On Sun, Jan 18, 2015 at 3:25 PM, Matt Caswell <matt at openssl.org> wrote:
>
>
> On 18/01/15 20:13, Jeffrey Walton wrote:
>> My bad... I think this is the code (from around line 500 in s3_both.c):
>>
>> /* s->init_num == 4 */
>> if ((mt >= 0) && (*p != mt))
>> {
>> al=SSL_AD_UNEXPECTED_MESSAGE;
>> SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
>> goto f_err;
>> }
>>
>> What would cause this error on a client?
>>
>
> The client has an internal state machine which tells it what message it
> should expect next from the server based on its current state. Only
> certain messages are legal at any one time. The variable mt holds the
> message type of the message it is expecting to receive. The variable p
> points into the message buffer for the message that it has actually
> received. If the message sent from the server doesn't match the one the
> client was expecting then you get this error.
Thanks Matt.
Have you guys (the devs) seen this failure in the field during
testing? If so, what's a typical configuration to cause it? Or what's
the offending server message?
The server is using OpenSSL 1.0.1e-fips 11 Feb 2013, Thu Nov 6
12:33:36 UTC 2014. The client is Android 5.0. Down level Android
versions are OK. s_client is OK.
Jeff
