Re: How to get useful error messages?

2007-10-04 Thread Urjit Gokhale 
No response yet :-(
Please let me know if you guys need any more information in order to help me 
understand what is going wrong here.
ERR_reason_error_string() and ERR_get_error() do not give me anything back.

  - Original Message -
  From: Urjit Gokhale
  To: Urjit Gokhale ; openssl-users@openssl.org
  Sent: Wednesday, October 03, 2007 8:27 PM
  Subject: Re: How to get useful error messages?


  Hello everyone,

  I modified my code to add the following two lines after initializing the ssl 
library with SSL_library_init():
  ---
  RAND_write_file(prngseed.dat);
  RAND_load_file(prngseed.dat, -1);
  ---
  And this solved the problem on HPUX.

  Now I am facing the same connectivity problem on AIX box. Note that the above 
two lines are still there.
  strace on the AIX box doesn't give any output at all.
  I have no clue why the SSL_connect is failing.

  It will be great if anyone could suggest a way to figure out what is going 
wrong here.

  ~ Urjit


- Original Message -
From: Urjit Gokhale
To: openssl-users@openssl.org
Sent: Monday, September 24, 2007 1:48 PM
Subject: How to get useful error messages?


Hi,

I am running an application on HPUX 11i.
The application fails in SSL_connect(). I tried to print the error message 
with the following code snippet:
==
ret = SSL_connect(ssl)
if (ret != 1)
{
char *m_file, *m_data;
int m_line = 0 , m_flags = 0;
printf(error code is %d,SSL_get_error(conn-sock-ssl, ret));
printf(errno is %d,errno);
ERR_peek_error_line_data((const char**)(m_file),
m_line,
(const char**)(m_data),
m_flags);
printf(filename: %s\tline :%d\ndata: %s\nflags: 
%d,m_file,m_line,m_data,m_flags);
printf(%s\n,ERR_reason_error_string(ERR_peek_error()));
}
==
The error code is 5 (SSL_ERROR_SYSCALL) and errno is 2 (ENOENT).
But the function ERR_peek_error_line_data() fails, and I dont get any 
filename / line number etc.

I used tusc on HPUX to trace the calls, and found that SSL_connect fails to 
find a random number generator and hence errno is 2.
Here is the relevent part of the trace generated by tusc:
==
open(/tmp/cacert.pem, O_RDONLY|O_LARGEFILE, 0666) 
... = 5
ioctl(5, TCGETA, 0x7a005278) 
..
 ERR#25 ENOTTY
read(5, - - - - - B E G I N   C E R T I .., 8192) 
... = 1184
read(5, 0x4002a2c0, 8192) 
.
 = 0
getpid() 
..
 = 21419 (21418)
getpid() 
..
 = 21419 (21418)
getpid() 
..
 = 21419 (21418)
close(5) 
..
 = 0
send(4, \0\0\006\0\f, 6, 0) 
.
 = 6
time(NULL) 

 = 1190620890
getpid() 
..
 = 21419 (21418)
time(NULL) 

 = 1190620890
time(NULL) 

 = 1190620890
getpid() 
..
 = 21419 (21418)
getpid() 
..
 = 21419 (21418)
getpid() 
..
 = 21419 (21418)
open(/dev/urandom, O_RDONLY|O_NONBLOCK|O_NOCTTY, 0) 
. ERR#2 ENOENT
open(/dev/random, O_RDONLY|O_NONBLOCK|O_NOCTTY, 040460) 
. ERR#2 ENOENT
open(/dev/srandom, O_RDONLY|O_NONBLOCK|O_NOCTTY, 040460) 
 ERR#2 ENOENT
socket(AF_UNIX, SOCK_STREAM, 0

Re: How to get useful error messages?

2007-10-03 Thread Urjit Gokhale 
Hello everyone,

I modified my code to add the following two lines after initializing the ssl 
library with SSL_library_init():
---
RAND_write_file(prngseed.dat);
RAND_load_file(prngseed.dat, -1);
---
And this solved the problem on HPUX.

