hi nikhil
thanks for the info. so, this error is "normal" and can occur at any time. we should just retry, what freeradius apparently does since it works. for the resolution: nikhil, i didn't resolve it. i said "i have been having this error ever since", what in my mind means "the error occured before and keeps on occuring". "it works" meant, that it doesn't seem to disturb the process. ciao artur Nikhil Chauhan wrote: > > Hi: > > Dug inside some of the freeRADIUS code. The function > SSL_get_error() gets called which returns error code, > if any. These error codes are defined within the > openssl source code. > > SSL_get_error() is described at: > http://www.openssl.org/docs/ssl/SSL_get_error.html > > <openssl-root>/ssl/ssl.h defines these error codes. > I get an Error code=2 which is SSL_ERROR_WANT_READ > which means: > > The operation did not complete; the same TLS/SSL I/O > function should be called again later. If, by then, > the > underlying BIO has data available for reading > (if the result code is SSL_ERROR_WANT_READ) or allows > writing data (SSL_ERROR_WANT_WRITE), then some TLS/SSL > protocol progress will take place, i.e. at least part > of an TLS/SSL record will be read or written. Note > that > the retry may again lead to a SSL_ERROR_WANT_READ or > SSL_ERROR_WANT_WRITE condition. There is no fixed > upper > limit for the number of iterations that may be > necessary until progress becomes visible at > application > protocol level. > > Caveat: Any TLS/SSL I/O function can lead to either of > SSL_ERROR_WANT_READ and SSL_ERROR_WANT_WRITE. In > particular, SSL_read() or SSL_peek() may want to write > data and SSL_write() may want to read data. This is > mainly because TLS/SSL handshakes may occur at any > time > during the protocol (initiated by either the client or > the server); SSL_read(), SSL_peek(), and SSL_write() > will handle any pending handshakes. > > Artur, any inputs on how you resolved the issue??? > > Thanks again, > Nikhil. > > --- Artur Hecker <[EMAIL PROTECTED]> wrote: > > > > ah, that's a good one > > > > > > Nikhil Chauhan wrote: > > > > > > I generated the certificates as per the HOWTO > > > by Raymond MacKay. I get a SSL_read Error (Please > > > see the attached radius server log). > > > > > > > > > TLS_accept:error in SSLv3 read client certificate > > A > > > rlm_eap_tls: SSL_read Error > > > Error code is ..... 2 > > > SSL Error ..... 2 > > > modcall[authenticate]: module "eap" returns ok > > > modcall: group authenticate returns ok > > > > you are talking about that one right? > > > > there is to say, i've been having this error ever > > since (v0.5) and it > > seems to work but i would indeed like to know what > > it actually is... > > > > anybody an idea? some openssl expert? > > > > > > ciao > > artur > > __________________________________________________ > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now. > http://mailplus.yahoo.com > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Artur Hecker artur[at]hecker.info - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
