Regarding #def for 'SSL_R_PEER_ERROR_NO_CIPHER' and 'SSL_R_NO_CERTIFICATE_RETURNED' in openssl3.0

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Regarding #def for 'SSL_R_PEER_ERROR_NO_CIPHER' and 'SSL_R_NO_CERTIFICATE_RETURNED' in openssl3.0

Narayana, Sunil Kumar

Hi,

                We are trying to upgrade our application from openssl usage of 1.0.2 to openssl 3.0, during which we observe following errors.

Looks like the below #def been removed from 1.1 onwards, Should application also need to take off from its usage ? or is there any alternative to be used in application ?

Please suggest

 

error: 'SSL_R_PEER_ERROR_NO_CIPHER' was not declared in this scope

                 case SSL_R_PEER_ERROR_NO_CIPHER:

 

error: 'SSL_R_NO_CERTIFICATE_RETURNED' was not declared in this scope

                 case SSL_R_NO_CERTIFICATE_RETURNED:

 

 

Regards,

Sunil




Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. that is confidential and/or proprietary for the sole use of the intended recipient. Any review, disclosure, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please notify the sender immediately and then delete all copies, including any attachments.
Reply | Threaded
Open this post in threaded view
|

Regarding #def for 'SSL_R_PEER_ERROR_NO_CIPHER' and 'SSL_R_NO_CERTIFICATE_RETURNED' in openssl3.0

Narayana, Sunil Kumar

Hi,

                We are trying to upgrade our application from openssl usage of 1.0.2 to openssl 3.0, during which we observe following errors.

Looks like the below #def been removed from 1.1 onwards, Should application also need to take off from its usage ? or is there any alternative to be used in application ?

Please suggest

 

error: 'SSL_R_PEER_ERROR_NO_CIPHER' was not declared in this scope

                 case SSL_R_PEER_ERROR_NO_CIPHER:

 

error: 'SSL_R_NO_CERTIFICATE_RETURNED' was not declared in this scope

                 case SSL_R_NO_CERTIFICATE_RETURNED:

 

 

Regards,

Sunil




Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. that is confidential and/or proprietary for the sole use of the intended recipient. Any review, disclosure, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please notify the sender immediately and then delete all copies, including any attachments.
Reply | Threaded
Open this post in threaded view
|

Re: Regarding #def for 'SSL_R_PEER_ERROR_NO_CIPHER' and 'SSL_R_NO_CERTIFICATE_RETURNED' in openssl3.0

Matt Caswell-2


On 04/12/2020 13:28, Narayana, Sunil Kumar wrote:
> Hi,
>
>                 We are trying to upgrade our application from openssl
> usage of 1.0.2 to openssl 3.0, during which we observe following errors.
>
> Looks like the below #def been removed from 1.1 onwards, Should
> application also need to take off from its usage ? or is there any
> alternative to be used in application ?

1.0.x -> 1.1.x is a breaking change, and so is 1.1.x to 3.0. Return
codes are liable to change in these upgrades.

> error: 'SSL_R_PEER_ERROR_NO_CIPHER' was not declared in this scope

This one was only ever used in the SSLv2 implementation. Since no one
uses SSLv2 any more and it is considered highly insecure its
implementation was removed some while ago. So the reason code was also
deleted.

> error: 'SSL_R_NO_CERTIFICATE_RETURNED' was not declared in this scope

This reason code existed in 1.0.2 but was never used by anything.

Matt

Reply | Threaded
Open this post in threaded view
|

Re: Regarding #def for 'SSL_R_PEER_ERROR_NO_CIPHER' and 'SSL_R_NO_CERTIFICATE_RETURNED' in openssl3.0

OpenSSL - User mailing list
On 07/12/2020 12:39, Matt Caswell wrote:

>
> On 04/12/2020 13:28, Narayana, Sunil Kumar wrote:
>> Hi,
>>
>>                  We are trying to upgrade our application from openssl
>> usage of 1.0.2 to openssl 3.0, during which we observe following errors.
>>
>> Looks like the below #def been removed from 1.1 onwards, Should
>> application also need to take off from its usage ? or is there any
>> alternative to be used in application ?
> 1.0.x -> 1.1.x is a breaking change, and so is 1.1.x to 3.0. Return
> codes are liable to change in these upgrades.
>
>> error: 'SSL_R_PEER_ERROR_NO_CIPHER' was not declared in this scope
> This one was only ever used in the SSLv2 implementation. Since no one
> uses SSLv2 any more and it is considered highly insecure its
> implementation was removed some while ago. So the reason code was also
> deleted.
So what error is returned by SSL3/TLS1.x when the client (erroneously)
offers an empty cipher list?
>> error: 'SSL_R_NO_CERTIFICATE_RETURNED' was not declared in this scope
> This reason code existed in 1.0.2 but was never used by anything.
>
> Matt
>


Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Soborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

Reply | Threaded
Open this post in threaded view
|

Re: Regarding #def for 'SSL_R_PEER_ERROR_NO_CIPHER' and 'SSL_R_NO_CERTIFICATE_RETURNED' in openssl3.0

Matt Caswell-2


On 07/12/2020 14:26, Jakob Bohm via openssl-users wrote:
>>> error: 'SSL_R_PEER_ERROR_NO_CIPHER' was not declared in this scope
>> This one was only ever used in the SSLv2 implementation. Since no one
>> uses SSLv2 any more and it is considered highly insecure its
>> implementation was removed some while ago. So the reason code was also
>> deleted.
> So what error is returned by SSL3/TLS1.x when the client (erroneously)
> offers an empty cipher list?

Offering no ciphers at all would actually be a protocol error (since the
RFCs require at least one ciphersuite to be sent). We actually treat it
the same way as if none of the clients offered ciphersuites match with
the server's list. The error in this case is SSL_R_NO_SHARED_CIPHER.

Matt