Re: How to get useful error messages?
No response yet :-( Please let me know if you guys need any more information in order to help me understand what is going wrong here. ERR_reason_error_string() and ERR_get_error() do not give me anything back. - Original Message - From: Urjit Gokhale To: Urjit Gokhale ; openssl-users@openssl.org Sent: Wednesday, October 03, 2007 8:27 PM Subject: Re: How to get useful error messages? Hello everyone, I modified my code to add the following two lines after initializing the ssl library with SSL_library_init(): --- RAND_write_file(prngseed.dat); RAND_load_file(prngseed.dat, -1); --- And this solved the problem on HPUX. Now I am facing the same connectivity problem on AIX box. Note that the above two lines are still there. strace on the AIX box doesn't give any output at all. I have no clue why the SSL_connect is failing. It will be great if anyone could suggest a way to figure out what is going wrong here. ~ Urjit - Original Message - From: Urjit Gokhale To: openssl-users@openssl.org Sent: Monday, September 24, 2007 1:48 PM Subject: How to get useful error messages? Hi, I am running an application on HPUX 11i. The application fails in SSL_connect(). I tried to print the error message with the following code snippet: == ret = SSL_connect(ssl) if (ret != 1) { char *m_file, *m_data; int m_line = 0 , m_flags = 0; printf(error code is %d,SSL_get_error(conn-sock-ssl, ret)); printf(errno is %d,errno); ERR_peek_error_line_data((const char**)(m_file), m_line, (const char**)(m_data), m_flags); printf(filename: %s\tline :%d\ndata: %s\nflags: %d,m_file,m_line,m_data,m_flags); printf(%s\n,ERR_reason_error_string(ERR_peek_error())); } == The error code is 5 (SSL_ERROR_SYSCALL) and errno is 2 (ENOENT). But the function ERR_peek_error_line_data() fails, and I dont get any filename / line number etc. I used tusc on HPUX to trace the calls, and found that SSL_connect fails to find a random number generator and hence errno is 2. Here is the relevent part of the trace generated by tusc: == open(/tmp/cacert.pem, O_RDONLY|O_LARGEFILE, 0666) ... = 5 ioctl(5, TCGETA, 0x7a005278) .. ERR#25 ENOTTY read(5, - - - - - B E G I N C E R T I .., 8192) ... = 1184 read(5, 0x4002a2c0, 8192) . = 0 getpid() .. = 21419 (21418) getpid() .. = 21419 (21418) getpid() .. = 21419 (21418) close(5) .. = 0 send(4, \0\0\006\0\f, 6, 0) . = 6 time(NULL) = 1190620890 getpid() .. = 21419 (21418) time(NULL) = 1190620890 time(NULL) = 1190620890 getpid() .. = 21419 (21418) getpid() .. = 21419 (21418) getpid() .. = 21419 (21418) open(/dev/urandom, O_RDONLY|O_NONBLOCK|O_NOCTTY, 0) . ERR#2 ENOENT open(/dev/random, O_RDONLY|O_NONBLOCK|O_NOCTTY, 040460) . ERR#2 ENOENT open(/dev/srandom, O_RDONLY|O_NONBLOCK|O_NOCTTY, 040460) ERR#2 ENOENT socket(AF_UNIX, SOCK_STREAM, 0
Re: How to get useful error messages?
Hello everyone, I modified my code to add the following two lines after initializing the ssl library with SSL_library_init(): --- RAND_write_file(prngseed.dat); RAND_load_file(prngseed.dat, -1); --- And this solved the problem on HPUX. Now I am facing the same connectivity problem on AIX box. Note that the above two lines are still there. strace on the AIX box doesn't give any output at all. I have no clue why the SSL_connect is failing. It will be great if anyone could suggest a way to figure out what is going wrong here. ~ Urjit - Original Message - From: Urjit Gokhale To: openssl-users@openssl.org Sent: Monday, September 24, 2007 1:48 PM Subject: How to get useful error messages? Hi, I am running an application on HPUX 11i. The application fails in SSL_connect(). I tried to print the error message with the following code snippet: == ret = SSL_connect(ssl) if (ret != 1) { char *m_file, *m_data; int m_line = 0 , m_flags = 0; printf(error code is %d,SSL_get_error(conn-sock-ssl, ret)); printf(errno is %d,errno); ERR_peek_error_line_data((const char**)(m_file), m_line, (const char**)(m_data), m_flags); printf(filename: %s\tline :%d\ndata: %s\nflags: %d,m_file,m_line,m_data,m_flags); printf(%s\n,ERR_reason_error_string(ERR_peek_error())); } == The error code is 5 (SSL_ERROR_SYSCALL) and errno is 2 (ENOENT). But the function ERR_peek_error_line_data() fails, and I dont get any filename / line number etc. I used tusc on HPUX to trace the calls, and found that SSL_connect fails to find a random number generator and hence errno is 2. Here is the relevent part of the trace generated by tusc: == open(/tmp/cacert.pem, O_RDONLY|O_LARGEFILE, 0666) ... = 5 ioctl(5, TCGETA, 0x7a005278) .. ERR#25 ENOTTY read(5, - - - - - B E G I N C E R T I .., 8192) ... = 1184 read(5, 0x4002a2c0, 8192) . = 0 getpid() .. = 21419 (21418) getpid() .. = 21419 (21418) getpid() .. = 21419 (21418) close(5) .. = 0 send(4, \0\0\006\0\f, 6, 0) . = 6 time(NULL) = 1190620890 getpid() .. = 21419 (21418) time(NULL) = 1190620890 time(NULL) = 1190620890 getpid() .. = 21419 (21418) getpid() .. = 21419 (21418) getpid() .. = 21419 (21418) open(/dev/urandom, O_RDONLY|O_NONBLOCK|O_NOCTTY, 0) . ERR#2 ENOENT open(/dev/random, O_RDONLY|O_NONBLOCK|O_NOCTTY, 040460) . ERR#2 ENOENT open(/dev/srandom, O_RDONLY|O_NONBLOCK|O_NOCTTY, 040460) ERR#2 ENOENT socket(AF_UNIX, SOCK_STREAM, 0) ... = 5 connect(5, 0x7a004750, 19) ERR#2 ENOENT close(5) .. = 0 socket(AF_UNIX, SOCK_STREAM, 0) ... = 5 connect(5, 0x7a004750, 15) ERR#2 ENOENT close(5
Re: How to get useful error messages?
