above of trying to achieve multiple SSL session in
persistent connection appropriate?
Why are clients closing the connections abruptly?
Thanks,
Prabhu. S
hundreds of unique SSL sessions successfully in persistent connection. It
is under stress of ~800 clients , that I run into issues.
Also, the bi-directional alerts do not happen always under high
stress..could this be the reason? a possible session data mix up?
Thanks,
Prabhu. S
On Thu, Feb 21
.
Thanks,
Prabhu. S
DS
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
stress. I
have not come across concurreny issues yet.
Thanks,
Prabhu. S
On Thu, Feb 21, 2008 at 2:15 PM, Jurko Gospodnetić
[EMAIL PROTECTED] wrote:
Hi Prabhu.
Have you checked that your're not running into any concurrency problems?
Best regards,
Jurko Gospodnetić
,
Prabhu. S
On Thu, Feb 21, 2008 at 7:07 PM, jimmy bahuleyan [EMAIL PROTECTED]
wrote:
Prabhu S wrote:
On 2/20/08, *David Schwartz* [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
But, the application code tries to clear out/shutdown existing
SSL session with orderly bi
Yes, Jurko. By callback functions I meant CRYPTO_set_locking_callback() and
CRYPTO_set_id_callback().
2008/2/21 Jurko Gospodnetić [EMAIL PROTECTED]:
Hi Prabhu.
For each client the SSL_CTX object is unique. And when the application
starts, callback functions are set for multi threaded
to communicate
like that.
Thanks,
Prabhu. S
On Thu, Feb 21, 2008 at 8:34 PM, jimmy bahuleyan [EMAIL PROTECTED]
wrote:
Prabhu S wrote:
Hi Jimmy,
I think some details of my system would explain better.
When the client connects to the server, the server opens another
connection to a host
threads ?
Thanks,
Prabhu. S
On Fri, Feb 22, 2008 at 3:32 AM, Saju Paul [EMAIL PROTECTED] wrote:
TCP Connection: (4 bytes)
SYN
SYN/ACK
ACK
TCP TearDown: (3 bytes)
FIN/ACK
ACK
7 bytes were considered overhead and optimized on a channel that needs an
SSL session.
seems hardly worth it...IMO
*
with*SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
*(or SSL_OP_ALL), data exchange with CBC ciphers are successful.
What is happening here? Can someone please explain the theory behind
*SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
*option?
Thanks,
Prabhu. S
?)
Is it due to calling methods like SSL_shutdown() in cases where
SSL_handshake process was terminated abruptly.
Thanks,
Prabhu. S
Hi,
Our OpenSSL bases client application is used to test a SSL gateway which is
using a third-party commercial SSL stack. In the field it is observed that
with one particular SSL client device our server does not process the
application data if the data is received in two SSL records in one TPS
Hi,
I have a SSL server application in which the certificate file is rsa.der
and key file rsakey.dat.
What is the *.dat format? How does it differ from pem and der formats?
How do we generate one with OpenSSL?
Thanks Regards,
Prabhu
Hi,
The certificate was purchased.I am trying to import OpenSSL certificates
into the server application which runs on vxworks OS. Is there a specific
way to generate a dat format key file or just renaming a pem or der key file
to *.dat would help?
Thanks and Regards,
Prabhu
On 3/29/07,
]' failed
Please advise.
Thanks and Regards,
Prabhu. S
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
Hi David,
Thanks. By providing the OPENSSL_THREADS option in the Makefile and
compiling as solved the problem.
Regards,
Prabhu. S
On 5/5/07, David Schwartz [EMAIL PROTECTED] wrote:
Hi ,
In my SSL enabled client application , about 100 threads are spawned
and connection with a server
?)
Any idea why while the function SSL_CTX_use_certificate_chain_file () is
being called there is a crash. All threads would be calling the function.
The crash is intermittent. Most of the times there are no issues.
Thanks and Regards,
Prabhu. S
Hi Vishal,
If the error is in SSL_connect(), try analysing the return value of the
method by using the SSL_get_error(). It provides insight to the failures in
handshake.
Regards,
Prabhu. S
On 6/15/07, Vishal V [EMAIL PROTECTED] wrote:
Dear Zack,
Thanks for your inputs but I think
Vishal,
The client needs to have the appropriate CA certificate to verify the server
certificate.
Load the CA cert to the context object using
SSL_CTX_load_verify_locations() .
Regards,
Prabhu. S
On 6/15/07, Lutz Jaenicke [EMAIL PROTECTED] wrote:
Vishal V wrote:
Dear Lutz,
Thanks once
immediately crashes with failed handshakes.
The way the client handles cleanup is same for both the cases.
Simultaneous connections are achieved by creating threads , one thread for
every connections.
But the CTX and SSL objects are all different for each threads.
Regards,
Prabhu. S
:169
#9 0x403b06ac in SSL_connect (s=0x63e384c8) at ssl_lib.c:850
Does it indicate a OpenSSL problem?..I have dug the application code and so
far appears it appears to be clean.
Thanks,
Prabhu. S
On 7/25/07, Dr. Stephen Henson [EMAIL PROTECTED] wrote:
On Wed, Jul 25, 2007, Prabhu S wrote:
Hi
(str=0x9dc98360) at mem.c:378
#7 0x405e84f5 in ERR_clear_error () at err.c:722
#8 0x403999ad in ssl3_connect (s=0xa0d6aa58) at s3_clnt.c:169
#9 0x403b06ac in SSL_connect (s=0xa0d6aa58) at ssl_lib.c:850
About 600 threads keep connecting to server in a cyclic manner.
