[openssl-dev] [openssl.org #3817] bug report, command line SRP
Dima Tisnek via RT
rt at openssl.org
Thu Apr 23 17:51:06 UTC 2015
Commands to reproduce
touch srp.db
openssl srp -srpvfile srp.db -add fuser
# password "pass"
openssl s_server -srpvfile srp.db -nocert -cipher SRP -www
# another term, 5 times
openssl s_client -connect localhost:4433 -srpuser fuser -srppass stdin
# input "pass"
I get this in server output, one accept per client run:
Using default temp DH parameters
ACCEPT
User fuser doesn't exist
ACCEPT
User @�j doesn't exist
ACCEPT
User fuser doesn't exist
ACCEPT
User @�j doesn't exist
ACCEPT
User fuser doesn't exist
ACCEPT
Somehow, every other time, SRP user is printed as rubbish.
Seems like a bug somewhere, hopefully only in the command line tool.
Trying same sequence again, I often get "User doesn't exist" instead,
that is username is apparently empty.
More information about the openssl-dev
mailing list