On 23/03/2021 15:02, Embedded Devel wrote:
IM inclined top think the code for the certs is ok, but can really say,
and im not an openssl programmer by any means... just need someone to
put eyes on the code and fix it really.
The cert looks ok - at least nothing obviously wrong. 2048 bit RSA key.
when i run the client - i get an error on the client side
Tue Mar 23 02:13:58 2021 user.err : ac_ssl_client_write(): Error
SSL_ERROR_SSL - return code: -1.
Tue Mar 23 02:13:58 2021 user.info : ac_send_init(): Error
It would be useful to see any errors on the OpenSSL error stack which
might provide more details about specifically what has failed. For
example you can call the `ERR_print_errors_fp` function to dump the
error stack to a `FILE *`. Or alternatively use the `ERR_*` functions
to examine the stack and print it to your log:
Yupp above my head.... :(
Ah. That's a shame - we could really use understanding the real error
behind this. "SSL_ERROR_SSL" just means "libssl encountered an error".
You have to modify your code to print more detailed error information
There doesn't look to be anything obviously wrong from the snippets of
code that you have shared. I suspect some kind of config issue - but
without more detailed error information its difficult to say for sure.
Would you be able to get a packet capture of a failing connection? That
might give us some kind of clue.
Do you know if your application is statically linked or dynamically
linked to OpenSSL?
and lastly if it helps
Unfortunately, not really. This appears to show a working TLSv1.3
connection.
Matt
