<div dir="ltr"><span style="color:rgb(80,0,80);font-size:12.8px">Hi Matt,</span><div style="color:rgb(80,0,80);font-size:12.8px"><br></div><div style="color:rgb(80,0,80);font-size:12.8px">Thanks for the response,</div><div style="color:rgb(80,0,80);font-size:12.8px"><br></div><div style="color:rgb(80,0,80);font-size:12.8px">I added a log as suggested by you. I don't see the call entering the above mentioned code block.</div><div style="color:rgb(80,0,80);font-size:12.8px"><br></div><div style="color:rgb(80,0,80);font-size:12.8px">Logs on server side:</div><div style="color:rgb(80,0,80);font-size:12.8px"><br></div><div style="color:rgb(80,0,80);font-size:12.8px"><div>[10/15/0117 10:34:43] 803F1700 Link-2 (SSL_accept) Failed to accept new connection, Socket Id 65, Return Value 1</div><div>[10/15/0117 10:34:43] 803F1700 Link-2 SSL File : ssl/statem/statem_srvr.c , Line number : 2882 , Linux Error Code 0</div></div><div style="color:rgb(80,0,80);font-size:12.8px"><br></div><div style="color:rgb(80,0,80);font-size:12.8px">Logs on client side:</div><div style="color:rgb(80,0,80);font-size:12.8px"><br></div><div style="color:rgb(80,0,80);font-size:12.8px"><div>[10/15/0117 10:34:43] 7DDE1700 Link-1 SSL_connect() fails to connect need to retry, returned error code 2 , retry ? true</div><div>[10/15/0117 10:34:43] 7DDE1700 Link-1 SSL_connect() fails to connect need to retry, returned error code 2 , retry ? true</div><div>[10/15/0117 10:34:43] 7DDE1700 Link-1 SSL_connect() fails to connect need to retry, returned error code 2 , retry ? true</div><div>[10/15/0117 10:34:43] 7DDE1700 Link-1 SSL_connect() fails to connect need to retry, returned error code 2 , retry ? true</div><div>[10/15/0117 10:34:43] 7DDE1700 Link-1 SSL_connect() fails to connect need to retry, returned error code 2 , retry ? true</div><div>[10/15/0117 10:34:43] 7DDE1700 Link-1 SSL_connect() fails to connect need to retry, returned error code 2 , retry ? true</div></div><div style="color:rgb(80,0,80);font-size:12.8px"><br></div><div style="color:rgb(80,0,80);font-size:12.8px"><br></div><div style="color:rgb(80,0,80);font-size:12.8px">We observe from wireshark capture, client sending out the certificate with length = 0 (because we have not configured the public key on client side) and also server sends handshake failure "Alert" to client. Why does client respond with "Client key exchange" even if the the handshake failure alert is sent from server?</div><div style="color:rgb(80,0,80);font-size:12.8px"><br></div><div style="color:rgb(80,0,80);font-size:12.8px"><span style="color:rgb(34,34,34);font-size:12.8px">Openssl version used is 01.01.00g. I am also attaching the latest pcap file for your reference.</span><br></div><div style="color:rgb(80,0,80);font-size:12.8px"><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Nov 14, 2017 at 4:35 PM, Matt Caswell <span dir="ltr"><<a href="mailto:matt@openssl.org" target="_blank">matt@openssl.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><br>
<br>
On 14/11/17 10:44, mahesh gs wrote:<br>
<br>
> case SSL_ERROR_SYSCALL:<br>
><br>
> if (EWOULDBLOCK == errno || EAGAIN == errno)<br>
> {<br>
> /* Nothing to do, retry to connect again */<br>
> }<br>
<br>
</span>This doesn't look right. If SSL_connect() fails due to an NBIO event<br>
then you should get SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE back. If<br>
you get SSL_ERROR_SYSCALL then something bad happened and you should not<br>
retry. Could you add some logging here? I'm wondering whether you are<br>
ending up here but missing it and looping around again.<br>
<span class="HOEnZb"><font color="#888888"><br>
Matt<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
<br>
--<br>
openssl-users mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/<wbr>mailman/listinfo/openssl-users</a><br>
</div></div></blockquote></div><br></div>