[openssl-users] ssl_accept failure
matt at openssl.org
Fri Oct 26 09:07:35 UTC 2018
On 24/10/2018 23:34, Skip Carter wrote:
> I have a server-side application that fails when some clients connect:
> waiting for SSL accept()...
> SSL_accept() (0) failure -1
> SSL_accept() (1) failure 5
How did you obtain the error number 5? Is this the return value from
SSL_get_error()? If so that means SSL_ERROR_SYSCALL which has this
description in the docs:
Some non-recoverable I/O error occurred.
The OpenSSL error queue may contain more information on the error.
For socket I/O on Unix systems, consult B<errno> for details.
This value can also be returned for other errors, check the error
queue for details.
> [DEBUG] Error string : error:00000005:lib(0):func(0):DH lib
> SSL_accept() sockerrno is: 0
How did you generate this error string? It looks like you might have
taken the return value (5) from SSL_get_error() and stuffed it into
ERR_error_string() or a similar function. That would give you output
like this - but is the incorrect way of doing things.
> I think that something earlier failed silently and what I am looking at
> is a consequence.
> I need help with that error message.
> In general those "Error string : error:000000..." are pretty cryptic.
> I know from messing around that:
> Error string : error:00000001:lib(0):func(0):reason(1)
> means that there was no cipher overlap between the client and server.
> For some clients, SSL_accept() succeeds and the rest of the application
> runs properly. I have not been able to sort out what the difference
More information about the openssl-users