Bug #2269
(connections.c.271) SSL: -1 5 0 Undefined error: 0
| Status: | Fixed | Start date: | 2010-10-25 | |
|---|---|---|---|---|
| Priority: | High | Due date: | ||
| Assignee: | - | % Done: | 100% | |
| Category: | core | |||
| Target version: | 1.4.29 | |||
| Missing in 1.5.x: | No |
Description
The OS's base OpenSSL was updated from 0.9.8k to OpenSSL 1.0.0a and now all SSL connection attempts result in the error message "(connections.c.271) SSL: -1 5 0 Undefined error: 0" in the error log.
ssl-encoding-algorithms.diff 
(357 Bytes)
Related issues
Associated revisions
[ssl/md5] prefix our own md5 implementation with li_ so it doesn't conflict with the openssl one (fixes #2269)
[md5] fix md5 includes if openssl is not available (#2269)
[ssl/md5] prefix our own md5 implementation with li_ so it doesn't conflict with the openssl one (fixes #2269)
History
#1 Updated by stbuehler over 2 years ago
- Priority changed from High to Low
- Target version changed from 1.4.29 to 1.4.x
I just checked the code, and i don't think we do anything wrong there.
ssl returned SSL_ERROR_SYSCALL, but errno was 0 after SSL_read.
#2 Updated by Olaf-van-der-Spek over 2 years ago
SSL_ERROR_SYSCALL:
Some I/O error occurred. The OpenSSL error queue may contain more information on the error. If the error queue is empty (i.e. ERR_get_error() returns 0), ret can be used to find out more about the error: If ret 0, an EOF was observed that violates the protocol. If ret -1, the underlying BIO reported an I/O error (for socket I/O on Unix systems, consult errno for details).
#3 Updated by brad@comstyle.com over 2 years ago
- File ssl-encoding-algorithms.diff added
Adding to this issue... I was seeing the error messages with each and every connection attempt and not being able to connect via HTTPS. I applied the attached patch and I am now seeing the error message only once upon the first HTTPS connection for each vhost and that connection as well as any other connections are now successful.
#4 Updated by stbuehler about 2 years ago
- Priority changed from Low to High
- Target version changed from 1.4.x to 1.4.29
- algorithms got added in @2780
- i tried to debug the issue, and the problem is that lighty 1.4.x + openssl 1.0.0 fails with TLS clients. but if you compile lighttpd with -O0 instead of -O2 it works, so it looks like there is some memory corruption or whatever. valgrind didn't help though, and neither did clang.
#5 Updated by stbuehler about 2 years ago
- Status changed from New to Fixed
- % Done changed from 0 to 100
Applied in changeset r2788.
#6 Updated by brad@comstyle.com about 2 years ago
Yes with the commited patch back ported this fixes this symptom as well as the issues I was also experiencing along with sthen with ticket 2306 as I had asked him to report that. I could not connect with lynx, openssl s_client as well as some online SSL testers which are all working now.
Also available in: Atom