Re: SSL_write( ) fails
On 3/2/2011 9:55 AM, ikuzar wrote: 3) I come back to the SSL_write( ). He wants to read( ). The doc says : " Caveat: Any TLS/SSL I/O function can lead to either of *SSL_ERROR_WANT_READ* and *SSL_ERROR_WANT_WRITE*. In particular, |SSL_read()| or |SSL_peek()| may want to write data and |SSL_write()| may want to read data. This is mainly because TLS/SSL handshakes may occur at any time during the protocol (initiated by either the client or the server); |SSL_read(),| |SSL_peek(),| and |SSL_write()| will handle any pending handshakes. " 3.1) When the doc says "SSL_write () may want to read data"... what does it mean exactly ? Does it mean that a function is blocked somewhere because it wants read ? ( In my case : this function is accept( ) ?? ) It means that for the SSL_write operation to make further forward progress, the SSL engine must read some data from the connection. Since the connection is non-blocking, it is not blocking. It is somewhat analogous to EAGAIN. The difference is that you know specifically that it must *read* from the connection. You may retry the SSL_write operation at any time. You could, for example, wait half a second and then call SSL_write again if you wanted to. The ideal response would be to wait until you know data can be read from the other side, for example, by using 'select' or 'poll' to detect readability of the socket. 3.2) Does the client and server share the same ssl object ... ? I think that question is too vague to answer. Each side has its own software running and tracks the state of the shared SSL connection however it wants. However, if you had trusted shared memory to store a shared object in, what would you need SSL for? DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: SSL_write( ) fails
Ok. Thanks. So, here SSL_write( ) wants to read( ). In fact, ssl_accept( ) fails ( but I continued instead of returning -1 for example. I repaired this programming error. Now it's OK ). -- Then I realize that ssl_accept returns ***ret = 0. * -- I check if ret < 1. If true then I make : gret = SSL_get_error(ssl, ret) -- Then, I make a switch(gret) and I realize that gret = *SSL_ERROR_SYSCALL * -- Then, I make ERR_get_error(); it returns 0. According to the doc ( http://www.openssl.org/docs/ssl/SSL_get_error.html#RETURN_VALUES) I can recheck *ret* value. If it is == 0 it says that "an EOF was observed that violates the protocol". My questions : 1) Did I well interpreted the doc ? 2) What does "an EOF was observed that violates the protocol" mean ? 3) I come back to the SSL_write( ). He wants to read( ). The doc says : " Caveat: Any TLS/SSL I/O function can lead to either of * SSL_ERROR_WANT_READ* and *SSL_ERROR_WANT_WRITE*. In particular, SSL_read()or SSL_peek() may want to write data and SSL_write() may want to read data. This is mainly because TLS/SSL handshakes may occur at any time during the protocol (initiated by either the client or the server); SSL_read(), SSL_peek(), and SSL_write() will handle any pending handshakes. " 3.1) When the doc says "SSL_write () may want to read data"... what does it mean exactly ? Does it mean that a function is blocked somewhere because it wants read ? ( In my case : this function is accept( ) ?? ) 3.2) Does the client and server share the same ssl object ... ? Thanks. 2011/3/2 lzyzizi > If you stepped a bit into the source code , you would have found the answer > yourself. > > They are defined in the ssl.h.You may see the help doc for more details. > #define SSL_ERROR_NONE0 > #define SSL_ERROR_SSL1 > #define SSL_ERROR_WANT_READ2 > #define SSL_ERROR_WANT_WRITE3 > #define SSL_ERROR_WANT_X509_LOOKUP4 > #define SSL_ERROR_SYSCALL5 /* look at error stack/return > value/errno */ > #define SSL_ERROR_ZERO_RETURN6 > #define SSL_ERROR_WANT_CONNECT7 > #define SSL_ERROR_WANT_ACCEPT8 > > > At 2011-03-02 22:55:51,ikuzar wrote: > > Hello, > SSL_write fails in my program. After debuging, I have got err = 2 in err = > SSL_get_error(ssl, err); > Does someone know what does it mean ? > Thanks. > > > >
SSL_write( ) fails
Hello, SSL_write fails in my program. After debuging, I have got err = 2 in err = SSL_get_error(ssl, err); Does someone know what does it mean ? Thanks.
Re: Why SSL_write() fails....HELP REQUIRED!!!!!!!!!!!!
