[openssl-users] API SSL_Connect fails and always returns SSL_ERROR_WANT_READ causes infinite loop in application
mahesh gs
mahesh116 at gmail.com
Tue Nov 14 10:00:27 UTC 2017
Hi All,
We have application that provide DTLS security for SCTP connections. During
our testing we found that API "*SSL_connect* " fail and always returns
SSL_ERROR_WANT_READ which causes infinite loop in the application.
Scenario:
1) On Server side "Client Certificate Request" is enabled by setting the
SSL context as shown below
SSL_CTX_set_verify(ctx,
SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
2) On client side we have not configured the public certificate.
*Logs:*
[10/14/0117 15:05:06] F42C2700 Link-2 (SSL_accept) Failed to accept
new connection, Socket Id 65, Return Value 1
[10/14/0117 15:05:06] F42C2700 Link-2 SSL File :*
ssl/statem/statem_srvr.c *, Line number : *2882 *, Linux Error Code 0
[10/14/0117 15:05:06] F26B7700 Link-1 SSL_connect() fails to
connect need to retry, returned error code 2 , retry ? true
[10/14/0117 15:05:06] F26B7700 Link-1 SSL_connect() fails to
connect need to retry, returned error code 2 , retry ? true
[10/14/0117 15:05:06] F26B7700 Link-1 SSL_connect() fails to
connect need to retry, returned error code 2 , retry ? true
*<<< SSL_connect() always returns error code 2 that leeds to infinite loop
in application >>>*
Attaching PCAP file for your reference.
*Thanks,*
*Mahesh G S*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171114/0d0c3997/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: connect.pcap
Type: application/octet-stream
Size: 62993 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171114/0d0c3997/attachment-0001.obj>
More information about the openssl-users
mailing list