Re: API SSL_Connect fails and always returns SSL_ERROR_WANT_READ causes infinite loop in application

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Matt,

Thanks for the response,

I added a log as suggested by you. I don't see the call entering the above mentioned code block.

Logs on server side:

[10/15/0117 10:34:43]         803F1700 Link-2 (SSL_accept) Failed to accept new connection,  Socket Id 65, Return Value 1
[10/15/0117 10:34:43]         803F1700 Link-2 SSL File : ssl/statem/statem_srvr.c , Line number : 2882 , Linux Error Code 0

Logs on client side:

[10/15/0117 10:34:43]         7DDE1700 Link-1 SSL_connect() fails to connect need to retry, returned error code 2 , retry ? true
[10/15/0117 10:34:43]         7DDE1700 Link-1 SSL_connect() fails to connect need to retry, returned error code 2 , retry ? true
[10/15/0117 10:34:43]         7DDE1700 Link-1 SSL_connect() fails to connect need to retry, returned error code 2 , retry ? true
[10/15/0117 10:34:43]         7DDE1700 Link-1 SSL_connect() fails to connect need to retry, returned error code 2 , retry ? true
[10/15/0117 10:34:43]         7DDE1700 Link-1 SSL_connect() fails to connect need to retry, returned error code 2 , retry ? true
[10/15/0117 10:34:43]         7DDE1700 Link-1 SSL_connect() fails to connect need to retry, returned error code 2 , retry ? true


We observe from wireshark capture, client sending out the certificate with length = 0 (because we have not configured the public key on client side) and also server sends handshake failure "Alert" to client. Why does client respond with "Client key exchange" even if the the handshake failure alert is sent from server?

Openssl version used is 01.01.00g. I am also attaching the latest pcap file for your reference.


On Tue, Nov 14, 2017 at 4:35 PM, Matt Caswell <matt@xxxxxxxxxxx> wrote:


On 14/11/17 10:44, mahesh gs wrote:

> case SSL_ERROR_SYSCALL:
>
> if (EWOULDBLOCK == errno || EAGAIN == errno)
> {
>   /* Nothing to do, retry to connect again */
> }

This doesn't look right. If SSL_connect() fails due to an NBIO event
then you should get SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE back. If
you get SSL_ERROR_SYSCALL then something bad happened and you should not
retry. Could you add some logging here? I'm wondering whether you are
ending up here but missing it and looping around again.

Matt


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Attachment: 4.pcap
Description: Binary data

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux