Hi All,
Logs:
We have application that provide DTLS security for SCTP connections. During our testing we found that API "SSL_connect " fail and always returns SSL_ERROR_WANT_READ which causes infinite loop in the application.
Scenario:
1) On Server side "Client Certificate Request" is enabled by setting the SSL context as shown below
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
2) On client side we have not configured the public certificate.
Logs:
[10/14/0117 15:05:06] F42C2700 Link-2 (SSL_accept) Failed to accept new connection, Socket Id 65, Return Value 1
[10/14/0117 15:05:06] F42C2700 Link-2 SSL File : ssl/statem/statem_srvr.c , Line number : 2882 , Linux Error Code 0
[10/14/0117 15:05:06] F26B7700 Link-1 SSL_connect() fails to connect need to retry, returned error code 2 , retry ? true
[10/14/0117 15:05:06] F26B7700 Link-1 SSL_connect() fails to connect need to retry, returned error code 2 , retry ? true
[10/14/0117 15:05:06] F26B7700 Link-1 SSL_connect() fails to connect need to retry, returned error code 2 , retry ? true
<<< SSL_connect() always returns error code 2 that leeds to infinite loop in application >>>
Attaching PCAP file for your reference.
Thanks,
Mahesh G S
Attachment:
connect.pcap
Description: Binary data
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
