ssl client write / server accept seems broken

Embedded Devel lists at optimcloud.com
Tue Mar 23 15:47:21 UTC 2021


IM inclined top think the code for the certs is ok, but  can really say, 
and im not an openssl programmer by any means... just need someone to 
put eyes on the code and fix it really.


The cert looks ok - at least nothing obviously wrong. 2048 bit RSA key.

yes freshly generated

>> when i run the client - i get an error on the client side Tue Mar 23 
>> 02:13:58 2021 user.err : ac_ssl_client_write(): Error SSL_ERROR_SSL - 
>> return code: -1. Tue Mar 23 02:13:58 2021 user.info : ac_send_init(): 
>> Error

>> It would be useful to see any errors on the OpenSSL error stack which 
>> might provide more details about specifically what has failed. For 
>> example you can call the `ERR_print_errors_fp` function to dump the 
>> error stack to a `FILE *`. Or alternatively use the `ERR_*` functions 
>> to examine the stack and print it to your log:
>>
>> Yupp above my head.... :(
>
> Ah. That's a shame - we could really use understanding the real error 
> behind this. "SSL_ERROR_SSL" just means "libssl encountered an error". 
> You have to modify your code to print more detailed error information
>
> There doesn't look to be anything obviously wrong from the snippets of 
> code that you have shared. I suspect some kind of config issue - but 
> without more detailed error information its difficult to say for sure.
>
> Would you be able to get a packet capture of a failing connection? 
> That might give us some kind of clue.
>
> Do you know if your application is statically linked or dynamically 
> linked to OpenSSL?
Ive attached the code in question if it helps

just compiled with gcc, i see no -lstatic in the makefile ... ive 
attached the ssl .c and .h files in question if you want to see them

as for a packet capture i can try, they are both remote systems


>
>>
>> and lastly if it helps
>>
>
> Unfortunately, not really. This appears to show a working TLSv1.3 
> connection.
>
> Matt
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ac_ssl.c
Type: text/x-csrc
Size: 1697 bytes
Desc: not available
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210323/c4ee0fc2/attachment-0003.c>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ac_ssl.h
Type: text/x-chdr
Size: 1294 bytes
Desc: not available
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210323/c4ee0fc2/attachment-0001.h>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ac_ssl_client.c
Type: text/x-csrc
Size: 4877 bytes
Desc: not available
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210323/c4ee0fc2/attachment-0004.c>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ac_ssl_server.c
Type: text/x-csrc
Size: 4118 bytes
Desc: not available
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210323/c4ee0fc2/attachment-0005.c>


More information about the openssl-users mailing list