Now I am facing the same connectivity problem on AIX box. Note that the above 
two lines are still there.
strace on the AIX box doesn't give any output at all.
I have no clue why the SSL_connect is failing.

It will be great if anyone could suggest a way to figure out what is going 
wrong here.

~ Urjit


  - Original Message -
  From: Urjit Gokhale
  To: openssl-users@openssl.org
  Sent: Monday, September 24, 2007 1:48 PM
  Subject: How to get useful error messages?


  Hi,

  I am running an application on HPUX 11i.
  The application fails in SSL_connect(). I tried to print the error message 
with the following code snippet:
  ==
  ret = SSL_connect(ssl)
  if (ret != 1)
  {
  char *m_file, *m_data;
  int m_line = 0 , m_flags = 0;
  printf(error code is %d,SSL_get_error(conn-sock-ssl, ret));
  printf(errno is %d,errno);
  ERR_peek_error_line_data((const char**)(m_file),
  m_line,
  (const char**)(m_data),
  m_flags);
  printf(filename: %s\tline :%d\ndata: %s\nflags: 
%d,m_file,m_line,m_data,m_flags);
  printf(%s\n,ERR_reason_error_string(ERR_peek_error()));
  }
  ==
  The error code is 5 (SSL_ERROR_SYSCALL) and errno is 2 (ENOENT).
  But the function ERR_peek_error_line_data() fails, and I dont get any 
filename / line number etc.

  I used tusc on HPUX to trace the calls, and found that SSL_connect fails to 
find a random number generator and hence errno is 2.
  Here is the relevent part of the trace generated by tusc:
  ==
  open(/tmp/cacert.pem, O_RDONLY|O_LARGEFILE, 0666) 
... = 5
  ioctl(5, TCGETA, 0x7a005278) 
..
 ERR#25 ENOTTY
  read(5, - - - - - B E G I N   C E R T I .., 8192) 
... = 1184
  read(5, 0x4002a2c0, 8192) 
.
 = 0
  getpid() 
..
 = 21419 (21418)
  getpid() 
..
 = 21419 (21418)
  getpid() 
..
 = 21419 (21418)
  close(5) 
..
 = 0
  send(4, \0\0\006\0\f, 6, 0) 
.
 = 6
  time(NULL) 

 = 1190620890
  getpid() 
..
 = 21419 (21418)
  time(NULL) 

 = 1190620890
  time(NULL) 

 = 1190620890
  getpid() 
..
 = 21419 (21418)
  getpid() 
..
 = 21419 (21418)
  getpid() 
..
 = 21419 (21418)
  open(/dev/urandom, O_RDONLY|O_NONBLOCK|O_NOCTTY, 0) 
. ERR#2 ENOENT
  open(/dev/random, O_RDONLY|O_NONBLOCK|O_NOCTTY, 040460) 
. ERR#2 ENOENT
  open(/dev/srandom, O_RDONLY|O_NONBLOCK|O_NOCTTY, 040460) 
 ERR#2 ENOENT
  socket(AF_UNIX, SOCK_STREAM, 0) 
... 
= 5
  connect(5, 0x7a004750, 19) 

 ERR#2 ENOENT
  close(5) 
..
 = 0
  socket(AF_UNIX, SOCK_STREAM, 0) 
... 
= 5
  connect(5, 0x7a004750, 15) 

 ERR#2 ENOENT
  close(5

Re: How to get useful error messages?

2007-10-03 Thread Marek Marcola 
Hello,
 I modified my code to add the following two lines after initializing
 the ssl library with SSL_library_init():
 ---
 RAND_write_file(prngseed.dat);
 RAND_load_file(prngseed.dat, -1);
 ---
 And this solved the problem on HPUX.
This is not good solution.
You should install PRNG on your HP-UX system.

Best regards,
-- 
Marek Marcola [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

How to get useful error messages?

