Renegotiation with Client Certs failure

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Renegotiation with Client Certs failure

Adam Grossman
Hello,

I inherited the code for web-server like server that i need to
maintain.  It is setup that when you request a certain URL, the server
will renegotiate and request a client certificate.  They said it worked
when they use OpenSSL 0.9.8, but we are seeing issues with 1.0.2l.  When
it does the renegotiation, the second SSL_handshake fails with
"SSL_ERROR_SYSCALL" and ERR_get_error() returns 0.  But if i reload the
page, it gets the client certificate and everything works and every
subsequent request for that URL works.  But if i clear the cache and
connect again, i get the same error.

Any help or pointers on how to further debug this would be greatly
appreciated.

This is the relevant code:

SSL_set_verify(ssl, SSL_VERIFY_PEER |SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
verify_callback);
ssl_data->reneg_state = RENEG_ALLOW;
r=SSL_renegotiate(ssl);

if (r<=0)
     { // return error }

r=SSL_do_handshake(ssl);
if (r<=0)
     { // return error }

ssl->state=SSL_ST_ACCEPT;
do {
     ERR_clear_error();
     r=SSL_do_handshake(ssl);  // this is where it fails
     if (r<=0) {
         e=SSL_get_error(ssl,r);
         int errR = ERR_get_error();
         // printf("Error Level 1: e=%d r=%d errR=%d
errno=%d\n",e,r,errR, errno);
     }
}
while ((r !=1)  &&  ((e == SSL_ERROR_WANT_READ) || (e ==
SSL_ERROR_WANT_WRITE)));


thank you very much,

adamtg


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Loading...