On 2004.08.18, Bruno Mattarollo <[EMAIL PROTECTED]> wrote: > > I have been following quite closely the discussion about nsopenssl 3.0 > beta and AOLServer 4 and after several weeks of working with nsopenssl > 3.0 beta 18, AOLServer 4.0.5, OpenSSL 0.9.7d I saw this in the error > logs (when I put debug to "true" in my nsd.tcl) > > [18/Aug/2004:16:57:38][805.25187328][-conn:myserver::2] Debug: > Send(15): SSL_ERROR_SYSCALL (towrite = 0; total = 3607; rc = > -1) ... > > I am running Mac OS X 10.3.5. > > My nsd.tcl section for nsopenssl looks like: ... > ns_param CertFile server/server.crt > ns_param KeyFile server/server.pem
Do these two certificate files exist? In the server log at start-up, does it say it was able to load these okay? If it can't load them, the server will still start-up, so just because it started doesn't necessarily mean it's okay. I found this out the hard way: my certificate files were named "certificate.pem" and "key.pem" and not the names used in the config -- server started fine, but I'd get errors in the log when actually connecting a client. After some head-scratching, I discovered that the server wasn't loading my cert files due to naming difference, but it would happily start up. > ns_param CADir ca-client/dir > ns_param CAFile ca-client/ca-client.crt > ns_param Protocols "SSLv3, TLSv1" > ns_param CipherSuite > "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" > ns_param PeerVerify false > ns_param PeerVerifyDepth 3 > ns_param Trace false Yes, definitely add "SSLv2" to the "protocols" list. I wonder if the "All" keyword is still supported for that parameter ... > I will add the "SSLv2" as directed by Dossy in one of his previous > emails and will report back. Has anyone seen these particular errors > before? Is this possibly what needs to be looked into? Or should I just > shut up, upgrade to the latest nsopenssl beta and keep on working? If after adding the "SSLv2" and checking the server log to ensure your server.crt and server.pem files are being loaded okay by the server, you're still able to reproduce the problem ... then I suggest you upgrade to the nsopenssl CVS HEAD and AOLserver 4.0.7, and see if it's still reproducible. If it is, please let me know. I'll want to gather more information to see if I can reproduce it -- what browser/version are you using to connect and test with? -- Dossy -- Dossy Shiobara mail: [EMAIL PROTECTED] Panoptic Computer Network web: http://www.panoptic.com/ "He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on." (p. 70) -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
