Thanks for your response Dave. With -state and -msg enabled, it seems to be hanging after SSL_accept:SSLv3 flush data. When I abort the client at this point (as it will retry forever with no success), I get: failed in SSLv3 read client certificate A.
Given the stupefying nature of this problem, I'm fairly certain it has something to do with our multithreading, but if you have any additional suggestion I'd certainly appreciate it. Dan On Fri, Apr 10, 2009 at 5:11 PM, Dave Thompson < dave.thomp...@princetonpayments.com> wrote: > > From: owner-openssl-us...@openssl.org On Behalf Of Dan Maartens > > Sent: Friday, 10 April, 2009 18:39 > > > This is on SuSE 10.3. The socket is non-blocking, for the only > reason > > that I thought it would make debugging the problem easier. > > With the socket in blocking mode (which is all I need), > > I have the problem where SSL_connect never returns. > > See below. > > > I'm looking at errno becuase the information > > returned by SSL_get_error wasn't very useful. To recap, > > here's the results of all the various debugging that I have in place: > > SSL_connect: -1 > > SSL_get_error: 2 > > ERR_error_string: error:00000002:lib(0):func(0):system lib > > errno: 11 > > SSL_get_error() returns only a 'top-level' state classification. > You don't decode it with the ERR_ stuff; that's for ERR_get_error(). > 2 is SSL_ERROR_WANT_READ and means you should call again when the socket > is readable, normally most simply by select() or poll() telling you so. > > > A few other notes, I am connecting to the openssl/s_server, > > so that end should be OK. This is all happening inside of a > > multi-threaded app, which could be part of the problem. > > In a separate, very simple (and non-threaded) client app which I wrote, > > I can connect via TCP and SSL and transmit/read just fine. > > So that rules out machine/network level stuff. > > > I have also tried calling SSL_connect in a loop, just to test > > to see if waiting/re-calling helps, but it doesn't. > > The same error occurs each time. > > Obviously no data is being received. With a blocking socket it waits, > and with a nonblocking socket it keeps telling you to wait for receive. > > So there is some difference between your multithreaded and your > simple/nonthreaded. Can you run the s_server with -msg and watch > or log its output (without too much clutter from other clients)? > Does it receive a good connect+hello and try to send a response? > > If the server is sending a response but the client doesn't get it, > there may indeed be some network/environment issue that is different > between your multithread app and your simple/nonthread test. > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
