On 06/18/02 06:59 PM, Lutz Jaenicke sat at the `puter and typed: > On Tue, Jun 18, 2002 at 12:10:48PM -0400, Louis LeBlanc wrote: > > The problem I'm seeing is apparently caused by a read or write attempt > > returning SSL_ERROR_WANT_X509_LOOKUP. My understanding of this was > > that I should simply try the read or write again. Apparently I was > > mistaken because the app seems to get sucked into a loop where it > > continually returns the same error and continues to loop. Needless to > > say, the result is a very ugly, resource gobbling, and quite painful > > decline into oblivion. > > SSL_ERROR_WANT_LOOKUP can only appear on client applications. It is returned, > if a client_cert_cb() is installed _and_ the client_cert_cb() returns > a value < 0, indicating that it cannot satisfy the request for a client > certificate now and wants to be called again later. > The manual page delivered with all version up to 0.9.6d is wrong, I have > corrected it in the meantime.
You mean the server is requesting a client cert from my app? This is what http://www.openssl.org/docs/ssl/SSL_get_error.html# says: SSL_ERROR_WANT_X509_LOOKUP The operation did not complete because an application callback set by SSL_CTX_set_client_cert_cb() has asked to be called again. The TLS/SSL I/O function should be called again later. Details depend on the application. This sounds pretty much like the manpage I have installed. Is this only returned during a connection, or can it be returned during an SSL_read or SSL_write attempt? Thanks Lutz. Lou -- Louis LeBlanc [EMAIL PROTECTED] Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ pain, n.: One thing, at least it proves that you're alive! ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]