Openssl I/o Error 5 Bytes
Contents |
Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more openssl: i/o error, bytes expected to read on about Stack Overflow the company Business Learn more about hiring developers or posting ads
Openssl: I/o Error, 11 Bytes Expected To Read On Bio
with us Server Fault Questions Tags Users Badges Unanswered Ask Question _ Server Fault is a question and answer site for ssl_engine_io.c(1908): openssl: i/o error, 5 bytes expected to read on system and network administrators. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the
Ssl_engine_io.c(1950): Openssl: I/o Error, 5 Bytes Expected To Read On Bio
top openssl giving me errors and apache is not working with https up vote 0 down vote favorite I try to configure apache-tomcat with ssl, but find some issues [root@manage conf]# openssl s_client -state -debug -connect 10.104.1.38:443 -key server.key -cert server.crt CONNECTED(00000003) SSL_connect:before/connect initialization write to 0x80f1e98 [0x811d5e8] (121 bytes => 121 (0x79)) 0000 - 80 77 01 03 01 00 4e 00-00 00 20 00 00 39 00 00 openssl: exit: error in sslv2/v3 read client hello a .w....N... ..9.. 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5............ 0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 05 00 ..3..2../....... 0030 - 00 04 01 00 80 00 00 15-00 00 12 00 00 09 06 00 ................ 0040 - 40 00 00 14 00 00 11 00-00 08 00 00 06 04 00 80 @............... 0050 - 00 00 03 02 00 80 00 00-ff 0a 86 af 23 f2 2f a1 ............#./. 0060 - 4b 2d 9b f3 a9 d9 0e 1b-34 4d 0c e4 1a 06 b6 25 K-......4M.....% 0070 - 76 04 de bd 6f 50 86 a1-9f v...oP... SSL_connect:SSLv2/v3 write client hello A read from 0x80f1e98 [0x8122b48] (7 bytes => 7 (0x7)) 0000 - 3c 21 44 4f 43 54 59 ErrorLog "/usr/local/tomcat/logs/error_log" TransferLog "/usr/local/tomcat/logs/access_log" SSLEngine on SSLProtocol +SSLv3 +TLSv1 SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP+SSLv3: ServerName manage.xyz DocumentRoot /usr/local/tomcat/webapps/xyz ServerAdmin bugs@xxxx.com Alias /backup "/var/backupdata/" Alias /logbackup "/var/logbackupdata/" Alias /autologbackupdata "/var/autologbackupdata/" Alias /
Prev Next This bug is not in your last search results. Bug46952 - ssl renegotiation hangs with long ca list Summary:
Openssl: I/o Error, 7 Bytes Expected To Read On
ssl renegotiation hangs with long ca list Status: RESOLVED FIXED Product: Apache
Openssl: Exit: Error In Sslv3 Read Client Certificate A
httpd-2 Classification: Unclassified Component: mod_ssl Version: 2.2.11 Hardware: PC Windows Server 2003 Importance: P2 blocker (vote) TargetMilestone: --- Assigned end of file found: ssl handshake interrupted by system [hint: stop button pressed in browser?!] To: Apache HTTPD Bugs Mailing List URL: Keywords: Depends on: Blocks: Show dependency tree Reported: 2009-04-01 12:48 UTC by Lassi Tuura Modified: 2014-02-17 13:51 UTC (History) CC List: 5 users http://serverfault.com/questions/618007/openssl-giving-me-errors-and-apache-is-not-working-with-https (show) David.Smith keven.boudreau litmaath pahuja steve Attachments extra debugging for mod_ssl (8.38 KB, patch) 2009-04-01 12:48 UTC, Lassi Tuura Details | Diff test case for the bug (12.99 KB, application/octet-stream) 2009-06-19 03:15 UTC, szamcsi Details View All Add an attachment (proposed patch, testcase, etc.) Note You need to log in before you can comment on or make changes to this bug. Description Lassi Tuura https://bz.apache.org/bugzilla/show_bug.cgi?id=46952 2009-04-01 12:48:16 UTC Created attachment 23434 [details] extra debugging for mod_ssl Using apache 2.2.11 with openssl 0.9.7d, a location-specific SSLVerifyClient optional (or require), and a long list of CA certificates, the SSL session re-negotiation hangs. Shrinking the "CA" list works around the problem. There is bug in mod_ssl / openssl such that mod_ssl buffers the data, openssl thinks it issues a flush while working through the renegotiation state machine, but mod_ssl never flushes the data out. The web client hangs waiting for more data from the server, and the server hangs waiting for