Handshake Failure due to bad record mac

2003-03-14 Thread rajagopalan ramanujam 
hi,

I am using a sample client appli on an embedded
platform trying to connect to s_server on the linux.

client code has set cipher(ALL); 
there is no client certificate.
 
client side SSL_connect() return -1;

Its very strange, some times client sends Alert
message  with bad mac code and some times it does not.

i have both the logs attached.

 

# openssl s_server -cert server.pem -accept 1
-state
Using default temp DH parameters
ACCEPT
SSL_accept:before/accept initialization
SSL_accept:SSLv3 read client hello A
SSL_accept:SSLv3 write server hello A
SSL_accept:SSLv3 write certificate A
SSL_accept:SSLv3 write server done A
SSL_accept:SSLv3 flush data
SSL3 alert read:fatal:bad record mac
SSL_accept:failed in SSLv3 read client certificate A
ERROR
1348:error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3
alert bad record mac:s3_pkt.c:964:SSL alert number 20
shutting down SSL
CONNECTION CLOSED
ACCEPT

-
# openssl s_server -cert server.pem -accept 1
-state -debug
--
SSL_accept:before/accept initialization
read from 08162C88 [08168230] (11 bytes = 11 (0xB))
 - 16 03 00 00 3d 01 00 00-39 03  
  =...9.
000b - SPACES/NULS
read from 08162C88 [0816823B] (55 bytes = 55 (0x37))
 - 3e 72 3c 19 00 00 00 00-00 00 00 00 00 00 00 00
  r.
0010 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00
  
0020 - 00 00 12 00 64 00 62 00-60 00 0a 00 09 00 08 00
  d.b.`...
0030 - 05 00 04 00 03 01  
  ..
0037 - SPACES/NULS
SSL_accept:SSLv3 read client hello A
write to 08162C88 [081722C8] (79 bytes = 79 (0x4F))
 - 16 03 00 00 4a 02 00 00-46 03 00 3e 72 3b 01 05
  J...F..r;..
0010 - 62 55 98 f0 16 6d 64 a9-ab 4f 10 72 6d 78 12 c4
  bU...md..O.rmx..
0020 - 67 a5 aa 1d 8d d1 fc a4-13 c5 f3 20 48 37 ba 9d
  g.. H7..
0030 - ea 81 05 1f 3d 43 1f a7-5a 07 c8 b9 ad 4c 4c 6f
  =C..ZLLo
0040 - 2d 3b d3 8d a4 1e 43 0b-b0 63 19 0c 00 64  
  -;C..c...d
004f - SPACES/NULS
SSL_accept:SSLv3 write server hello A
write to 08162C88 [081722C8] (508 bytes = 508
(0x1FC))
 - 16 03 00 01 f7 0b 00 01-f3 00 01 f0 00 01 ed 30
  ...0
0160 - fe fe b9 ed 02 03 01 00-01 30 0d 06 09 2a 86 48
  .0...*.H
0170 - 86 f7 0d 01 01 04 05 00-03 81 81 00 93 d2 0a c5
  
0180 - 41 e6 5a a9 86 f9 11 87-e4 db 45 e2 c5 95 78 1a
  A.Z...E...x.
0190 - 6c 80 6d 73 1f b4 6d 44-a3 ba 86 88 c8 58 cd 1c
  l.ms..mD.X..
01a0 - 06 35 6c 44 62 88 df e4-f6 64 61 95 ef 4a a6 7f
  .5lDbda..J..
01b0 - 65 71 d7 6b 88 39 f6 32-bf ac 93 67 69 51 8c 93
  eq.k.9.2...giQ..
01c0 - ec 48 5f c9 b1 42 f9 55-d2 7e 4e f4 f2 21 6b 90
  .H_..B.U.~N..!k.
01d0 - 57 e6 d7 99 9e 41 ca 80-bf 1a 28 a2 ca 5b 50 4a
  WA(..[PJ
01e0 - ed 84 e7 82 c7 d2 cf 36-9e 6a 67 b9 88 a7 f3 8a
  ...6.jg.
01f0 - d0 04 f8 e8 c6 17 e3 c5-29 bc 17 f1
  )...
SSL_accept:SSLv3 write certificate A
write to 08162C88 [081722C8] (9 bytes = 9 (0x9))
 - 16 03 00 00 04 0e  
  ..
0009 - SPACES/NULS
SSL_accept:SSLv3 write server done A
SSL_accept:SSLv3 flush data
read from 08162C88 [08168230] (5 bytes = 0 (0x0))
SSL_accept:failed in SSLv3 read client certificate A
ERROR
shutting down SSL
CONNECTION CLOSED
ACCEPT



__
Do you Yahoo!?
Yahoo! Web Hosting - establish your business online
http://webhosting.yahoo.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Handshake Failure due to bad record mac

2003-03-14 Thread rajagopalan ramanujam 
Sorry!! SSL_connect is returning with
SSL_ERROR_SYSCALL(5) not -1 as previously mentioned 
and i tried to look at errno it shows 0. Can anyone
please point out where i am wrong?


client()

SSLeay_add_ssl_algorithms();
  meth = SSLv3_client_method();
  SSL_load_error_strings();
  ctx = SSL_CTX_new (meth);   
CHK_NULL(ctx);

SSL_CTX_set_cipher_list(ctx,ALL);
socket()..
connect()..
ssl = SSL_new (ctx);
CHK_NULL(ssl);
  SSL_set_fd (ssl, sd);
  err = SSL_connect (ssl);//
CHK_SSL(err);
  if (err == -1)
  goto end;

  switch((err = SSL_get_error(ssl,r))){
   case SSL_ERROR_NONE:
printf(Read from server:);
 break;
case SSL_ERROR_ZERO_RETURN:
goto end;
  break;
case SSL_ERROR_WANT_READ:
  break;
default:
  printf(SSL read problem);
  goto end;
  }




--- rajagopalan ramanujam [EMAIL PROTECTED]
wrote:
 hi,
 
 I am using a sample client appli on an embedded
 platform trying to connect to s_server on the linux.
 
 client code has set cipher(ALL); 
 there is no client certificate.
  
 client side SSL_connect() return -1;
 
 Its very strange, some times client sends Alert
 message  with bad mac code and some times it does
 not.
 
 i have both the logs attached.
 
