Project

General

Profile

Actions
Copy link

Bug #2269

closed

(connections.c.271) SSL: -1 5 0 Undefined error: 0

Added by brad@comstyle.com over 13 years ago. Updated about 13 years ago.

Status:
Fixed
Priority:
High
Category:
core
Target version:
1.4.29
ASK QUESTIONS IN Forums:

Description

The OS's base OpenSSL was updated from 0.9.8k to OpenSSL 1.0.0a and now all SSL connection attempts result in the error message "(connections.c.271) SSL: -1 5 0 Undefined error: 0" in the error log.

Files

ssl-encoding-algorithms.diff (357 Bytes) ssl-encoding-algorithms.diff brad@comstyle.com, 2010-11-06 21:52

Related issues 1 (0 open1 closed)

Has duplicate Bug #2306: SSL regression following r2780Duplicate2011-03-28Actions
Actions
Copy link
 #1

Updated by stbuehler over 13 years ago

  • Priority changed from High to Low
  • Target version changed from 1.4.29 to 1.4.x

I just checked the code, and i don't think we do anything wrong there.
ssl returned SSL_ERROR_SYSCALL, but errno was 0 after SSL_read.

Actions
Copy link
 #2

Updated by Olaf-van-der-Spek over 13 years ago

SSL_ERROR_SYSCALL:
Some I/O error occurred. The OpenSSL error queue may contain more information on the error. If the error queue is empty (i.e. ERR_get_error() returns 0), ret can be used to find out more about the error: If ret 0, an EOF was observed that violates the protocol. If ret -1, the underlying BIO reported an I/O error (for socket I/O on Unix systems, consult errno for details).

http://www.openssl.org/docs/ssl/SSL_get_error.html

Actions
Copy link
 #3

Updated by brad@comstyle.com over 13 years ago

Adding to this issue... I was seeing the error messages with each and every connection attempt and not being able to connect via HTTPS. I applied the attached patch and I am now seeing the error message only once upon the first HTTPS connection for each vhost and that connection as well as any other connections are now successful.

Actions
Copy link
 #4

Updated by stbuehler about 13 years ago

  • Priority changed from Low to High
  • Target version changed from 1.4.x to 1.4.29
  • algorithms got added in @2780
  • i tried to debug the issue, and the problem is that lighty 1.4.x + openssl 1.0.0 fails with TLS clients. but if you compile lighttpd with -O0 instead of -O2 it works, so it looks like there is some memory corruption or whatever. valgrind didn't help though, and neither did clang.
Actions
Copy link
 #5

Updated by stbuehler about 13 years ago

  • Status changed from New to Fixed
  • % Done changed from 0 to 100

Applied in changeset r2788.

Actions
Copy link
 #6

Updated by brad@comstyle.com about 13 years ago

Yes with the commited patch back ported this fixes this symptom as well as the issues I was also experiencing along with sthen with ticket 2306 as I had asked him to report that. I could not connect with lynx, openssl s_client as well as some online SSL testers which are all working now.

Actions
Copy link

Also available in: Atom