[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-users
Subject:    RE: Error in Handshake
From:       "Dave Thompson" <dthompson () prinpay ! com>
Date:       2013-08-20 21:32:50
Message-ID: 425CBBF9AA1A45EDA89EE01292F97D6C () prinpay ! com
[Download RAW message or body]

>From: owner-openssl-users@openssl.org On Behalf Of Harshvir Sidhu
>Sent: Monday, 19 August, 2013 12:03

>I have downloaded OpenSSL 1.0.1c.
>My application is a Server Application running on Windows XP 
>compiled using VS2008.
>When i used SSL_Accept function then it fails.
>SSL_get_error gives an value of 5.
>ERR_get_error gives a string error:00000000:lib(0):func(0):reason(0)
>I have called SSL_load_error_string called after I initialize
SSL_libary_init.

When SSL_get_error is 5 (SSL_ERROR_SYSCALL) the error queue 
(ERR_get_error() and friends) is often not used, and clearly 
not in this case because ERR_get_error()==0 is 'no error'.
(Because 0 isn't an error, _error_strings doesn't decode it.)

You need to look at the OS error number, which for Windows 
is a call to GetLastError() (for Unix it is errno).

>Similar Code use to work with 1.0.0a version of library, 
>after update it started to fail. If i link the code to old 
>library again it works, but with this new one it keeps on 
>failing. So the application code seems correct.

Are you just re-linking or are you recompiling? I *think* 
there were no binary incompatibilities between 1.0.0 and 
1.0.1, but I wouldn't bet heavily on it. If you haven't 
tried recompiling, do try that.

>Seems like i am missing some flag. Unfortunately, i have lost 
>the old version during system update and i no longer have that 
>available to compare.

>Here is a little more information incase it helps.

>I am using CAPI engine, loaded Private Key is saying it is 
>Type 6 (not sure what it means), but thought like its failing 
>in handshake so could related.

That's a thought. I usually see ERROR_SYSCALL with no error queue 
(only OS error) on socket operations, but I don't use engines.
I would think error on an engine operation would set error queue, 
but maybe not. Can your server software operate without the engine, 
i.e. with OpenSSL built-in crypto, at least for a test case? 
If so trying that might be a useful comparison.


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]