Re: Missing close_notify alert (was: Session reuse doesn't always work)

Wed, 3 Mar 1999 09:02:43 -0500 

"Ralf S. Engelschall" wrote:
> 
> Can you give me an URL of a Netscape server where I can look at the responses
> of such a beast in contrast to Apache+mod_ssl? Or at least show me the
> difference between a connect with ``s_client -state -debug'' to both the
> Apache+mod_ssl and the Netscape server.

I'm behind a firewall, so you can't connect. But here are the state
logs:

Netscape (3.5.1G):

SSL_connect:before SSL initalisation
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=1 /C=SE/O=RSV/OU=Test-CA-utv1/CN=002/SN=202100-0985
verify error:num=19:self signed certificate in certificate chain
verify return:0
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client certificate A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write certificate verify A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
SSL3 alert read:warning:close notify
SSL3 alert write:warning:close notify

Apache+mod_ssl

SSL_connect:before SSL initalisation
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=1 /C=SE/O=RSV/OU=Test-CA-utv1/CN=002/SN=202100-0985
verify error:num=19:self signed certificate in certificate chain
verify return:0
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client certificate A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write certificate verify A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
read:errno=0
SSL3 alert write:warning:close notify

> change
> 
>      SSL_set_shutdown(ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
> to
>      SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN);
> 
> and try again. Then the close notify should be really sent.
> Please give me feedback about your results...

I tried the change, but it didn't make a difference.

--
Mats Josefsson ([EMAIL PROTECTED])
RSV DataService
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl)   www.engelschall.com/sw/mod_ssl/
Official Support Mailing List               [EMAIL PROTECTED]
Automated List Manager                       [EMAIL PROTECTED]

Reply via email to