Hello,

I inherited the code for web-server like server that i need to maintain. It is setup that when you request a certain URL, the server will renegotiate and request a client certificate. They said it worked when they use OpenSSL 0.9.8, but we are seeing issues with 1.0.2l. When it does the renegotiation, the second SSL_handshake fails with "SSL_ERROR_SYSCALL" and ERR_get_error() returns 0. But if i reload the page, it gets the client certificate and everything works and every subsequent request for that URL works. But if i clear the cache and connect again, i get the same error.

Any help or pointers on how to further debug this would be greatly appreciated.

This is the relevant code:

SSL_set_verify(ssl, SSL_VERIFY_PEER |SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback);
ssl_data->reneg_state = RENEG_ALLOW;
r=SSL_renegotiate(ssl);

if (r<=0)
    { // return error }

r=SSL_do_handshake(ssl);
if (r<=0)
    { // return error }

ssl->state=SSL_ST_ACCEPT;
do {
    ERR_clear_error();
    r=SSL_do_handshake(ssl);  // this is where it fails
    if (r<=0) {
        e=SSL_get_error(ssl,r);
        int errR = ERR_get_error();
// printf("Error Level 1: e=%d r=%d errR=%d errno=%d\n",e,r,errR, errno);
    }
}
while ((r !=1) && ((e == SSL_ERROR_WANT_READ) || (e == SSL_ERROR_WANT_WRITE)));


thank you very much,

adamtg


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to