Re: Problems with SSL_read() - SSL_ERROR_SYSCALL
Hi, This looks more like a network issue than programming issue. The same server when tested from a different network, it works without problems. Warm Regards, Arun S. On 7/31/07, jimmy bahuleyan [EMAIL PROTECTED] wrote: Arun Singarajipura wrote: Hi, Thanks for the reply. I used WSAGetLastError() just after SSL_read() and the result of this is *Read failed with error 10054: An existing connection was forcibly closed by the remote host.* well if the remote side is also your code, you could try debugging/finding why it closed the connection. you could also try setting the info callback to see what is happening inside the SSL connection (SSL_CTX_set_info_callback()). Hi, Arun Singarajipura wrote: Hi All, we are working on client - server architecture. We are using openssl for communication. My problem is that - while transferring data, SSL_read() always fails (after transferring few KB of data). The follwoing error is returned - -- SSL_read() returns SSL_ERROR_SYSCALL error:0005:lib(0):func(0):DH lib --- In that case you better check what errno has. That can give you a better idea of what went wrong. (although i don't know why that DH lib is present above. I don't think DH is involved in any SSL read/write unless your handshake isn't over and your SSL_read() is in fact completing the handshake). This always happens between data transfer. Here's the code snippet gSSL = SSL_new(ctx); SSL_set_fd(gSSL, m_Socket); result = SSL_connect(gSSL); //Get certificate ** the following piece of code is giving problem ret=select(1,sckt,NULL,NULL, timeout); check what 'ret' is. ERR_clear_error(); ret = SSL_read(gSSL,buffer,size); check errno here if you get a SSL_ERROR_SYSCALL. -jb -- Tact is the art of making a point without making an enemy. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problems with SSL_read() - SSL_ERROR_SYSCALL
Arun Singarajipura wrote: Hi, Thanks for the reply. I used WSAGetLastError() just after SSL_read() and the result of this is *Read failed with error 10054: An existing connection was forcibly closed by the remote host.* well if the remote side is also your code, you could try debugging/finding why it closed the connection. you could also try setting the info callback to see what is happening inside the SSL connection (SSL_CTX_set_info_callback()). Hi, Arun Singarajipura wrote: Hi All, we are working on client - server architecture. We are using openssl for communication. My problem is that - while transferring data, SSL_read() always fails (after transferring few KB of data). The follwoing error is returned - -- SSL_read() returns SSL_ERROR_SYSCALL error:0005:lib(0):func(0):DH lib --- In that case you better check what errno has. That can give you a better idea of what went wrong. (although i don't know why that DH lib is present above. I don't think DH is involved in any SSL read/write unless your handshake isn't over and your SSL_read() is in fact completing the handshake). This always happens between data transfer. Here's the code snippet gSSL = SSL_new(ctx); SSL_set_fd(gSSL, m_Socket); result = SSL_connect(gSSL); //Get certificate ** the following piece of code is giving problem ret=select(1,sckt,NULL,NULL, timeout); check what 'ret' is. ERR_clear_error(); ret = SSL_read(gSSL,buffer,size); check errno here if you get a SSL_ERROR_SYSCALL. -jb -- Tact is the art of making a point without making an enemy. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Problems with SSL_read() - SSL_ERROR_SYSCALL
Hi All, we are working on client - server architecture. We are using openssl for communication. My problem is that - while transferring data, SSL_read() always fails (after transferring few KB of data). The follwoing error is returned - -- SSL_read() returns SSL_ERROR_SYSCALL error:0005:lib(0):func(0):DH lib --- This always happens between data transfer. Here's the code snippet gSSL = SSL_new(ctx); SSL_set_fd(gSSL, m_Socket); result = SSL_connect(gSSL); //Get certificate ** the following piece of code is giving problem ret=select(1,sckt,NULL,NULL, timeout); ERR_clear_error(); ret = SSL_read(gSSL,buffer,size); Any help is much appreciated. Warm Regards, Arun S.
