On Thu, Oct 22, 2009 at 12:49:10PM +0530, Kamesh Jayachandran wrote: > I tried your patch. It does *not* fix the issue. > One difference it makes is , triggers failure early at 20/30 files(PUT > requests) instead of 20k files earlier.
Can you get a packet dump/trace from the client side? Is there anything between client and server which is intercepting the SSL traffic? (physical/software firewall?) It would be good whether this problem is due to the traffic becoming corrupted. There seem to be two places in OpenSSL's ssl_parse_serverhello_tlsext() which can send a "decode error" alert, if I am reading the code and following the error handling correctly. It would be useful if you could use a custom OpenSSL build with an fprintf(stderr, ... ) or similar added before each of the "*al = SSL_AD_DECODE_ERROR;" lines in that function (in ssl/t1_lib.c), if you're able to try that? Regards, Joe