No response yet :-(
Please let me know if you guys need any more information in order to help me
understand what is going wrong here.
ERR_reason_error_string() and ERR_get_error() do not give me anything back.
----- Original Message -----
From: Urjit Gokhale
To: Urjit Gokhale ; openssl-users@openssl.org
Sent: Wednesday, October 03, 2007 8:27 PM
Subject: Re: How to get useful error messages?
Hello everyone,
I modified my code to add the following two lines after initializing the ssl
library with SSL_library_init():
-------
RAND_write_file("prngseed.dat");
RAND_load_file("prngseed.dat", -1);
-------
And this solved the problem on HPUX.
Now I am facing the same connectivity problem on AIX box. Note that the above
two lines are still there.
strace on the AIX box doesn't give any output at all.
I have no clue why the SSL_connect is failing.
It will be great if anyone could suggest a way to figure out what is going
wrong here.
~ Urjit
----- Original Message -----
From: Urjit Gokhale
To: openssl-users@openssl.org
Sent: Monday, September 24, 2007 1:48 PM
Subject: How to get useful error messages?
Hi,
I am running an application on HPUX 11i.
The application fails in SSL_connect(). I tried to print the error message
with the following code snippet:
==================================
ret = SSL_connect(ssl)
if (ret != 1)
{
char *m_file, *m_data;
int m_line = 0 , m_flags = 0;
printf("error code is %d",SSL_get_error(conn->sock->ssl, ret));
printf("errno is %d",errno);
ERR_peek_error_line_data((const char**)(&m_file),
&m_line,
(const char**)(&m_data),
&m_flags);
printf("filename: %s\tline :%d\ndata: %s\nflags:
%d",m_file,m_line,m_data,m_flags);
printf("%s\n",ERR_reason_error_string(ERR_peek_error()));
}
==================================
The error code is 5 (SSL_ERROR_SYSCALL) and errno is 2 (ENOENT).
But the function ERR_peek_error_line_data() fails, and I dont get any
filename / line number etc.
I used tusc on HPUX to trace the calls, and found that SSL_connect fails to
find a random number generator and hence errno is 2.
Here is the relevent part of the trace generated by tusc:
==================================
open("/tmp/cacert.pem", O_RDONLY|O_LARGEFILE, 0666)
........................................................... = 5
ioctl(5, TCGETA, 0x7a005278)
..................................................................................
ERR#25 ENOTTY
read(5, "- - - - - B E G I N C E R T I ".., 8192)
........................................................... = 1184
read(5, 0x4002a2c0, 8192)
.....................................................................................
= 0
getpid()
......................................................................................................
= 21419 (21418)
getpid()
......................................................................................................
= 21419 (21418)
getpid()
......................................................................................................
= 21419 (21418)
close(5)
......................................................................................................
= 0
send(4, "\0\0\006\0\f", 6, 0)
.................................................................................
= 6
time(NULL)
....................................................................................................
= 1190620890
getpid()
......................................................................................................
= 21419 (21418)
time(NULL)
....................................................................................................
= 1190620890
time(NULL)
....................................................................................................
= 1190620890
getpid()
......................................................................................................
= 21419 (21418)
getpid()
......................................................................................................
= 21419 (21418)
getpid()
......................................................................................................
= 21419 (21418)
open("/dev/urandom", O_RDONLY|O_NONBLOCK|O_NOCTTY, 0)
......................................................... ERR#2 ENOENT
open("/dev/random", O_RDONLY|O_NONBLOCK|O_NOCTTY, 040460)
..................................................... ERR#2 ENOENT
open("/dev/srandom", O_RDONLY|O_NONBLOCK|O_NOCTTY, 040460)
.................................................... ERR#2 ENOENT
socket(AF_UNIX, SOCK_STREAM, 0)
...............................................................................
= 5
connect(5, 0x7a004750, 19)
....................................................................................
ERR#2 ENOENT
close(5)
......................................................................................................
= 0
socket(AF_UNIX, SOCK_STREAM, 0)
...............................................................................
= 5
connect(5, 0x7a004750, 15)
....................................................................................
ERR#2 ENOENT
close(5)
......................................................................................................
= 0
==================================
So, is there a way to get this erro printed as part of error handling in
the code?
NOTE: I noticed that s_client throws an error "warning, not much extra
random data, consider using the -rand option". But that is done as part of
explicit erro handling for app_RAND_load_file() and RAND_status() calls. Can I
get the error as part of error reporting mechanism in openssl, when any SSL_*
call fails?
Also, which function should I use to make sure random number generator is
working properly. I want this to be portable, as the application will run on
many platforms including Windows.
Thanks,
~ Urjit
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the
property of Persistent Systems Pvt. Ltd. It is intended only for the use of the
individual or entity to which it is addressed. If you are not the intended
recipient, you are not authorized to read, retain, copy, print, distribute or
use this message. If you have received this communication in error, please
notify the sender and delete all copies of this message. Persistent Systems
Pvt. Ltd. does not accept any liability for virus infected mails.