Re: Problems with SSL_read() - SSL_ERROR_SYSCALL
Hi, Arun Singarajipura wrote: Hi All, we are working on client - server architecture. We are using openssl for communication. My problem is that - while transferring data, SSL_read() always fails (after transferring few KB of data). The follwoing error is returned - -- SSL_read() returns SSL_ERROR_SYSCALL error:0005:lib(0):func(0):DH lib --- In that case you better check what errno has. That can give you a better idea of what went wrong. (although i don't know why that DH lib is present above. I don't think DH is involved in any SSL read/write unless your handshake isn't over and your SSL_read() is in fact completing the handshake). This always happens between data transfer. Here's the code snippet gSSL = SSL_new(ctx); SSL_set_fd(gSSL, m_Socket); result = SSL_connect(gSSL); //Get certificate ** the following piece of code is giving problem ret=select(1,sckt,NULL,NULL, timeout); check what 'ret' is. ERR_clear_error(); ret = SSL_read(gSSL,buffer,size); check errno here if you get a SSL_ERROR_SYSCALL. -jb -- Tact is the art of making a point without making an enemy. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problems with SSL_read() - SSL_ERROR_SYSCALL
Hi, Thanks for the reply. I used WSAGetLastError() just after SSL_read() and the result of this is *Read failed with error 10054: An existing connection was forcibly closed by the remote host.* Warm regards, Arun S. ** On 7/31/07, jimmy bahuleyan [EMAIL PROTECTED] wrote: Hi, Arun Singarajipura wrote: Hi All, we are working on client - server architecture. We are using openssl for communication. My problem is that - while transferring data, SSL_read() always fails (after transferring few KB of data). The follwoing error is returned - -- SSL_read() returns SSL_ERROR_SYSCALL error:0005:lib(0):func(0):DH lib --- In that case you better check what errno has. That can give you a better idea of what went wrong. (although i don't know why that DH lib is present above. I don't think DH is involved in any SSL read/write unless your handshake isn't over and your SSL_read() is in fact completing the handshake). This always happens between data transfer. Here's the code snippet gSSL = SSL_new(ctx); SSL_set_fd(gSSL, m_Socket); result = SSL_connect(gSSL); //Get certificate ** the following piece of code is giving problem ret=select(1,sckt,NULL,NULL, timeout); check what 'ret' is. ERR_clear_error(); ret = SSL_read(gSSL,buffer,size); check errno here if you get a SSL_ERROR_SYSCALL. -jb -- Tact is the art of making a point without making an enemy. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problems with SSL_read() - SSL_ERROR_SYSCALL / EOF - SOLVED
On 11/22/04 02:20 PM, Louis LeBlanc sat at the `puter and typed:
Hey everyone. Been a long time since I've been able to spend much time
on SSL code, but here I am again.
My app is a client side HTTP/HTTPS application, and the problem that
recently showed up (more likely it was just recently noticed) is a
problem of sorts with SSL_read(). But only with some servers.
Connections to other servers work just fine.
Here's a snippet of the code giving problems:
n = SSL_read(c-data, c-buf+c-bufend, len);
if (n = 0)
{ int sslerr = ERR_get_error();
errcode = SSL_get_error(c-data, n);
if (errno) eptr = strerror(errno);
if (sslerr)
{ (void *)ERR_error_string(sslerr, errbuf); errptr = errbuf; }
switch(errcode)
{
case SSL_ERROR_SYSCALL:
/* Some kind of I/O error; */
if (DebugSSL)
{
if (sslerr) /* SSL IO error? */
{ /* SSL_13013:I:Problem in SSL_read():%s: %s:%d */
if (errptr *errptr)
ERROR(errmsgs[SSL_13013], errptr, __FILE__, __LINE__);
else
ERROR(errmsgs[SSL_13013], SSL_ERROR_SYSCALL ,
__FILE__, __LINE__);
}
else if (eptr *eptr) /* Some system error - check errno */
ERROR(errmsgs[SSL_13013], eptr, __FILE__, __LINE__);
else if (n == 0)
ERROR(errmsgs[SSL_13013], SSL_ERROR_SYSCALL/EOF ,
__FILE__, __LINE__); // XXX
else
ERROR(errmsgs[SSL_13013], SSL_ERROR_SYSCALL/SOCKET ,
__FILE__, __LINE__);
}
sslsock_shutdown(c);
return -1;
break;
. . . // leaving out unrelated error handling
}
}
The error being logged is SSL_ERROR_SYSCALL/EOF - the section marked
with XXX. Far as I can tell, this really shouldn't happen. There
appear to be no problems in the SSL_connect phase. This code snippet is
from the first read after the connection is established - the first
attempt to read the headers.
