Of Prokash Sinha
>> Sent: Friday, 24 April, 2009 16:45
>
>> I'm trying to understand wh
> From: owner-openssl-us...@openssl.org On Behalf Of Prokash Sinha
> Sent: Friday, 24 April, 2009 16:45
> I'm trying to understand why this following code is failing
> the second or third time... Is it a good way ( meaning first accept()
> without ssl, then do those association
Hi,
I'm trying to understand why this following code is failing the second or
third time... Is it a good way ( meaning first accept() without ssl, then do
those association, then SSL_Accept() )
<<< tls_socket is just a plain listner socket
sock = accept (tls_socket, (struct sockaddr *) &sa
David,
Thanks for your prompt reply, again.
David Schwartz wrote:
ERR_get_error() returned 67596407
ERR_error_string() returned error:04077077:rsa routines:RSA_verify:wrong
signature length
ERR_get_error() returned 218910726
ERR_error_string() returned error:0D0C5006:asn1 encoding
routines:ASN
> I'm seeing weird OpenSSL behaviour and I suspect it's a bug in
> the library.
It sounds like a typical protocol error.
> The problem is that SSL_write() sometimes returns SSL_ERROR_SSL with
> errno equal to EAGAIN.
This is your problem. You are confusing yours
David,
Thanks for the quick reply.
David Schwartz wrote:
* the underlying socket is blocking
It sounds like you're trying to get some kind of fake halfway-non-blocking
operation. This never works quite right. Either use blocking operations on
blocking sockets or non-blocking operations on no
> The problem is that SSL_write() sometimes returns SSL_ERROR_SSL with
> errno equal to EAGAIN. Calling SSL_write() again seems to solve the
> problem. I have the impression that SSL_write() should return
> SSL_ERROR_WANT_WRITE in this situation.
> * the underlying socket is bloc
Hi all,
I'm seeing weird OpenSSL behaviour and I suspect it's a bug in the library.
The problem is that SSL_write() sometimes returns SSL_ERROR_SSL with
errno equal to EAGAIN. Calling SSL_write() again seems to solve the
problem. I have the impression that SSL_write() sho
Hi,
I need help in
SSL_ERROR_SSL error ..
I got
"SSL_ERROR_SSL" often in SSL_write(), I don't know what causes this error and I
don't know how to reset or correct this condition. The docs I found
just said it's a "protocol error" and can anyone ela
ilton
Sent: Tuesday, January 31, 2006 4:32 PM
To: openssl-users@openssl.org
Subject: Re: SSL_connect fails with SSL_ERROR_SSL
Okay. The question is:
You have a CA. Did you encode the "CA:true" attribute in it?
You created a server certificate signed by that CA. How?
You created a clien
ot using .PEM certificates, I am using what the keytool created,
> got the CSR signed.
>
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Samy Thiyagarajan
> Sent: Tuesday, January 31, 2006 4:03 PM
> To: openssl-users@openssl.org
>
the cleint certificate, the private
key and the CA cert to the context.Please see the code
snippet. ... Initialization is successful, but the handshake fails. We first
create TCPsocket and then "connect" as shown below. Then, we call
SSL_connect, whichfails with SSL_ERROR_SSL
socket and then "connect" as shown below. Then, we call SSL_connect,
which
fails with SSL_ERROR_SSL. At this point, the Java server outputs
SSLException "No Trusted certificate".
>> If you want client authentication, you need
to explicitly state this at the server side(ie., you
TCP
socket and then "connect" as shown below. Then, we call SSL_connect, which
fails with SSL_ERROR_SSL. At this point, the Java server outputs
SSLException "No Trusted certificate".
sd = socket(AF_INET, SOCK_STREAM, 0);
int c = connect(sd, (struct sockaddr*) &
HI,
Recently we encounter SSL_ERROR_SSL error on client side. Our application code(initialization,
handshaking, read and write) is common for sslv2 and sslv3.
It happens when we turn on sslv3. But when we turn off sslv3 but using
sslv2, the problem goes away.
The following are the
errors
Client side
"SSL_ERROR_SSL
error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1
alert decrypt error"
Detail: SSL connect failed in tcp_connect()
Server side:
"SSL_ERROR_SSL
error:0D0890A1:lib(13):func(137):reason(161)error:140890B2:lib(20):func(137):reason(178)"
Detail:
ecial cases to my code
to handle the possible combinations but new ones keep
coming up. For example, what does it mean to get
SSL_ERROR_SSL with errno of 0 ? Is this the same as
shutdown, or retry?
I've looked at s_client and s_server and they seem to
generally handle these as a shutdown
socket_h_to, BIO_NOCLOSE);
> SSL_set_bio(ssl_h_to, sbio, sbio);
> int dummy = SSL_connect(ssl_h_to);
> if (dummy <= 0)
> {
> log(LOG_INFO, "do_http_request(): problem starting SSL connection
> %d", SSL_get_error(ssl_h_to, dummy));
&
{
log(LOG_INFO, "do_http_request(): problem starting SSL connection
%d", SSL_get_error(ssl_h_to, dummy));
}
dummy gets <= 0 and the logging tells me an error 1 (SSL_ERROR_SSL) occured
server:
--
socket_h_from = accept(...); // and fork
sbio = BI
eers!
Toby
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Lutz Jaenicke
> Sent: 07 March 2001 16:38
> To: [EMAIL PROTECTED]
> Subject: Re: SSL_ERROR_SSL generated in SSL_connect
>
>
> On Wed, Mar 07, 2001 at 02:32:08PM -, Toby S
On Wed, Mar 07, 2001 at 02:32:08PM -, Toby Shepheard wrote:
> //Is this ok? I'm using the generic SSLv3_method
> meth=SSLv3_method();
> ctx=SSL_CTX_new(meth);
>
> > * You are not reusing an old SSL object that was already used once and
> > not cleared with SSL_clear()?
>
> // The SSL objec
Comments inserted below.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Lutz Jaenicke
> Sent: 07 March 2001 12:32
> To: [EMAIL PROTECTED]
> Subject: Re: SSL_ERROR_SSL generated in SSL_connect
>
>
> On Wed, Mar 0
On Wed, Mar 07, 2001 at 11:19:28AM -, Toby Shepheard wrote:
> Small update:
>
> I got the proper error response working now (it was getting a bit late
> yesterday, my brain obviously wasn't in top gear!), and it is as follows:
>
> error:140840FF:SSL routines:SSL3_CONNECT:unknown state
>
> D
What could cause an unknown state?
Cheers,
Toby
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Toby Shepheard
> Sent: 06 March 2001 19:42
> To: [EMAIL PROTECTED]
> Subject: SSL_ERROR_SSL generated in SSL_connect
>
>
> Hi,
er, when I
compile as a .so and run it in the StoryServer environment, I hit a problem
with SSL_connect:
SSL_get_error(ssl, (SSL_connect(ssl))
always returns SSL_ERROR_SSL
The man pages suggest this may be a protocol error. I then called
ERR_print_errors(bio_err)
ERR_error_string(err, szDebug)
this
41 matches
Mail list logo
