(connections.c.271) SSL: -1 5 0 Undefined error: 0
|Missing in 1.5.x:||No|
The OS's base OpenSSL was updated from 0.9.8k to OpenSSL 1.0.0a and now all SSL connection attempts result in the error message "(connections.c.271) SSL: -1 5 0 Undefined error: 0" in the error log.
[ssl/md5] prefix our own md5 implementation with li_ so it doesn't conflict with the openssl one (fixes #2269)
#2 Updated by Olaf-van-der-Spek over 2 years ago
Some I/O error occurred. The OpenSSL error queue may contain more information on the error. If the error queue is empty (i.e. ERR_get_error() returns 0), ret can be used to find out more about the error: If ret 0, an EOF was observed that violates the protocol. If ret -1, the underlying BIO reported an I/O error (for socket I/O on Unix systems, consult errno for details).
#3 Updated by firstname.lastname@example.org over 2 years ago
- File ssl-encoding-algorithms.diff added
Adding to this issue... I was seeing the error messages with each and every connection attempt and not being able to connect via HTTPS. I applied the attached patch and I am now seeing the error message only once upon the first HTTPS connection for each vhost and that connection as well as any other connections are now successful.
#4 Updated by stbuehler about 2 years ago
- Priority changed from Low to High
- Target version changed from 1.4.x to 1.4.29
- algorithms got added in @2780
- i tried to debug the issue, and the problem is that lighty 1.4.x + openssl 1.0.0 fails with TLS clients. but if you compile lighttpd with -O0 instead of -O2 it works, so it looks like there is some memory corruption or whatever. valgrind didn't help though, and neither did clang.
#6 Updated by email@example.com about 2 years ago
Yes with the commited patch back ported this fixes this symptom as well as the issues I was also experiencing along with sthen with ticket 2306 as I had asked him to report that. I could not connect with lynx, openssl s_client as well as some online SSL testers which are all working now.
Also available in: Atom