Dave may be right about there being no direct evidence for a read.
However I have since looked at the code the error is coming from and the error is being
reported at the time the SSL context is being interpreted, which doesn't mean the initial
loading of the SSL context wasn't error free as it appears the context can be loaded
erroneously without a complaint. If that is true and the error occurs at context parse
time, then any conjecture we make about the actual cause of the error is purely
conjecture. I apologize to "irivas" for jumping to conclusions initially and
suggested offline to him that he get more information from tools like snoop/tcpdump and
truss/strace that may or may not be available in openvms.
The relevant information I gave to Irivas is this:
The error he was getting comes from ssl/s3_clnt.c in the
ssl3_get_server_certificate() function. When this function parses a message
buffer it decides is a certificate chain and cannot decode the DER format of
one of the certificate elements in the chain via the function d2i_X509(), then
it emits the error Irivas sees.
If you look at http://www.openssl.org/docs/crypto/d2i_X509.html you will see
that it says that the reverse function i2d_X509() has bad error handling in
some versions of openssl and can result in the creation of a bad structure for
d2i_X509() to process later. By way of explanation openssl loads stuff into
buffers first and processes it later.
One last thing I hope the metadata of the openvms file structure doesn't get in
the way of flat text processing. If a file is a different format to flat text,
then you process it differently. The Windows/Unix text file nonsense is purely
a disagreement about the end of line token and nothing to do with the file
structure.
On 6/10/2010 7:34 AM, Dave Thompson wrote:
<snip much and fix formatting>
545318540:error:0D07809F:asn1 encoding
routines:ASN1_ITEM_EX_D2I:unexpected
eoc:TASN_DEC:337:Type=X509_ALGOR
545318540:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_D2I:nested
asn1 error:TASN_DEC:566:Field=sig_alg, Type=X509
545318540:error:1409000D:SSL routines:SSL3_GET_SERVER_CERTIFICATE:ASN1
lib:S3_CLNT:816:$!
NOTE:
SSL3_GET_SERVER_CERTIFICATE
1409000D F_SSL3_GET_SERVER_CERTIFICATE R_ASN1_LIB sure looks to me
like parsing the wire message.
If verification failed because it couldn't parse the store, that's
14090086 F_SSL3_GET_SERVER_CERTIFICATE R_CERTIFICATE_VERIFY_FAILURE
with an error stack including at least 0B06F009.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
--
"The whole modern world has divided itself into Conservatives and Progressives. The
business of Progressives is to go on making mistakes. The business of the Conservatives
is to prevent the mistakes from being corrected." -- G. K. Chesterton
I must be a Progressive then :) -- J. T. Hunt
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