Henrik...sorry for addressing the reply to you though the questioner was Sunil:-). - Krithiga Henrik Nordstrom wrote: On Sun, 10 Aug 2003, Sunil Ashok Rashinkar wrote: Hi Henrik Nordstrom, There is more people than only me in this list.. I am probably not at all the most qualified for this question. SSL_write(sslConnection, data + bytesTransmitted, bytesToSend); This SSL_write fucntion fails and returns 5 as error code. Error code is retrieved by --> nError = SSL_get_error(sslConnection, bytesSent); Error string is retrieved by --> ERR_error_string(nError, str); Erro string which i get is --> error:0005::lib(0) :func(0) : bad asn1 object header I am guessing wildly here, but perhaps some non-SSL data was received from the other end of the connection? Or maybe the error occured earlier during SSL_connect/accept? Have you tried OpenSSL PROG FAQ 5: I've called 'some function' and it fails, why? http://www.openssl.org/support/faq.html#PROG5>. Maybe this gives a better description of the error(s) which may have occured. I also read your friends comments regarding solution of this problem, which said... char buf[20]; RAND_seed(&buf,sizeof buf) ; He did the above change in the code and got it working. No idea.. if it was shortage of randomness you should get another error I think. At least I did when I was short of randomness/entropy in one of my applications. In any case the above two lines is a terribly bad randomness seeding method giving a false sense of randomness entropy information to OpenSSL, quite likely degrading the cryptographic security of OpenSSL considerably. If you have a windows application then you should probably be using RAND_window() from the main event loop. I am not a Windows programmer so I am of limited help on how to do this. The platforms I develop on all have /dev/urandom which makes life with randomness requirements considerably easier. Regards Henrik __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Why SSL_write() fails....HELP REQUIRED!!!!!!!!!!!!
Hi Henrik, I'm not sure whether you've already solved your problem . If not check out my response. SSL_write(sslConnection, data + bytesTransmitted, bytesToSend); This SSL_write fucntion fails and returns 5 as error code. Error code is retrieved by --> nError = SSL_get_error(sslConnection, bytesSent); Error string is retrieved by --> ERR_error_string(nError, str); Erro string which i get is --> error:0005::lib(0) :func(0) : bad asn1 object header long err; if(nError> 0) { while((err=ERR_get_error())!=0) printf("%s %s %s \n", ERR_lib_error_string (err), ERR_func_error_string (err), ERR_reason_error_string (err)); } You should pass the long error code you get from ERR_get_error() to ERR_error_string(err, str) and not nError. Try this. SSL_get_error returns very few error codes , in your case it is SSL_ERROR_SYSCALL. The above code snippet will print the errors in the error queue in a readable form. Let me know whether it helped. -Krithiga __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Why SSL_write() fails....HELP REQUIRED!!!!!!!!!!!!
On Sun, 10 Aug 2003, Sunil Ashok Rashinkar wrote: > Hi Henrik Nordstrom, There is more people than only me in this list.. I am probably not at all the most qualified for this question. > SSL_write(sslConnection, data + bytesTransmitted, bytesToSend); > This SSL_write fucntion fails and returns 5 as error code. > Error code is retrieved by --> nError = SSL_get_error(sslConnection, > bytesSent); > Error string is retrieved by --> ERR_error_string(nError, str); > Erro string which i get is --> error:0005::lib(0) :func(0) : bad asn1 > object header I am guessing wildly here, but perhaps some non-SSL data was received from the other end of the connection? Or maybe the error occured earlier during SSL_connect/accept? Have you tried OpenSSL PROG FAQ 5: I've called 'some function' and it fails, why? http://www.openssl.org/support/faq.html#PROG5>. Maybe this gives a better description of the error(s) which may have occured. > I also read your friends comments regarding solution of this problem, which > said... > > char buf[20]; > > RAND_seed(&buf,sizeof buf) ; > He did the above change in the code and got it working. No idea.. if it was shortage of randomness you should get another error I think. At least I did when I was short of randomness/entropy in one of my applications. In any case the above two lines is a terribly bad randomness seeding method giving a false sense of randomness entropy information to OpenSSL, quite likely degrading the cryptographic security of OpenSSL considerably. If you have a windows application then you should probably be using RAND_window() from the main event loop. I am not a Windows programmer so I am of limited help on how to do this. The platforms I develop on all have /dev/urandom which makes life with randomness requirements considerably easier. Regards Henrik __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Why SSL_write() fails....HELP REQUIRED!!!!!!!!!!!!
Hi Henrik Nordstrom, I am working as a software developer in India I am having some problem with the SSL_write() function. I am new to the SSL standard and i am in the learning stage I have been given some assignments which involves lot of SSL too. I dont know much about SSL, and what you ask you a question regarding failing of SSL_write() fucntion. My code looks likes this SSL_write(sslConnection, data + bytesTransmitted, bytesToSend); This SSL_write fucntion fails and returns 5 as error code. Error code is retrieved by --> nError = SSL_get_error(sslConnection, bytesSent);Error string is retrieved by --> ERR_error_string(nError, str); Erro string which i get is --> error:0005::lib(0) :func(0) : bad asn1 object header Now my question is what does the string "bad asn1 object header" means? I dont see any help regarding this. Why does the function SSL_write() function fails? Is this some IO related error and if yes, how do i over come it. I also read your friends comments regarding solution of this problem, which said... > char buf[20];> RAND_seed(&buf,sizeof buf) ; He did the above change in the code and got it working. I am using a windows 2K machine. Your help would be of great help for me in solving my problem... waiting for your reply... Best RegardsSunil RashinkarPersistent Systems Pvt. Ltd.Ph. +91 20 5678900 Ext 821