My first assumption was that I must have mishandled the error condition
somehow. I reread the manpages for SSL_read() and SSL_get_error(), and
unless I'm interpreting these pages incorrectly, I have it right in the
code above.
Also, I should note that regular browsers have no problem conecting to
the server, and my client app has no trouble connecting to other secure
servers. The problem has been occurring with my app linked to OpenSSL
0.9.7a, but is easily reproduced with 0.9.7e.
Here's the server string returned by the origin:
Server: IBM_HTTP_SERVER/1.3.19 Apache/1.3.20 (Unix)
Ok, I finally figured this one out.
It was the cipher list after all.
My initial configuration used the list [EMAIL PROTECTED], which was intended
to maximize the list of ciphers used while giving preference to weaker
ciphers - to minimize overhead. Problem is the server in question was
choking on one of them before it got the one it liked.
When I changed the cipher list to DEFAULT, it worked fine. Of course,
DEFAULT is normally defined as ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH. I
also tried a tweak to this list: ALL:RC4+RSA:+SSLv2:+ADH:@STRENGTH,
which also worked. So I'm speculating that there is some kind of hangup
with the ADH ciphers. I haven't kept up on them in the last several
years, but I seem to remember that they were nontrivial to generate
certs for and use.
So that's it. Configuration error, and nothing wrong with OpenSSL or my
code :)
Thanks Dr. Henson for providing feedback on this issue.
Lou
--
Louis LeBlanc [EMAIL PROTECTED]
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
http://www.keyslapper.org ԿԬ
Live long and prosper.
-- Spock, Amok Time, stardate 3372.7
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: Problems with SSL_read() - SSL_ERROR_SYSCALL / EOF - SOLVED
On 12/08/04 11:44 AM, Louis LeBlanc sat at the `puter and typed: SNIP Ok, I finally figured this one out. It was the cipher list after all. My initial configuration used the list [EMAIL PROTECTED], which was intended to maximize the list of ciphers used while giving preference to weaker ciphers - to minimize overhead. Problem is the server in question was choking on one of them before it got the one it liked. When I changed the cipher list to DEFAULT, it worked fine. Of course, DEFAULT is normally defined as ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH. I also tried a tweak to this list: ALL:RC4+RSA:+SSLv2:+ADH:@STRENGTH, which also worked. So I'm speculating that there is some kind of hangup with the ADH ciphers. I haven't kept up on them in the last several years, but I seem to remember that they were nontrivial to generate certs for and use. So that's it. Configuration error, and nothing wrong with OpenSSL or my code :) Thanks Dr. Henson for providing feedback on this issue. Turns out the client was configured even more narrowly than I initially realized. The ciphers being used were EXPORT only. Of course this leaves out the RC4+RSA ciphers altogether. Still leaves the question why OpenSSL couldn't report the fact that no cipher could be agreed upon. Is there any way I can catch that state? Lou -- Louis LeBlanc [EMAIL PROTECTED] Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problems with SSL_read() - SSL_ERROR_SYSCALL / EOF
On 11/24/04 02:19 PM, Louis LeBlanc sat at the `puter and typed: SNIP Have you tried connecting using s_client? I suggest you try it with -bugs and possibly also restricting the ciphersuites in use too and possibly the SSL protocols too. Now that sheds a little light. It comes through fine even without the -bugs parameter, so it looks like my app isn't handling something right. Is there something I can do prior to the SSL_read() to verify that it's set up correctly? In the meantime, I'll run back to the client code and get it to reproduce the behavior with the s_server feature. Perhaps it will be a little more verbose than the server. Wouldn't it be nice if my client were having the same problem with the s_server tool. No such luck. Here's the rundown: My client cannot successfully fetch from a particular secure server. The OpenSSL s_client tool can. My client has no problem fetching from any other secure servers, including the OpenSSL s_server tool. My client establishes the connection (socket, then SSL handshake) and sends its request headers, then gets an EOF when trying to read the response - on the very first read. I believe the server is IBM Websphere. This is a customer server, and they have assured us their logs don't indicate we ever connected - our access to this server is pretty much nonexistent. Any other ideas would be welcome. Lou -- Louis LeBlanc [EMAIL PROTECTED] Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ Don't go around saying the world owes you a living. The world owes you nothing. It was here first. -- Mark Twain __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problems with SSL_read() - SSL_ERROR_SYSCALL / EOF
On 11/23/04 10:47 PM, Dr. Stephen Henson sat at the `puter and typed: On Tue, Nov 23, 2004, Louis LeBlanc wrote: SNIP Does the connection seem otherwise OK and you just get this error after all data has been transferred? Yes. The connection is established at the socket level - nonblocking initially, then the SSL connection is established. Error checking is *very* thorough in this stage, so I'm pretty sure if it comes through, everything went ok. Once the SSL connection is established, the socket is set back to blocking. Its possible that the system is being impolite and forcibly closing the connection at the socket level. You mean the server? Why would it do this with my client and not any of the browsers I've pointed at it? Once again, this is probably the only system the client can't fetch from. I don't have any trouble fetching from Apache on Linux, Solaris, FreeBSD, Windows, and no trouble fetching from IIS, Zope, or Netscape servers either. Why would IBM Apache (Websphere, I think) be any different? Thank you for the response. If this added info gives you any ideas, I'd love to hear them. Lou -- Louis LeBlanc [EMAIL PROTECTED] Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ Xerox does it again and again and again and ... __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problems with SSL_read() - SSL_ERROR_SYSCALL / EOF
On Wed, Nov 24, 2004, Louis LeBlanc wrote: On 11/23/04 10:47 PM, Dr. Stephen Henson sat at the `puter and typed: On Tue, Nov 23, 2004, Louis LeBlanc wrote: SNIP Does the connection seem otherwise OK and you just get this error after all data has been transferred? Yes. The connection is established at the socket level - nonblocking initially, then the SSL connection is established. Error checking is *very* thorough in this stage, so I'm pretty sure if it comes through, everything went ok. Once the SSL connection is established, the socket is set back to blocking. What I mean was does this error occur just after the inital connection, during the transfer of data or after all data has been transferred? Its possible that the system is being impolite and forcibly closing the connection at the socket level. You mean the server? Why would it do this with my client and not any of the browsers I've pointed at it? If the error occurs after transfer of all data then the browsers might tolerate the impoliteness. Once again, this is probably the only system the client can't fetch from. I don't have any trouble fetching from Apache on Linux, Solaris, FreeBSD, Windows, and no trouble fetching from IIS, Zope, or Netscape servers either. Why would IBM Apache (Websphere, I think) be any different? Thank you for the response. If this added info gives you any ideas, I'd love to hear them. Have you tried connecting using s_client? I suggest you try it with -bugs and possibly also restricting the ciphersuites in use too and possibly the SSL protocols too. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problems with SSL_read() - SSL_ERROR_SYSCALL / EOF
On 11/24/04 05:33 PM, Dr. Stephen Henson sat at the `puter and typed: On Wed, Nov 24, 2004, Louis LeBlanc wrote: On 11/23/04 10:47 PM, Dr. Stephen Henson sat at the `puter and typed: On Tue, Nov 23, 2004, Louis LeBlanc wrote: SNIP Does the connection seem otherwise OK and you just get this error after all data has been transferred? Yes. The connection is established at the socket level - nonblocking initially, then the SSL connection is established. Error checking is *very* thorough in this stage, so I'm pretty sure if it comes through, everything went ok. Once the SSL connection is established, the socket is set back to blocking. What I mean was does this error occur just after the inital connection, during the transfer of data or after all data has been transferred? Oh. Sorry. The problem occurs just after the connection is established and request headers are sent, with the very first call to SSL_read(). It looks to me like my client is trying to read the headers, and gets the EOF. Its possible that the system is being impolite and forcibly closing the connection at the socket level. You mean the server? Why would it do this with my client and not any of the browsers I've pointed at it? If the error occurs after transfer of all data then the browsers might tolerate the impoliteness. Not the case. Perhaps I'm botching something in the request . . . Not sure why it would be bad for just this one server . . . Once again, this is probably the only system the client can't fetch from. I don't have any trouble fetching from Apache on Linux, Solaris, FreeBSD, Windows, and no trouble fetching from IIS, Zope, or Netscape servers either. Why would IBM Apache (Websphere, I think) be any different? Thank you for the response. If this added info gives you any ideas, I'd love to hear them. Have you tried connecting using s_client? I suggest you try it with -bugs and possibly also restricting the ciphersuites in use too and possibly the SSL protocols too. Now that sheds a little light. It comes through fine even without the -bugs parameter, so it looks like my app isn't handling something right. Is there something I can do prior to the SSL_read() to verify that it's set up correctly? In the meantime, I'll run back to the client code and get it to reproduce the behavior with the s_server feature. Perhaps it will be a little more verbose than the server. Thanks a lot! Lou -- Louis LeBlanc [EMAIL PROTECTED] Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ QOTD: I drive my car quietly, for it goes without saying. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problems with SSL_read() - SSL_ERROR_SYSCALL / EOF
On 11/22/04 02:20 PM, Louis LeBlanc sat at the `puter and typed:
Hey everyone. Been a long time since I've been able to spend much time
on SSL code, but here I am again.
My app is a client side HTTP/HTTPS application, and the problem that
recently showed up (more likely it was just recently noticed) is a
problem of sorts with SSL_read(). But only with some servers.
Connections to other servers work just fine.
Here's a snippet of the code giving problems:
n = SSL_read(c-data, c-buf+c-bufend, len);
if (n = 0)
{ int sslerr = ERR_get_error();
errcode = SSL_get_error(c-data, n);
if (errno) eptr = strerror(errno);
if (sslerr)
{ (void *)ERR_error_string(sslerr, errbuf); errptr = errbuf; }
switch(errcode)
{
case SSL_ERROR_SYSCALL:
/* Some kind of I/O error; */
if (DebugSSL)
{
if (sslerr) /* SSL IO error? */
{ /* SSL_13013:I:Problem in SSL_read():%s: %s:%d */
if (errptr *errptr)
ERROR(errmsgs[SSL_13013], errptr, __FILE__, __LINE__);
else
ERROR(errmsgs[SSL_13013], SSL_ERROR_SYSCALL ,
__FILE__, __LINE__);
}
else if (eptr *eptr) /* Some system error - check errno */
ERROR(errmsgs[SSL_13013], eptr, __FILE__, __LINE__);
else if (n == 0)
ERROR(errmsgs[SSL_13013], SSL_ERROR_SYSCALL/EOF ,
__FILE__, __LINE__); // XXX
else
ERROR(errmsgs[SSL_13013], SSL_ERROR_SYSCALL/SOCKET ,
__FILE__, __LINE__);
}
sslsock_shutdown(c);
return -1;
break;
. . . // leaving out unrelated error handling
}
}
The error being logged is SSL_ERROR_SYSCALL/EOF - the section marked
with XXX. Far as I can tell, this really shouldn't happen. There
appear to be no problems in the SSL_connect phase. This code snippet is
from the first read after the connection is established - the first
attempt to read the headers.
My first assumption was that I must have mishandled the error condition
somehow. I reread the manpages for SSL_read() and SSL_get_error(), and
unless I'm interpreting these pages incorrectly, I have it right in the
code above.
Also, I should note that regular browsers have no problem conecting to
the server, and my client app has no trouble connecting to other secure
servers. The problem has been occurring with my app linked to OpenSSL
0.9.7a, but is easily reproduced with 0.9.7e.
Here's the server string returned by the origin:
Server: IBM_HTTP_SERVER/1.3.19 Apache/1.3.20 (Unix)
Anyone have any ideas how best to debug this?
I guess there are no ideas out there. Not surprised. I've gone
through the online docs, the Rescorla book, and the O'Reilly book. No
idea, no mention of SSL_ERROR_SYSCALL, nothing. Nada.
I guess my last option is to parse the code. Still not sure that'll
tell me anything.
Once again, any and all relevant suggestions and ideas are welcome.
Lou
--
Louis LeBlanc [EMAIL PROTECTED]
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
http://www.keyslapper.org ԿԬ
QOTD:
Money isn't everything, but at least it keeps the kids in touch.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: Problems with SSL_read() - SSL_ERROR_SYSCALL / EOF
On Tue, Nov 23, 2004, Louis LeBlanc wrote:
On 11/22/04 02:20 PM, Louis LeBlanc sat at the `puter and typed:
Hey everyone. Been a long time since I've been able to spend much time
on SSL code, but here I am again.
My app is a client side HTTP/HTTPS application, and the problem that
recently showed up (more likely it was just recently noticed) is a
problem of sorts with SSL_read(). But only with some servers.
Connections to other servers work just fine.
Here's a snippet of the code giving problems:
n = SSL_read(c-data, c-buf+c-bufend, len);
if (n = 0)
{ int sslerr = ERR_get_error();
errcode = SSL_get_error(c-data, n);
if (errno) eptr = strerror(errno);
if (sslerr)
{ (void *)ERR_error_string(sslerr, errbuf); errptr = errbuf; }
switch(errcode)
{
case SSL_ERROR_SYSCALL:
/* Some kind of I/O error; */
if (DebugSSL)
{
if (sslerr) /* SSL IO error? */
{ /* SSL_13013:I:Problem in SSL_read():%s: %s:%d */
if (errptr *errptr)
ERROR(errmsgs[SSL_13013], errptr, __FILE__, __LINE__);
else
ERROR(errmsgs[SSL_13013], SSL_ERROR_SYSCALL ,
__FILE__, __LINE__);
}
else if (eptr *eptr) /* Some system error - check errno */
ERROR(errmsgs[SSL_13013], eptr, __FILE__, __LINE__);
else if (n == 0)
ERROR(errmsgs[SSL_13013], SSL_ERROR_SYSCALL/EOF ,
__FILE__, __LINE__); // XXX
else
ERROR(errmsgs[SSL_13013], SSL_ERROR_SYSCALL/SOCKET ,
__FILE__, __LINE__);
}
sslsock_shutdown(c);
return -1;
break;
. . . // leaving out unrelated error handling
}
}
The error being logged is SSL_ERROR_SYSCALL/EOF - the section marked
with XXX. Far as I can tell, this really shouldn't happen. There
appear to be no problems in the SSL_connect phase. This code snippet is
from the first read after the connection is established - the first
attempt to read the headers.
My first assumption was that I must have mishandled the error condition
somehow. I reread the manpages for SSL_read() and SSL_get_error(), and
unless I'm interpreting these pages incorrectly, I have it right in the
code above.
