Openssl seems to inspects application data?

Neil Horman nhorman at openssl.org
Tue Mar 26 17:55:25 UTC 2024


What library call are you getting that error in response to?  If you
believe that this is coming from some attempt to interpret application data
(which you are correct, it shouldn't be, unless the application auth
protocol is somehow getting aliased as a tls control message of some sort),
then I would, after the handshake, clear the error stack, and check it
after a call from SSL_read returns.

On Tue, Mar 26, 2024 at 1:38 PM Kreissl, Jochen <Jochen.Kreissl at vector.com>
wrote:

> Hi,
>
>
>
> I am using openssl (3.2) in an application.
>
> Handshake works just fine but I get a very weird behavior when I receive a
> big certificate chain inside application data (TLS 1.3 but NOT using
> Post-Handshake Auth, this is some level-7 auth protocol on top of tls).
>
> The openssl error I get is error:0308010C:digital envelope
> routines::unsupported
>
> Which … seems to indicate that openssl is trying (and failing) to
> interpret the certificate chain…?
>
>
>
> I really don’t understand what is going on.
>
> I thought openssl would treat any application data sent using SSL_write following
> a completed handshake would be opaque for openssl – because why would it
> look inside and try to parse something?
>
>
>
> Does anyone have an explanation or have encountered something similar?
>
>
>
>
>
> Regards
>
> Jochen
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20240326/f757b79e/attachment.htm>


More information about the openssl-users mailing list