Hello, I modified my code to add the following two lines after initializing the ssl library with SSL_library_init(): --- RAND_write_file(prngseed.dat); RAND_load_file(prngseed.dat, -1); --- And this solved the problem on HPUX. This is not good solution. You should install PRNG on your HP-UX system. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
How to get useful error messages?
Hi, I am running an application on HPUX 11i. The application fails in SSL_connect(). I tried to print the error message with the following code snippet: == ret = SSL_connect(ssl) if (ret != 1) { char *m_file, *m_data; int m_line = 0 , m_flags = 0; printf(error code is %d,SSL_get_error(conn-sock-ssl, ret)); printf(errno is %d,errno); ERR_peek_error_line_data((const char**)(m_file), m_line, (const char**)(m_data), m_flags); printf(filename: %s\tline :%d\ndata: %s\nflags: %d,m_file,m_line,m_data,m_flags); printf(%s\n,ERR_reason_error_string(ERR_peek_error())); } == The error code is 5 (SSL_ERROR_SYSCALL) and errno is 2 (ENOENT). But the function ERR_peek_error_line_data() fails, and I dont get any filename / line number etc. I used tusc on HPUX to trace the calls, and found that SSL_connect fails to find a random number generator and hence errno is 2. Here is the relevent part of the trace generated by tusc: == open(/tmp/cacert.pem, O_RDONLY|O_LARGEFILE, 0666) ... = 5 ioctl(5, TCGETA, 0x7a005278) .. ERR#25 ENOTTY read(5, - - - - - B E G I N C E R T I .., 8192) ... = 1184 read(5, 0x4002a2c0, 8192) . = 0 getpid() .. = 21419 (21418) getpid() .. = 21419 (21418) getpid() .. = 21419 (21418) close(5) .. = 0 send(4, \0\0\006\0\f, 6, 0) . = 6 time(NULL) = 1190620890 getpid() .. = 21419 (21418) time(NULL) = 1190620890 time(NULL) = 1190620890 getpid() .. = 21419 (21418) getpid() .. = 21419 (21418) getpid() .. = 21419 (21418) open(/dev/urandom, O_RDONLY|O_NONBLOCK|O_NOCTTY, 0) . ERR#2 ENOENT open(/dev/random, O_RDONLY|O_NONBLOCK|O_NOCTTY, 040460) . ERR#2 ENOENT open(/dev/srandom, O_RDONLY|O_NONBLOCK|O_NOCTTY, 040460) ERR#2 ENOENT socket(AF_UNIX, SOCK_STREAM, 0) ... = 5 connect(5, 0x7a004750, 19) ERR#2 ENOENT close(5) .. = 0 socket(AF_UNIX, SOCK_STREAM, 0) ... = 5 connect(5, 0x7a004750, 15) ERR#2 ENOENT close(5) .. = 0 == So, is there a way to get this erro printed as part of error handling in the code? NOTE: I noticed that s_client throws an error warning, not much extra random data, consider using the -rand option. But that is done as part of explicit erro handling for app_RAND_load_file() and RAND_status() calls. Can I get the error as part of error reporting mechanism in openssl, when any SSL_* call fails? Also, which function should I use to make sure random number generator is working properly. I want this to be portable, as the application will run on many platforms including Windows. Thanks, ~ Urjit DISCLAIMER == This e-mail may contain privileged and confidential
Re: How to get useful error messages?
Hello, I am running an application on HPUX 11i. The application fails in SSL_connect(). I tried to print the error message with the following code snippet: Also, which function should I use to make sure random number generator is working properly. I want this to be portable, as the application will run on many platforms including Windows. You should install PRNG on your hpux (assume 11.11). You may find PRNG for hpux on http://www.software.hp.com section Security and manageability, product HP-UX Strong Random Number Generator, installation requires reboot (kernel module). After that /dev/urandom will be available. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]