> -----Original Message-----
> From: Dave Thompson
>
> > From: owner-openssl-us...@openssl.org On Behalf Of Joel Bion
> > Sent: Monday, 18 February, 2013 13:57
>
> > The issue I have been reporting has never been on the client
> > side, as the
> > problem is seen when connecting into a server that is booted into a
> > 1.0.1e-environment vs. a 1.0.1c based environment. The two
> > environments
> > are pretty much identical. They are both LinuxFromScratch based
> > environments, where the core build (prior to
> > OpenSSL/HTTPD/MySQL install)
> > is identical, bit by bit, in both, and the primary difference
> > in the two
> > is to use OpenSSL 1.0.1c vs. OpenSSL 1.0.1e. So there is
> > minimal server
> > difference. OpenSSL 1.0.1c server can receive connections; the 1.0.1e
> > cannot. The 1.0.1e reports the error as shown, and closes the
> > connection -
> > as can be seen in that there is much more transferred from
> > the server in
> > the 1.0.1c case vs. the 1.0.1e.
> >
> What you show is what s_client reports *talking to* 1.0.1{e,c}.
> We apparently need information from the server, see below.
>
> > Nevertheless, here is <s_client -debug, snipped>
>
> That second -debug (to 1.0.1e) appears normal up to the point
> client sends CKey,CCS,CFinished and expects STicket,SCCS,SFinished,
> but instead receives "EOF" (read count 0 = normal disconnect).
>
> Either the server process is dying and Unix is closing the socket
> automatically (which shouldn't happen) or either OpenSSL or httpd
> code is closing the socket when it shouldn't (unless possibly httpd
> hits a time limit, but any such should be long enough you would have
> noticed plus it shouldn't vary between OpenSSL versions).
>
> After this is httpd still running, or did it die (and maybe restart,
> depending on how you run it)? If it died, is there a corefile, or
> if corefile is disabled (as often is on Linux) can you enable it?
> Is there anything in the log, and if not (or incomplete) can you
> set any option to increase logging (IMLimitedE httpd defaults to
> being very reticent about logging)?
Additionally, try invoke s_client with the -trace and -state options to get
more human readable output. But as Dave has already pointed out, your client's
write to the socket fails, because the underlying connection was closed down
and you should enable maximum lovlevel in your server and check its logfile for
any hints.
HTH,
Patrick Eisenacher
:��I"Ϯ��r�m�����
(����Z+�K��+����1���x���h����[�z�(����Z+����f�y���������f���h��)z{,���
