Re: [openssl-users] SSL_connect returns SSL_ERROR_SYSCALL and errno == EWOULDBLOCK

2018-09-10 Thread Matt Caswell
On 10/09/18 09:05, Jahn, Gerhard wrote: > Ad:  The "correct" answer is that if you get SSL_ERROR_SYSCALL then the > connection has failed and you shouldn't use that connection any more. >   > This somehow contradicts the description of returncode <0 on SSL_connect > which says that >   > <0 >  

Re: [openssl-users] SSL_connect returns SSL_ERROR_SYSCALL and errno == EWOULDBLOCK

2018-09-10 Thread Jahn, Gerhard
Ad: The "correct" answer is that if you get SSL_ERROR_SYSCALL then the connection has failed and you shouldn't use that connection any more. This somehow contradicts the description of returncode <0 on SSL_connect which says that <0 The TLS/SSL handshake was not successful, because a

Re: [openssl-users] Using Windows system certficate store for server authentication

2018-09-10 Thread Jakob Bohm
On 08/09/2018 20:00, Viktor Dukhovni wrote: On Sat, Sep 08, 2018 at 01:44:50PM +, Salz, Rich via openssl-users wrote: OpenSSL does not use *any* certificate store, on any platform, it is up to the applications to do what they need. More precisely, OpenSSL does not bundle any trusted

Re: [openssl-users] FIPS mode on Windows

2018-09-10 Thread Hubert Kario
On Friday, 7 September 2018 20:18:38 CEST Alessandro Gherardi wrote: > I'm running Windows 10. > I downloaded the FIPS module sources > from https://www.openssl.org/source/openssl-fips-2.0.16.tar.gz and the > OpenSSL sources from https://www.openssl.org/source/openssl-1.0.2p.tar.gz . > I built

Re: [openssl-users] Version negotiation failure failure?

2018-09-10 Thread Kurt Roeckx
On Fri, Aug 31, 2018 at 06:14:25PM -0700, Jordan Brown wrote: > We're trying to nail down error reporting for TLS version mismatches, > and we're seeing a couple of puzzling behaviors. > > First, and most puzzling... assume these two command lines: > > $ openssl s_server -cert

Re: [openssl-users] Version negotiation failure failure?

2018-09-10 Thread Jordan Brown
And of course I remember just after hitting Send:  Thanks! -- Jordan Brown, Oracle Solaris -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Version negotiation failure failure?

2018-09-10 Thread Jordan Brown
On 9/10/2018 1:42 PM, Kurt Roeckx wrote: > I can not reproduce this in 1.0.1, 1.0.2, 1.1.0 or 1.1.1. I believe > this was fixed in all branches. I've tried 1.0.2o too, and I still get > the alert back. Interesting.  My attempts were on Solaris x86[*].  I'll have to try other platforms.

Re: [openssl-users] Version negotiation failure failure?

2018-09-10 Thread Viktor Dukhovni
> On Aug 31, 2018, at 9:14 PM, Jordan Brown > wrote: > > We're trying to nail down error reporting for TLS version mismatches, and > we're seeing a couple of puzzling behaviors. > > First, and most puzzling... assume these two command lines: > > $ openssl s_server -cert 2018.08.31.a.pem