[openssl-users] ssl_accept failure

Matt Caswell matt at openssl.org
Fri Oct 26 09:07:35 UTC 2018

On 24/10/2018 23:34, Skip Carter wrote:
> I have a server-side application that fails when some clients connect:
> waiting for SSL accept()...
> SSL_accept() (0) failure -1
> SSL_accept() (1) failure 5

How did you obtain the error number 5? Is this the return value from
SSL_get_error()? If so that means SSL_ERROR_SYSCALL which has this
description in the docs:

    Some non-recoverable I/O error occurred.
    The OpenSSL error queue may contain more information on the error.
    For socket I/O on Unix systems, consult B<errno> for details.

    This value can also be returned for other errors, check the error
    queue for details.

> [DEBUG]     Error string : error:00000005:lib(0):func(0):DH lib
> SSL_accept() sockerrno is: 0

How did you generate this error string? It looks like you might have
taken the return value (5) from SSL_get_error() and stuffed it into
ERR_error_string() or a similar function. That would give you output
like this - but is the incorrect way of doing things.


> I think that something earlier failed silently and what I am looking at
> is a consequence. 
> I need help with that error message.  
> In general those "Error string : error:000000..." are pretty cryptic.
> I know from messing around that:
>       Error string : error:00000001:lib(0):func(0):reason(1)
> means that there was no cipher overlap between the client and server.
> For some clients, SSL_accept() succeeds and the rest of the application
> runs properly.  I have not been able to sort out what the difference
> is.

More information about the openssl-users mailing list