[openssl-users] SSL_read() failed: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init
Matt Caswell
matt at openssl.org
Thu Oct 26 12:33:40 UTC 2017
On 26/10/17 13:28, Kadlecsik József wrote:
> Hi,
>
> On Thu, 26 Oct 2017, Matt Caswell wrote:
>
>>> Oct 20 18:50:05 mail2 dovecot: imap-login: Debug: SSL error: SSL_read()
>>> failed: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init
>>>
>>> The openssl package is 1.1.0f-3.
>>>
>>> The error messsage is total cryptic to me: how could three states be
>>> intermixed?
>>>
>>> I think it's a dovecot issue about how the openssl library is used but I'm
>>> unfamiliar with the details of the openssl library: what function, macro
>>> is used incorrectly then, at which state?
>>
>> SSL_shutdown() is used to shut down an SSL/TLS connection that has
>> already been established (meaning that the SSL/TLS handshake has
>> completed and we are ready to send/receive application data). If you
>> call SSL_shutdown() while the handshake is still in progress then you
>> get the "shutdown while in init" error message.
>
> But why SSL_read() failed with this error message?
That I can't explain since SSL_read() does not call SSL_shutdown().
Plausibly if SSL_read() fails (e.g. because the underlying TCP
connection died) then dovecot could call SSL_shutdown() immediately even
if it's still not completed the handshake. Then dovecot reports the
SSL_read() failure along with the error message from the subsequent
attempt to shutdown the connection. Just a theory.
Matt
More information about the openssl-users
mailing list