  
 
 # openssl s_server -cert server.pem -accept 1
 -state
 Using default temp DH parameters
 ACCEPT
 SSL_accept:before/accept initialization
 SSL_accept:SSLv3 read client hello A
 SSL_accept:SSLv3 write server hello A
 SSL_accept:SSLv3 write certificate A
 SSL_accept:SSLv3 write server done A
 SSL_accept:SSLv3 flush data
 SSL3 alert read:fatal:bad record mac
 SSL_accept:failed in SSLv3 read client certificate A
 ERROR
 1348:error:140943FC:SSL
 routines:SSL3_READ_BYTES:sslv3
 alert bad record mac:s3_pkt.c:964:SSL alert number
 20
 shutting down SSL
 CONNECTION CLOSED
 ACCEPT
 

-
 # openssl s_server -cert server.pem -accept 1
 -state -debug

--
 SSL_accept:before/accept initialization
 read from 08162C88 [08168230] (11 bytes = 11 (0xB))
  - 16 03 00 00 3d 01 00 00-39 03
  
   =...9.
 000b - SPACES/NULS
 read from 08162C88 [0816823B] (55 bytes = 55
 (0x37))
  - 3e 72 3c 19 00 00 00 00-00 00 00 00 00 00 00
 00
   r.
 0010 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00
 00
   
 0020 - 00 00 12 00 64 00 62 00-60 00 0a 00 09 00 08
 00
   d.b.`...
 0030 - 05 00 04 00 03 01
  
   ..
 0037 - SPACES/NULS
 SSL_accept:SSLv3 read client hello A
 write to 08162C88 [081722C8] (79 bytes = 79 (0x4F))
  - 16 03 00 00 4a 02 00 00-46 03 00 3e 72 3b 01
 05
   J...F..r;..
 0010 - 62 55 98 f0 16 6d 64 a9-ab 4f 10 72 6d 78 12
 c4
   bU...md..O.rmx..
 0020 - 67 a5 aa 1d 8d d1 fc a4-13 c5 f3 20 48 37 ba
 9d
   g.. H7..
 0030 - ea 81 05 1f 3d 43 1f a7-5a 07 c8 b9 ad 4c 4c
 6f
   =C..ZLLo
 0040 - 2d 3b d3 8d a4 1e 43 0b-b0 63 19 0c 00 64
  
   -;C..c...d
 004f - SPACES/NULS
 SSL_accept:SSLv3 write server hello A
 write to 08162C88 [081722C8] (508 bytes = 508
 (0x1FC))
  - 16 03 00 01 f7 0b 00 01-f3 00 01 f0 00 01 ed
 30
   ...0
 0160 - fe fe b9 ed 02 03 01 00-01 30 0d 06 09 2a 86
 48
   .0...*.H
 0170 - 86 f7 0d 01 01 04 05 00-03 81 81 00 93 d2 0a
 c5
   
 0180 - 41 e6 5a a9 86 f9 11 87-e4 db 45 e2 c5 95 78
 1a
   A.Z...E...x.
 0190 - 6c 80 6d 73 1f b4 6d 44-a3 ba 86 88 c8 58 cd
 1c
   l.ms..mD.X..
 01a0 - 06 35 6c 44 62 88 df e4-f6 64 61 95 ef 4a a6
 7f
   .5lDbda..J..
 01b0 - 65 71 d7 6b 88 39 f6 32-bf ac 93 67 69 51 8c
 93
   eq.k.9.2...giQ..
 01c0 - ec 48 5f c9 b1 42 f9 55-d2 7e 4e f4 f2 21 6b
 90
   .H_..B.U.~N..!k.
 01d0 - 57 e6 d7 99 9e 41 ca 80-bf 1a 28 a2 ca 5b 50
 4a
   WA(..[PJ
 01e0 - ed 84 e7 82 c7 d2 cf 36-9e 6a 67 b9 88 a7 f3
 8a
   ...6.jg.
 01f0 - d0 04 f8 e8 c6 17 e3 c5-29 bc 17 f1  
  
   )...
 SSL_accept:SSLv3 write certificate A
 write to 08162C88 [081722C8] (9 bytes = 9 (0x9))
  - 16 03 00 00 04 0e
  
   ..
 0009 - SPACES/NULS
 SSL_accept:SSLv3 write server done A
 SSL_accept:SSLv3 flush data
 read from 08162C88 [08168230] (5 bytes = 0 (0x0))
 SSL_accept:failed in SSLv3 read client certificate A
 ERROR
 shutting down SSL
 CONNECTION CLOSED
 ACCEPT
 
 
 
 __
 Do you Yahoo!?
 Yahoo! Web Hosting - establish your business online
 http://webhosting.yahoo.com

__
 OpenSSL Project
 http://www.openssl.org
 User Support Mailing List   
 [EMAIL PROTECTED]
 Automated List Manager  
[EMAIL PROTECTED]