Hi: Dug inside some of the freeRADIUS code. The function SSL_get_error() gets called which returns error code, if any. These error codes are defined within the openssl source code.
SSL_get_error() is described at: http://www.openssl.org/docs/ssl/SSL_get_error.html <openssl-root>/ssl/ssl.h defines these error codes. I get an Error code=2 which is SSL_ERROR_WANT_READ which means: The operation did not complete; the same TLS/SSL I/O function should be called again later. If, by then, the underlying BIO has data available for reading (if the result code is SSL_ERROR_WANT_READ) or allows writing data (SSL_ERROR_WANT_WRITE), then some TLS/SSL protocol progress will take place, i.e. at least part of an TLS/SSL record will be read or written. Note that the retry may again lead to a SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE condition. There is no fixed upper limit for the number of iterations that may be necessary until progress becomes visible at application protocol level. Caveat: Any TLS/SSL I/O function can lead to either of SSL_ERROR_WANT_READ and SSL_ERROR_WANT_WRITE. In particular, SSL_read() or SSL_peek() may want to write data and SSL_write() may want to read data. This is mainly because TLS/SSL handshakes may occur at any time during the protocol (initiated by either the client or the server); SSL_read(), SSL_peek(), and SSL_write() will handle any pending handshakes. Artur, any inputs on how you resolved the issue??? Thanks again, Nikhil. --- Artur Hecker <[EMAIL PROTECTED]> wrote: > > ah, that's a good one > > > Nikhil Chauhan wrote: > > > > I generated the certificates as per the HOWTO > > by Raymond MacKay. I get a SSL_read Error (Please > > see the attached radius server log). > > > > > TLS_accept:error in SSLv3 read client certificate > A > > rlm_eap_tls: SSL_read Error > > Error code is ..... 2 > > SSL Error ..... 2 > > modcall[authenticate]: module "eap" returns ok > > modcall: group authenticate returns ok > > you are talking about that one right? > > there is to say, i've been having this error ever > since (v0.5) and it > seems to work but i would indeed like to know what > it actually is... > > anybody an idea? some openssl expert? > > > ciao > artur __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