the client to send certificate, thinking it's sent the data out already. The client hang occurs at least with firefox (3.0.x), curl and openssl s_client. Safari does not hang. We have had mixed reports about Konqueror. For example I use the following command to connect to the server: curl --cert mycert.pem --key mykey.pem --cacert ca-list.pem \ -L -v -1 -o - https://myserver.domain:443/test/testme The detailed SSL debug output in (A) is from: openssl s_client -state -debug -connect myserver.domain:443 \ -key mykey.pem -cert mycert.pem -CAfile ca-list.pem Once in the interactive mode, type in the URL which is
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the http://stackoverflow.com/questions/19592494/client-certificates-issued-by-my-own-ca-with-apache workings and policies of this site About Us Learn more about Stack https://bugzilla.mozilla.org/show_bug.cgi?id=725652 Overflow the company Business Learn more about hiring developers or posting ads with us Stack Overflow Questions Jobs Documentation Tags Users Badges Ask Question x Dismiss Join the Stack Overflow Community Stack Overflow is a community of 6.2 million programmers, just like you, helping each other. Join them; i/o error it only takes a minute: Sign up client certificates issued by my own CA with Apache up vote 5 down vote favorite Trying to get an HTTPS session working using client certificates from a self-signed CA. The connection should check that all certificates are valid, both client and server side. The process I followed is roundly as follows: Create openssl: i/o error, Certificate Authority openssl genrsa -out CA.key 4096 openssl req -new -key CA.key -out CA.csr openssl x509 -req -days 365 -in CA.csr -out CA.crt -signkey CA.key Create Server Certificate openssl genrsa -out server.key 4096 openssl req -new -key server.key -out server.csr openssl ca -in server.csr -cert CA.crt -keyfile CA.key -out server.crt Create Client Certificate openssl genrsa -out client.key 4096 openssl req -new -key client.key -out client.csr openssl ca -in client.csr -cert CA.crt -keyfile CA.key -out client.crt Configure Apache
BMO. For more details see Persona Deprecated. Last Comment Bug725652 - SSL client auth broken on Apache, when a directory of CA certificates is specified Summary: SSL client auth broken on Apache, when a directory of CA certificates is spec... Status: RESOLVED INVALID Whiteboard: Keywords: Product: Core Classification: Components Component: Security: PSM (show other bugs) Version: 10 Branch Platform: All All Importance: -- normal (vote) TargetMilestone: --- Assigned To: Nobody; OK to take it and work on it QA Contact: TriageOwner: David Keeler [:keeler] (use needinfo?) Mentors: URL: https://issues.apache.org/bugzilla/sh... Depends on: Blocks: Show dependency tree /graph Reported: 2012-02-09 07:07 PST by Christoph Anton Mitterer Modified: 2016-03-30 12:52 PDT (History) CC List: 2 users (show) andrei dkeeler See Also: Crash Signature: (edit) QA Whiteboard: Iteration: --- Points: --- Has Regression Range: --- Has STR: --- Tracking Flags: Attachments Add an attachment (proposed patch, testcase, etc.) Description Christoph Anton Mitterer 2012-02-09 07:07:40 PST User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0) Gecko/20100101 Firefox/10.0 Iceweasel/10.0 Build ID: 20120205110156 Steps to reproduce: I have a Apache HTTPD Server 2.2.16 running, compiled against OpenSSL 0.9.8o. There are name based virtual hosts configured on it. SNI is enabled. There is a default name based virtual host, which is actually never used (it's ServerName is set to localhost) and several further name based virtual hosts. The CA certs are added to Firefox and enabled. I try to access one of the later. When SSL client authentication is disabled, accessing the SNI host works. When I however configure the server to demand SSL client authentication accessing fails. I get the certificate selection dialog (even with the correct subset of certificates proposed). But when I choose one, Firefox aborts with: SSL peer cannot verify your certificate. (Error code: ssl_error_bad_cert_alert) Th