Hi,
I am using openssl (3.2) in an application.
Handshake works just fine but I get a very weird behavior when I receive a big certificate chain inside application data (TLS 1.3 but NOT using Post-Handshake Auth, this is some level-7 auth protocol on top of tls).
The openssl error I get is error:0308010C:digital envelope routines::unsupported
Which … seems to indicate that openssl is trying (and failing) to interpret the certificate chain…?
I really don’t understand what is going on.
I thought openssl would treat any application data sent using SSL_write following a completed handshake would be opaque for openssl – because why would it look inside and try to parse something?
Does anyone have an explanation or have encountered something similar?
Regards
Jochen
What library call are you getting that error in response to? If you believe that this is coming from some attempt to interpret application data (which you are correct, it shouldn't be, unless the application auth protocol is somehow getting aliased as a tls control message of some sort), then I would, after the handshake, clear the error stack, and check it after a call from SSL_read returns.
On Tue, Mar 26, 2024 at 1:38 PM Kreissl, Jochen <Jochen.Kreissl@xxxxxxxxxx> wrote:
