Hi, I have trouble getting openldap clients to connect to an openldap server; when the connection is opened, the server says "error in SSLv3 flush data" and the client hangs. This happens only for connections through the network (local connections work without problem), and whether it occurs or not depends on the debug level (for example, if -d2 is used on slapd, the problem does not occur). It's not certain that the problem is in OpenSSL, but I need some help anyway in order to debug it further and narrow it down.
The server is Debian etch, with all software being packaged by Debian: OpenLDAP 2.3.30 and OpenSSL 0.9.8c. There is identical behaviour with two clients: a Debian etch and a Ubuntu 6.10. I tried compiling OpenLDAP 2.3.32 from upstream (against Debian's shared libssl), and there was the same problem. I also tried compiling OpenSSL 0.9.8e (with ./config shared) and put the resulting shared library in place of Debian's, and run Debian's OpenLDAP 2.3.30, and again I have the same problem. Then, I tried to look at the code to find about more about what "error in SSLv3 flush data" means and why and where it occurs. But I don't quite understand the code, of course. In bio_lib.c, BIO_ctrl runs with cmd=SSL3_ST_SW_FLUSH, with b being a "buffer" (type 0x209). When it reaches the line ret=b->method->ctrl(b,cmd,larg,parg); control goes over to buffer_ctrl in bf_buff.c. It goes to case BIO_CTRL_FLUSH: from where it runs BIO_write(b->next_bio, ...). Now b->next_bio is "sockbuf glue", which I don't know what it means, and its type, 0x464, is not listed in bio.h, so I don't get it. In any case, if I enable the debugging fprintf command, its result is FLUSH [ 0] 1603 -> -1 The problem does not manifest all the time. The first time I try a request after starting slapd, it's _usually_ OK, and the next times it's _usually_ as described. Could you tell me if I'm on the right track and how to proceed? Needless to say I'm not much interested in digging in the code - my only motivation is to get it to work, so if there's an easier path, I'd prefer it. Previous reports on this issue: http://www.mail-archive.com/openldap-software@openldap.org/msg08065.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=412706 Thanks for any help! ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]