Thanks,
Prabhu. S
On 7/27/07
not to have leak. Its a thin client without
much heap allocation. Should BIO_free needs to be called after every
connection? I suppose SSL_free() takes care, isn't?
Thanks,
Prabhu. S
into problem
in stress test.
Any suggestions?
Regards,
Prabhu. S
was reused?
ThanksRegards,
Prabhu. S
On 8/16/07, Prabhu S [EMAIL PROTECTED] wrote:
Hi,
I obtain the following error leak summary with Valgrind for a single SSL
connect with the server
==20626== 3,689 (200 direct, 3,489 indirect) bytes in 1 blocks are
definitely lost in loss record 134 of 147
Got it;
int SSL_session_reused(SSL *ssl); helps in finding if the session was
being reused.
Thanks,
Prabhu. S
On 8/19/07, Prabhu S [EMAIL PROTECTED] wrote:
Hi,
I tried with minimal client code to check if there is a similar leak.
There wasn't.
In my application code , I had
SSL_CTX* object. All object will be using the same set of
certificates from one common location. However I see that almost every time
some threads report SSL_CTX_use_certificate_chain_file() returning zero.
Have anyone come across such behaviour.
Any suggestions?
Thanks,
Prabhu. S
;
SSL_CTX_free(ctx);
}
The error string thats shown is :
Error String - error::lib(0):func(0):reason(0)
Thanks,
Prabhu. S
On 8/30/07, Marek Marcola [EMAIL PROTECTED] wrote:
Hello,
I am trying to use SSL_CTX_use_certificate_chain_file to load a
chained certificate
to the same case can be found at
http://www.mail-archive.com/[EMAIL PROTECTED]/msg21031.html.
I use the linux kernel 2.6
Is using pthread_self() OK. Or is there any better way which would yeild
correct thread IDs in
CRYPTO_thread_id()?
Regards,
Prabhu. S
On 8/1/07, Prabhu S [EMAIL PROTECTED] wrote
?..The segmentation fault occurs
for greater no of clients only 900.
Please suggest.
Thanks,
Prabhu . S
.
How do we use CRYPTO_set_idptr_callback()? OpenSSL document reads - There
is still the issue of platforms where pthread_self() returns something other
than an integer. It is for cases like this that
CRYPTO_set_idptr_callback() comes
in handy
Regards,
Prabhu. S
Hi Gayathri,
I couldn't entirely grasp what you had mentioned. l didn't find sha1 in
lsmod command output.
If you could describe briefly the issue you had experienced that would be
very much helpful.
Thanks Regards,
Prabhu. S
On 10/15/07, Gayathri S [EMAIL PROTECTED] wrote:
Hi Prabhu,
Can
capability.
One thread for each client made sense in that case.
And the stack size is set to 1 MB.
pthread_attr_setstacksize(attr, 1024*1000)
I should check if setting this less would have any other impact.
Thanks Regards,
Prabhu. S
On 10/15/07, David Schwartz [EMAIL PROTECTED] wrote
,
Prabhu. S
On 10/17/07, David Schwartz [EMAIL PROTECTED] wrote:
This is really one of those don't do that then things.
Thread-per-connection is well-known to break down at about 750
connections.
Just curious at how the number 750 was calculated or deduced. And
is this a linux-specific
dumped.
Regards,
Prabhu. S
On 10/18/07, Gayathri S [EMAIL PROTECTED] wrote:
The stack trace showing a null sha1 transform kindof caught my attention
here, I wouldnt go by the the GDB call trace coz its obviously a memory
leak and the gdb stack could have been corrupted, many a times I see
) at ssl_lib.c:850
On 10/18/07, Prabhu S [EMAIL PROTECTED] wrote:
David,
The OpenSSL version that I use is openssl-0.9.8e. Your guess about methods
being called is right. It appears to be stack corruption.
Gayathri,
I don't suspect the gdb. I checked the CTX status in HASH_INIT (SHA_CTX
*c
.
}
c-h0=INIT_DATA_h0;
c-h1=INIT_DATA_h1;
c-h2=INIT_DATA_h2;
c-h3=INIT_DATA_h3;
c-h4=INIT_DATA_h4;
c-Nl=0;
c-Nh=0;
c-num=0;
return 1;
}
Thanks,
Prabhu. S
On 10/18/07, Prabhu S [EMAIL PROTECTED] wrote:
At times The following traces as well are obtained
is not observed.And if there is no
timeouts during the
data exchange there are no issues as well.
Any comments?
Regards,
Prabhu. S
the application I set : ulimit -s unlimited. And while
creating the thread, I set the stack size as : .
pthread_attr_setstacksize(attr, 1024*1536);
Is synchronization or memory constraints the issue here that OPENSSL_malloc
returns NULL when 1000 threads are active?
Thanks,
Prabhu. S
On Oct 20, 2007 12
the extensions in the validity period.
Thanks,
Prabhu. S
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
Hi,
Do SSL_library_init() .
Prabhu. S
On 1/23/08, gopinath ethiraja [EMAIL PROTECTED] wrote:
I tried to establish client server connection . but when i tried to
set up the ssl context using SSL_CTX_new(SSLv23_client_method())
method this returns only null.can anyone please help how
I have an SSL server, which has, suddenly stopped processing client
requests.
I see the following error.
>> SSL_GET_NEW_SESSION:ssl session id callback failed.
Exactly after 15 seconds of calling SSL_accept, the error is seen. The
socket is non-blocking. The application was running fine for
41 matches
Mail list logo
