Were are occasionally seeing hangs when establishing an SSL connection
with OpenSSL 1.0.1i. This connection uses SRP and both the server and
the client sockets are in blocking mode (thus the hang).
Is there anything I can do to debug this problem?
Client side:
gdb) where
#0
On Mon, Sep 08, 2014 at 11:45:59AM -0700, Norm Green wrote:
Were are occasionally seeing hangs when establishing an SSL connection with
OpenSSL 1.0.1i. This connection uses SRP and both the server and the client
sockets are in blocking mode (thus the hang).
Is there anything I can do to
Thanks Victor. I don't have a handshake recording for these stacks.
The problem occurs intermittently. I've dumped the SSL state and method
objects for the server and client. Anything else you want to see while
the processes are still alive?
Norm
Here's the SSL state and method from the
On Mon, Sep 08, 2014 at 02:36:20PM -0700, Norm Green wrote:
Thanks Victor. I don't have a handshake recording for these stacks. The
problem occurs intermittently.
Any chance you can capture enough sessions to also nab one (full-size
packet capture) that ran into the problem?
I've dumped
On Mon, Sep 08, 2014 at 03:10:47PM -0700, Norm Green wrote:
I will try to capture traffic in the next run.
Looking at the commit history after 1.0.1i, I think
you want:
commit 30fbe92c78981a417718bcbf25d295d16c5b7ed9
Author: Dr. Stephen Henson st...@openssl.org
Date: Fri Aug 8 11:24:25 2014
Thanks Viktor. I did get some fixes (via this list) from Steve a while
back because SRP authenication was completely broken out of the box with
1.0.1i.However I don't know if all the changes in the commit you
mentioned have been merged. I will investigate further.
Norm
On 9/8/14 17:30,
On Mon, Sep 08, 2014 at 05:41:13PM -0700, Norm Green wrote:
Thanks Viktor. I did get some fixes (via this list) from Steve a while back
because SRP authenication was completely broken out of the box with 1.0.1i.
However I don't know if all the changes in the commit you mentioned have
been
This may indeed be the problem, but some of the changes in 1.0.2 do not
easily merge back to 1.0.1i. Specifically, this diff seems to have no
equivalent code to merge into in 1.0.1i.
We may need to consider reverting back to 1.0.1h until 1.0.2 is released.
--- a/ssl/s3_lib.c
+++