Bug #2269


(connections.c.271) SSL: -1 5 0 Undefined error: 0

Added by about 13 years ago. Updated over 12 years ago.

Target version:


The OS's base OpenSSL was updated from 0.9.8k to OpenSSL 1.0.0a and now all SSL connection attempts result in the error message "(connections.c.271) SSL: -1 5 0 Undefined error: 0" in the error log.


ssl-encoding-algorithms.diff (357 Bytes) ssl-encoding-algorithms.diff, 2010-11-06 21:52

Related issues 1 (0 open1 closed)

Has duplicate Bug #2306: SSL regression following r2780Duplicate2011-03-28Actions
Actions #1

Updated by stbuehler about 13 years ago

  • Priority changed from High to Low
  • Target version changed from 1.4.29 to 1.4.x

I just checked the code, and i don't think we do anything wrong there.
ssl returned SSL_ERROR_SYSCALL, but errno was 0 after SSL_read.

Actions #2

Updated by Olaf-van-der-Spek about 13 years ago

Some I/O error occurred. The OpenSSL error queue may contain more information on the error. If the error queue is empty (i.e. ERR_get_error() returns 0), ret can be used to find out more about the error: If ret 0, an EOF was observed that violates the protocol. If ret -1, the underlying BIO reported an I/O error (for socket I/O on Unix systems, consult errno for details).

Actions #3

Updated by about 13 years ago

Adding to this issue... I was seeing the error messages with each and every connection attempt and not being able to connect via HTTPS. I applied the attached patch and I am now seeing the error message only once upon the first HTTPS connection for each vhost and that connection as well as any other connections are now successful.

Actions #4

Updated by stbuehler over 12 years ago

  • Priority changed from Low to High
  • Target version changed from 1.4.x to 1.4.29
  • algorithms got added in @2780
  • i tried to debug the issue, and the problem is that lighty 1.4.x + openssl 1.0.0 fails with TLS clients. but if you compile lighttpd with -O0 instead of -O2 it works, so it looks like there is some memory corruption or whatever. valgrind didn't help though, and neither did clang.
Actions #5

Updated by stbuehler over 12 years ago

  • Status changed from New to Fixed
  • % Done changed from 0 to 100

Applied in changeset r2788.

Actions #6

Updated by over 12 years ago

Yes with the commited patch back ported this fixes this symptom as well as the issues I was also experiencing along with sthen with ticket 2306 as I had asked him to report that. I could not connect with lynx, openssl s_client as well as some online SSL testers which are all working now.


Also available in: Atom