Hi,
I am running an application on HPUX 11i.
The application fails in SSL_connect(). I tried to print the error message with
the following code snippet:
==================================
ret = SSL_connect(ssl)
if (ret != 1)
{
char *m_file, *m_data;
int m_line = 0 , m_flags = 0;
printf("error code is %d",SSL_get_error(conn->sock->ssl, ret));
printf("errno is %d",errno);
ERR_peek_error_line_data((const char**)(&m_file),
&m_line,
(const char**)(&m_data),
&m_flags);
printf("filename: %s\tline :%d\ndata: %s\nflags:
%d",m_file,m_line,m_data,m_flags);
printf("%s\n",ERR_reason_error_string(ERR_peek_error()));
}
==================================
The error code is 5 (SSL_ERROR_SYSCALL) and errno is 2 (ENOENT).
But the function ERR_peek_error_line_data() fails, and I dont get any filename
/ line number etc.
I used tusc on HPUX to trace the calls, and found that SSL_connect fails to
find a random number generator and hence errno is 2.
Here is the relevent part of the trace generated by tusc:
==================================
open("/tmp/cacert.pem", O_RDONLY|O_LARGEFILE, 0666)
........................................................... = 5
ioctl(5, TCGETA, 0x7a005278)
..................................................................................
ERR#25 ENOTTY
read(5, "- - - - - B E G I N C E R T I ".., 8192)
........................................................... = 1184
read(5, 0x4002a2c0, 8192)
.....................................................................................
= 0
getpid()
......................................................................................................
= 21419 (21418)
getpid()
......................................................................................................
= 21419 (21418)
getpid()
......................................................................................................
= 21419 (21418)
close(5)
......................................................................................................
= 0
send(4, "\0\0\006\0\f", 6, 0)
.................................................................................
= 6
time(NULL)
....................................................................................................
= 1190620890
getpid()
......................................................................................................
= 21419 (21418)
time(NULL)
....................................................................................................
= 1190620890
time(NULL)
....................................................................................................
= 1190620890
getpid()
......................................................................................................
= 21419 (21418)
getpid()
......................................................................................................
= 21419 (21418)
getpid()
......................................................................................................
= 21419 (21418)
open("/dev/urandom", O_RDONLY|O_NONBLOCK|O_NOCTTY, 0)
......................................................... ERR#2 ENOENT
open("/dev/random", O_RDONLY|O_NONBLOCK|O_NOCTTY, 040460)
..................................................... ERR#2 ENOENT
open("/dev/srandom", O_RDONLY|O_NONBLOCK|O_NOCTTY, 040460)
.................................................... ERR#2 ENOENT
socket(AF_UNIX, SOCK_STREAM, 0)
...............................................................................
= 5
connect(5, 0x7a004750, 19)
....................................................................................
ERR#2 ENOENT
close(5)
......................................................................................................
= 0
socket(AF_UNIX, SOCK_STREAM, 0)
...............................................................................
= 5
connect(5, 0x7a004750, 15)
....................................................................................
ERR#2 ENOENT
close(5)
......................................................................................................
= 0
==================================
So, is there a way to get this erro printed as part of error handling in the
code?
NOTE: I noticed that s_client throws an error "warning, not much extra random
data, consider using the -rand option". But that is done as part of explicit
erro handling for app_RAND_load_file() and RAND_status() calls. Can I get the
error as part of error reporting mechanism in openssl, when any SSL_* call
fails?
Also, which function should I use to make sure random number generator is
working properly. I want this to be portable, as the application will run on
many platforms including Windows.
Thanks,
~ Urjit
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the
property of Persistent Systems Pvt. Ltd. It is intended only for the use of the
individual or entity to which it is addressed. If you are not the intended
recipient, you are not authorized to read, retain, copy, print, distribute or
use this message. If you have received this communication in error, please
notify the sender and delete all copies of this message. Persistent Systems
Pvt. Ltd. does not accept any liability for virus infected mails.
