SSL_connect() failing on SSL3_MT_NEWSESSION_TICKET on Raspberry Pi

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

 

We are in a process of porting our software to aarch64 (Raspberry Pi). One problem what we have is with openssl, it appears that our build of it always fails in SSL_connect(). I have debugged it a bit and it seems the problem appears in the function ossl_statem_client13_read_transition(), where after receiving SSL3_MT_SERVER_HELLO and SSL3_MT_ENCRYPTED_EXTENSIONS it receives SSL3_MT_NEWSESSION_TICKET, but there is no handling of  SSL3_MT_NEWSESSION_TICKET in ’ case TLS_ST_CR_ENCRYPTED_EXTENSIONS’ in statem_clnt.c around line 121.

 

I am no expert in SSL, so not sure where the problem might be, most probably we build the openssl somehow in the wrong way. We also have corporate firewall protected by ZScaler, but other tools like wget work fine with external URL-s, so it ought to be possible to get it working.

 

We build openssl like that:

    # EGD needed for libIce

    ./config -d no-shared enable-egd --prefix=$INSTALL_ROOT/$PROJECT

    # Hide the symbols to avoid that undesired .so-s will find them (there is a zoo of binary incompatible openssl versions out there).

    make CFLAGS="-g -O0 -fvisibility=hidden" CXXFLAGS="-g -O0 -fvisibility=hidden"

    make install

 

bin> ./openssl version

OpenSSL 3.1.0-dev  (Library: OpenSSL 3.1.0-dev )

 

The error (unexpected message) is visible also with the openssl command line. In our code SSL_connect() fails.

bin> ./openssl s_client www.google.com:443

Connecting to 172.217.169.36

CONNECTED(00000003)

4080C5B57F000000:error:0A0000F4:SSL routines:ossl_statem_client_read_transition:unexpected message:ssl/statem/statem_clnt.c:399:

---

no peer certificate available

---

No client certificate CA names sent

Server Temp Key: X25519, 253 bits

---

SSL handshake has read 4296 bytes and written 333 bytes

Verification: OK

---

New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384

This TLS version forbids renegotiation.

Compression: NONE

Expansion: NONE

No ALPN negotiated

Early data was not sent

Verify return code: 0 (ok)

---

 

Any advice appreciated

TIA

Paavo

 


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux