Re: SSL_accept error, but I don't know is wrong exactly

Wed, 17 Jun 2009 11:58:15 -0700 

Jelle de Jong wrote:
> Hello everybody,
> 
> I am searching for answers and solutions for the connection issue
> described in the attached text log.
> 
> I got this response from Wietse from postfix:
> 
>> Code fragment:
>>     sts = tls_bio_accept(vstream_fileno(props->stream), props->timeout,
>>                          TLScontext);
>>     if (sts <= 0) {
>>         msg_info("SSL_accept error from %s: %d", props->namaddr, sts);
>>         tls_print_errors();
>>         tls_free_context(TLScontext);
>>         return (0);
>>
>> This means that the OpenSSL library error stack did not contain 
>> any additional information about the problem.
> 
> I am hoping the openssl team knows what goes wrong and on what side the
> issue is.
> 

Hello everybody,

I have done some more testing and got a lot more debug information, I
still have no idea what is wrong and what to do but I got to points:

webish.nl uses a selfsigned certificate:
/C=US/ST=Someprovince/L=Sometown/O=none/OU=none/CN=localhost/emailaddress=webas...@localhost
Could that cause an SSL_accept error like I have and what can be done
about this?

ssl dump shows me that the connection is closed with a FIN? What does
that mean and why is it happening? what can be done about is?
---------------------------------------------------------------
220 2.0.0 Ready to start TLS
---------------------------------------------------------------
TCP: sepaip2.webish.nl(34538) -> helmwijk.xs4all.nl(25) Seq
1570587427.(0) ACK 2723884575 FIN
1    0.1111 (0.0176)  C>S  TCP FIN
TCP: helmwijk.xs4all.nl(25) -> sepaip2.webish.nl(34538) Seq
2723884575.(0) ACK 1570587428 FIN
1    0.1117 (0.0005)  S>C  TCP FIN
TCP: sepaip2.webish.nl(34538) -> helmwijk.xs4all.nl(25) Seq
1570587428.(0) ACK 2723884576

I got a postfix smtpd_tls_security_level on may is this such uncommon? I
use this for years on other systems with CACert.org signed certificates
without any problems... why is this webish server doing nasty?

collection of the logs in tar.gz format
http://filebin.ca/vfcxs

selection of logs that I hope are the most relevant:

ssldump-smtpd-v-helmwijk-webish-fail.txt
http://debian.pastebin.com/m8ce090e

postconf-n-helmwijk.txt
http://debian.pastebin.com/m4bf47368

openssl-helmwijk-check.txt
http://debian.pastebin.com/m708bd459

openssl-webish-check.txt
http://debian.pastebin.com/m45cd4779

smtp-helmwijk-gmail-ok-test.txt (debian pastbin werkte niet)
http://filebin.ca/mvtjq/smtp-helmwijk-gmail-ok-test.txt

Thanks in advance,

Jelle de Jong
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to