Also, I should note that regular browsers have no problem conecting to
the server, and my client app has no trouble connecting to other secure
servers. The problem has been occurring with my app linked to OpenSSL
0.9.7a, but is easily reproduced with 0.9.7e.
Here's the server string returned by the origin:
Server: IBM_HTTP_SERVER/1.3.19 Apache/1.3.20 (Unix)
Anyone have any ideas how best to debug this?
I guess there are no ideas out there. Not surprised. I've gone
through the online docs, the Rescorla book, and the O'Reilly book. No
idea, no mention of SSL_ERROR_SYSCALL, nothing. Nada.
I guess my last option is to parse the code. Still not sure that'll
tell me anything.
Once again, any and all relevant suggestions and ideas are welcome.
Does the connection seem otherwise OK and you just get this error after all
data has been transferred?
Its possible that the system is being impolite and forcibly closing the
connection at the socket level.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Problems with SSL_read() - SSL_ERROR_SYSCALL / EOF
Hey everyone. Been a long time since I've been able to spend much time
on SSL code, but here I am again.
My app is a client side HTTP/HTTPS application, and the problem that
recently showed up (more likely it was just recently noticed) is a
problem of sorts with SSL_read(). But only with some servers.
Connections to other servers work just fine.
Here's a snippet of the code giving problems:
n = SSL_read(c-data, c-buf+c-bufend, len);
if (n = 0)
{ int sslerr = ERR_get_error();
errcode = SSL_get_error(c-data, n);
if (errno) eptr = strerror(errno);
if (sslerr)
{ (void *)ERR_error_string(sslerr, errbuf); errptr = errbuf; }
switch(errcode)
{
case SSL_ERROR_SYSCALL:
/* Some kind of I/O error; */
if (DebugSSL)
{
if (sslerr) /* SSL IO error? */
{ /* SSL_13013:I:Problem in SSL_read():%s: %s:%d */
if (errptr *errptr)
ERROR(errmsgs[SSL_13013], errptr, __FILE__, __LINE__);
else
ERROR(errmsgs[SSL_13013], SSL_ERROR_SYSCALL ,
__FILE__, __LINE__);
}
else if (eptr *eptr) /* Some system error - check errno */
ERROR(errmsgs[SSL_13013], eptr, __FILE__, __LINE__);
else if (n == 0)
ERROR(errmsgs[SSL_13013], SSL_ERROR_SYSCALL/EOF ,
__FILE__, __LINE__); // XXX
else
ERROR(errmsgs[SSL_13013], SSL_ERROR_SYSCALL/SOCKET ,
__FILE__, __LINE__);
}
sslsock_shutdown(c);
return -1;
break;
. . . // leaving out unrelated error handling
}
}
The error being logged is SSL_ERROR_SYSCALL/EOF - the section marked
with XXX. Far as I can tell, this really shouldn't happen. There
appear to be no problems in the SSL_connect phase. This code snippet is
from the first read after the connection is established - the first
attempt to read the headers.
My first assumption was that I must have mishandled the error condition
somehow. I reread the manpages for SSL_read() and SSL_get_error(), and
unless I'm interpreting these pages incorrectly, I have it right in the
code above.
Also, I should note that regular browsers have no problem conecting to
the server, and my client app has no trouble connecting to other secure
servers. The problem has been occurring with my app linked to OpenSSL
0.9.7a, but is easily reproduced with 0.9.7e.
Here's the server string returned by the origin:
Server: IBM_HTTP_SERVER/1.3.19 Apache/1.3.20 (Unix)
Anyone have any ideas how best to debug this?
TIA
Lou
--
Louis LeBlanc [EMAIL PROTECTED]
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
http://www.keyslapper.org ԿԬ
Committee, n.:
A group of men who individually can do nothing, but as a group
can decide that nothing can be done.
-- Fred Allen
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
