How to debug a TLSv1.3 protocol problem?
ca+ssl-users at esmtp.org
Wed May 20 16:52:48 UTC 2020
On Wed, May 20, 2020, Matt Caswell wrote:
[Thanks for still helping me with this!]
> Can you test the underlying socket to see if it has been closed down in
> an orderly way (i.e. recv() should return 0 on the socket if so)? That
Yes, that what happens.
So I added some debugging to the client and it shows:
read server hello
write change cipher spec
write client hello
and I/O layer (only last/relevant part):
... write ... and then
want_read=5 -< read=OK, num_read=5
want_read=1 -> read=OK, num_read=1
want_read=5 -> read=TIMEOUT, num_read=0
want_write = BIO_ctrl_pending(network_bio)
want_read = BIO_ctrl_get_read_request(network_bio)
I didn't instrument the write part, only the read part.
want_read>0 -> invoke read, check result: read=STATUS, num_read=N
So the last read does not get the data the library wants,
and hence the client fails and closes the connection.
In that moment the server fails in SSL_accept and issues
the misleading error message.
Now the question seems to be:
did the server actually not send the data (not sure how to check
that, maybe looking at tcpdump?)
or has the client a bug not reading the data?
More information about the openssl-users