>From: owner-openssl-...@openssl.org On Behalf Of Brandt Kruger >Sent: Monday, 25 February, 2013 06:22
>I get the following error on SSL_accept - SSL_accept - >[error:00000000:lib(0):func(0):reason(0) ]. If ERR_get_error returns 0 you should ignore it. If SSL_get_error returns SSL_ERROR_SYSCALL after SSL_accept (or most other SSL_* routines) indicates failure, usually only the OS error is meaningful and ERR_get_error is 0. Did you check SSL_get_error? >The socket error that I get is 10060 - operation timeout. So that might be the actual problem. But are you sure it's from this call? In Unix and BSDsock errno is set nonzero on error but not set zero on success, so a value in there can be "left over", inapplicable and misleading. I don't know if the same is true for Winsock, especially since WSA[GS]etLastError merged with Windows-wide [GS]etLastError years ago (maybe NT4?). Just in case, try SetLastError(0) before the call(s) of interest. >I then immediately do another connection that is successful. >This happens every time wit a new connection. What do you mean "do" another connection? A socket server can't initiate a connection, it can only accept a client connection. Is the same client immediately retrying (often sensible), or is another client trying by coincidence, or because you told it? Are you doing the socket-level yourself (bind, listen, accept, or maybe their WSA versions, and then passing the handle in to SSL_set_fd or equivalent for SSL_accept etc. to use), or are you using accept-BIO to do socket-level for you? If the former, are you doing blocking or nonblocking, with select or what, are you sure everything was successful before the SSL_accept? >Any ideas why? I don't see any way to get TCP timeout on anything socket-accept + SSL_accept should be doing. If you are using accept-BIO it does normally try reverse-DNS, which conceivably might get timeout in some situations, but if so it shouldn't cause an error return (it should just proceed using the numeric address). Assuming you can install programs, www.WireShark.org can (capture and) nicely display your network activity on Windows -- exactly what and when your system is receiving and sending. That may help. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