2007-09-24 Thread Urjit Gokhale 
Hi,

I am running an application on HPUX 11i.
The application fails in SSL_connect(). I tried to print the error message with 
the following code snippet:
==
ret = SSL_connect(ssl)
if (ret != 1)
{
char *m_file, *m_data;
int m_line = 0 , m_flags = 0;
printf(error code is %d,SSL_get_error(conn-sock-ssl, ret));
printf(errno is %d,errno);
ERR_peek_error_line_data((const char**)(m_file),
m_line,
(const char**)(m_data),
m_flags);
printf(filename: %s\tline :%d\ndata: %s\nflags: 
%d,m_file,m_line,m_data,m_flags);
printf(%s\n,ERR_reason_error_string(ERR_peek_error()));
}
==
The error code is 5 (SSL_ERROR_SYSCALL) and errno is 2 (ENOENT).
But the function ERR_peek_error_line_data() fails, and I dont get any filename 
/ line number etc.

I used tusc on HPUX to trace the calls, and found that SSL_connect fails to 
find a random number generator and hence errno is 2.
Here is the relevent part of the trace generated by tusc:
==
open(/tmp/cacert.pem, O_RDONLY|O_LARGEFILE, 0666) 
... = 5
ioctl(5, TCGETA, 0x7a005278) 
..
 ERR#25 ENOTTY
read(5, - - - - - B E G I N   C E R T I .., 8192) 
... = 1184
read(5, 0x4002a2c0, 8192) 
.
 = 0
getpid() 
..
 = 21419 (21418)
getpid() 
..
 = 21419 (21418)
getpid() 
..
 = 21419 (21418)
close(5) 
..
 = 0
send(4, \0\0\006\0\f, 6, 0) 
.
 = 6
time(NULL) 

 = 1190620890
getpid() 
..
 = 21419 (21418)
time(NULL) 

 = 1190620890
time(NULL) 

 = 1190620890
getpid() 
..
 = 21419 (21418)
getpid() 
..
 = 21419 (21418)
getpid() 
..
 = 21419 (21418)
open(/dev/urandom, O_RDONLY|O_NONBLOCK|O_NOCTTY, 0) 
. ERR#2 ENOENT
open(/dev/random, O_RDONLY|O_NONBLOCK|O_NOCTTY, 040460) 
. ERR#2 ENOENT
open(/dev/srandom, O_RDONLY|O_NONBLOCK|O_NOCTTY, 040460) 
 ERR#2 ENOENT
socket(AF_UNIX, SOCK_STREAM, 0) 
... 
= 5
connect(5, 0x7a004750, 19) 

 ERR#2 ENOENT
close(5) 
..
 = 0
socket(AF_UNIX, SOCK_STREAM, 0) 
... 
= 5
connect(5, 0x7a004750, 15) 

 ERR#2 ENOENT
close(5) 
..
 = 0

==

So, is there a way to get this erro printed as part of error handling in the 
code?
NOTE: I noticed that s_client throws an error warning, not much extra random 
data, consider using the -rand option. But that is done as part of explicit 
erro handling for app_RAND_load_file() and RAND_status() calls. Can I get the 
error as part of error reporting mechanism in openssl, when any SSL_* call 
fails?

Also, which function should I use to make sure random number generator is 
working properly. I want this to be portable, as the application will run on 
many platforms including Windows.

Thanks,
~ Urjit

DISCLAIMER
==
This e-mail may contain privileged and confidential

Re: How to get useful error messages?

2007-09-24 Thread Marek Marcola 
Hello,
 
 I am running an application on HPUX 11i.
 The application fails in SSL_connect(). I tried to print the error
 message with the following code snippet:

 Also, which function should I use to make sure random number generator
 is working properly. I want this to be portable, as the application
 will run on many platforms including Windows.
You should install PRNG on your hpux (assume 11.11).
You may find PRNG for hpux on 
 http://www.software.hp.com
section Security and manageability, product HP-UX Strong Random
Number Generator, installation requires reboot (kernel module).
After that /dev/urandom will be available.

Best regards,
-- 
Marek Marcola [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]