Unknown error being generated by openssl-0.9.8a

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Unknown error being generated by openssl-0.9.8a

Adam Ringel

We are using the openssl-0.9.8a library in a program called lftp to use FTP over an SSL channel on a Solaris platform.  We are getting an unknown error when we try to connect to a FTPS server running SecureTransport 4.1.1

The triggering function is: SSL_connect
The results of a call to ERR_error_string return -
        error:00000000:lib(0):func(0):reason(0)

The only other information I have is that the result from ERR_GET_LIB() is not equal to ERR_LIB_SSL.
We negotiated the folowing parameters with the FTPS server before the error was obtained:
---> AUTH SSL
<--- 234 SSLv23/TLSv1
---> OPTS UTF8 ON

Does anybody have any idea of what error:00000000 signifies?
Reply | Threaded
Open this post in threaded view
|

Re: Unknown error being generated by openssl-0.9.8a

Dr. Stephen Henson
On Mon, May 08, 2006, Adam Ringel wrote:

> We are using the openssl-0.9.8a library in a program called lftp to use
> FTP over an SSL channel on a Solaris platform.  We are getting an unknown
> error when we try to connect to a FTPS server running SecureTransport
> 4.1.1
>
> The triggering function is: SSL_connect
> The results of a call to ERR_error_string return -
>         error:00000000:lib(0):func(0):reason(0)
>
> The only other information I have is that the result from ERR_GET_LIB() is
> not equal to ERR_LIB_SSL.
> We negotiated the folowing parameters with the FTPS server before the
> error was obtained:
> ---> AUTH SSL
> <--- 234 SSLv23/TLSv1
> ---> OPTS UTF8 ON
>
> Does anybody have any idea of what error:00000000 signifies?

Yes it signifies that ERR_err_string() shouldn't have been called because an
error wasn't added to the error queue...

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Unknown error being generated by openssl-0.9.8a

Stewart Dean-2
my pleasure.  One of the great things of the internet is creation of
virtual interest groups....we hardly see each other in the flesh, but
share a common ground daily.....

Dr. Stephen Henson wrote:

> On Mon, May 08, 2006, Adam Ringel wrote:
>
>  
>> We are using the openssl-0.9.8a library in a program called lftp to use
>> FTP over an SSL channel on a Solaris platform.  We are getting an unknown
>> error when we try to connect to a FTPS server running SecureTransport
>> 4.1.1
>>
>> The triggering function is: SSL_connect
>> The results of a call to ERR_error_string return -
>>         error:00000000:lib(0):func(0):reason(0)
>>
>> The only other information I have is that the result from ERR_GET_LIB() is
>> not equal to ERR_LIB_SSL.
>> We negotiated the folowing parameters with the FTPS server before the
>> error was obtained:
>> ---> AUTH SSL
>> <--- 234 SSLv23/TLSv1
>> ---> OPTS UTF8 ON
>>
>> Does anybody have any idea of what error:00000000 signifies?
>>    
>
> Yes it signifies that ERR_err_string() shouldn't have been called because an
> error wasn't added to the error queue...
>
> Steve.
> --
> Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
> OpenSSL project core developer and freelance consultant.
> Funding needed! Details on homepage.
> Homepage: http://www.drh-consultancy.demon.co.uk
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>  

--
====
Stewart Dean, Unix System Admin, Henderson Computer Resources
Center of Bard College, Annandale-on-Hudson, New York  12504  
[hidden email]  voice: 845-758-7475, fax: 845-758-7035

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Unknown error being generated by openssl-0.9.8a

Adam Ringel

Interestingly enough, we found out why the connection is failing.  However, we are not sure why openssl doesn't detect it as an error.
After we send the first hand-shake of the SSL negotiation to the server, we get a RST (ECONNRESET) on the subsequent read for the server's response.
We're not sure why right now but we think a piece of network equipment (e.g. a firewall) is detecting an FTP session but gets confused when the encrypted data starts and kills the connection.



   "Stewart Dean" <[hidden email]>
   Sent by: [hidden email]

   05/09/2006 08:08 AM

   Please respond to
[hidden email]

To
[hidden email]
cc
Subject
Re: Unknown error being generated by openssl-0.9.8a





my pleasure.  One of the great things of the internet is creation of
virtual interest groups....we hardly see each other in the flesh, but
share a common ground daily.....

Dr. Stephen Henson wrote:
> On Mon, May 08, 2006, Adam Ringel wrote:
>
>  
>> We are using the openssl-0.9.8a library in a program called lftp to use
>> FTP over an SSL channel on a Solaris platform.  We are getting an unknown
>> error when we try to connect to a FTPS server running SecureTransport
>> 4.1.1
>>
>> The triggering function is: SSL_connect
>> The results of a call to ERR_error_string return -
>>         error:00000000:lib(0):func(0):reason(0)
>>
>> The only other information I have is that the result from ERR_GET_LIB() is
>> not equal to ERR_LIB_SSL.
>> We negotiated the folowing parameters with the FTPS server before the
>> error was obtained:
>> ---> AUTH SSL
>> <--- 234 SSLv23/TLSv1
>> ---> OPTS UTF8 ON
>>
>> Does anybody have any idea of what error:00000000 signifies?
>>    
>
> Yes it signifies that ERR_err_string() shouldn't have been called because an
> error wasn't added to the error queue...
>
> Steve.
> --
> Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
> OpenSSL project core developer and freelance consultant.
> Funding needed! Details on homepage.
> Homepage: http://www.drh-consultancy.demon.co.uk
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>  

--
====
Stewart Dean, Unix System Admin, Henderson Computer Resources
Center of Bard College, Annandale-on-Hudson, New York  12504  
[hidden email]  voice: 845-758-7475, fax: 845-758-7035

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]


Reply | Threaded
Open this post in threaded view
|

Re: Unknown error being generated by openssl-0.9.8a

Dr. Stephen Henson
On Tue, May 09, 2006, Adam Ringel wrote:

> Interestingly enough, we found out why the connection is failing. However,
> we are not sure why openssl doesn't detect it as an error.
> After we send the first hand-shake of the SSL negotiation to the server,
> we get a RST (ECONNRESET) on the subsequent read for the server's
> response.
> We're not sure why right now but we think a piece of network equipment
> (e.g. a firewall) is detecting an FTP session but gets confused when the
> encrypted data starts and kills the connection.
>

Maybe the negotiation isn't quite right. I'm not familiar with the protocol
but it may have to be byte perfect so the client doesn't send any additional
characters when the server is expecting a handshake *and* the client swallows
the precise number of characters so the server response doesn't get mixed up.

Though I'd expect a different error if the latter was the case.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Unknown error being generated by openssl-0.9.8a

Marek.Marcola
In reply to this post by Adam Ringel
Hello,

> We're not sure why right now but we think a piece of network equipment
> (e.g. a firewall) is detecting an FTP session but gets confused when
> the encrypted data starts and kills the connection.
Cisco routers with IDS enabled do things like that.

Best regards,
--
Marek Marcola <[hidden email]>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]