Re: Handshake Failure due to "bad record mac"

Fri, 14 Mar 2003 15:24:27 -0800 

Sorry!! SSL_connect is returning with
SSL_ERROR_SYSCALL(5) not -1 as previously mentioned 
and i tried to look at errno it shows 0. Can anyone
please point out where i am wrong?


client()

SSLeay_add_ssl_algorithms();
  meth = SSLv3_client_method();
  SSL_load_error_strings();
  ctx = SSL_CTX_new (meth);                       
CHK_NULL(ctx);

SSL_CTX_set_cipher_list(ctx,"ALL");
socket()..
connect()..
ssl = SSL_new (ctx);                        
CHK_NULL(ssl);    
  SSL_set_fd (ssl, sd);
  err = SSL_connect (ssl);                    //
CHK_SSL(err);
  if (err == -1)
          goto end;
    
  switch((err = SSL_get_error(ssl,r))){
       case SSL_ERROR_NONE:
                printf("Read from server:");
             break;
            case SSL_ERROR_ZERO_RETURN:
                goto end;
              break;
            case SSL_ERROR_WANT_READ:
              break;
            default:
              printf("SSL read problem");
              goto end;
  }




--- rajagopalan ramanujam <[EMAIL PROTECTED]>
wrote:
> hi,
> 
> I am using a sample client appli on an embedded
> platform trying to connect to s_server on the linux.
> 
> client code has set cipher("ALL"); 
> there is no client certificate.
>  
> client side SSL_connect() return -1;
> 
> Its very strange, some times client sends Alert
> message  with bad mac code and some times it does
> not.
> 
> i have both the logs attached.
> 
>  
> 
> # openssl s_server -cert server.pem -accept 10000
> -state
> Using default temp DH parameters
> ACCEPT
> SSL_accept:before/accept initialization
> SSL_accept:SSLv3 read client hello A
> SSL_accept:SSLv3 write server hello A
> SSL_accept:SSLv3 write certificate A
> SSL_accept:SSLv3 write server done A
> SSL_accept:SSLv3 flush data
> SSL3 alert read:fatal:bad record mac
> SSL_accept:failed in SSLv3 read client certificate A
> ERROR
> 1348:error:140943FC:SSL
> routines:SSL3_READ_BYTES:sslv3
> alert bad record mac:s3_pkt.c:964:SSL alert number
> 20
> shutting down SSL
> CONNECTION CLOSED
> ACCEPT
> 
>
-----------------------------------------------------
> # openssl s_server -cert server.pem -accept 10000
> -state -debug
>
----------------------------------------------------------------------
> SSL_accept:before/accept initialization
> read from 08162C88 [08168230] (11 bytes => 11 (0xB))
> 0000 - 16 03 00 00 3d 01 00 00-39 03                
>  
>   ....=...9.
> 000b - <SPACES/NULS>
> read from 08162C88 [0816823B] (55 bytes => 55
> (0x37))
> 0000 - 3e 72 3c 19 00 00 00 00-00 00 00 00 00 00 00
> 00
>   >r<.............
> 0010 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00
> 00
>   ................
> 0020 - 00 00 12 00 64 00 62 00-60 00 0a 00 09 00 08
> 00
>   ....d.b.`.......
> 0030 - 05 00 04 00 03 01                            
>  
>   ......
> 0037 - <SPACES/NULS>
> SSL_accept:SSLv3 read client hello A
> write to 08162C88 [081722C8] (79 bytes => 79 (0x4F))
> 0000 - 16 03 00 00 4a 02 00 00-46 03 00 3e 72 3b 01
> 05
>   ....J...F..>r;..
> 0010 - 62 55 98 f0 16 6d 64 a9-ab 4f 10 72 6d 78 12
> c4
>   bU...md..O.rmx..
> 0020 - 67 a5 aa 1d 8d d1 fc a4-13 c5 f3 20 48 37 ba
> 9d
>   g.......... H7..
> 0030 - ea 81 05 1f 3d 43 1f a7-5a 07 c8 b9 ad 4c 4c
> 6f
>   ....=C..Z....LLo
> 0040 - 2d 3b d3 8d a4 1e 43 0b-b0 63 19 0c 00 64    
>  
>   -;....C..c...d
> 004f - <SPACES/NULS>
> SSL_accept:SSLv3 write server hello A
> write to 08162C88 [081722C8] (508 bytes => 508
> (0x1FC))
> 0000 - 16 03 00 01 f7 0b 00 01-f3 00 01 f0 00 01 ed
> 30
>   ...............0
> 0160 - fe fe b9 ed 02 03 01 00-01 30 0d 06 09 2a 86
> 48
>   .........0...*.H
> 0170 - 86 f7 0d 01 01 04 05 00-03 81 81 00 93 d2 0a
> c5
>   ................
> 0180 - 41 e6 5a a9 86 f9 11 87-e4 db 45 e2 c5 95 78
> 1a
>   A.Z.......E...x.
> 0190 - 6c 80 6d 73 1f b4 6d 44-a3 ba 86 88 c8 58 cd
> 1c
>   l.ms..mD.....X..
> 01a0 - 06 35 6c 44 62 88 df e4-f6 64 61 95 ef 4a a6
> 7f
>   .5lDb....da..J..
> 01b0 - 65 71 d7 6b 88 39 f6 32-bf ac 93 67 69 51 8c
> 93
>   eq.k.9.2...giQ..
> 01c0 - ec 48 5f c9 b1 42 f9 55-d2 7e 4e f4 f2 21 6b
> 90
>   .H_..B.U.~N..!k.
> 01d0 - 57 e6 d7 99 9e 41 ca 80-bf 1a 28 a2 ca 5b 50
> 4a
>   W....A....(..[PJ
> 01e0 - ed 84 e7 82 c7 d2 cf 36-9e 6a 67 b9 88 a7 f3
> 8a
>   .......6.jg.....
> 01f0 - d0 04 f8 e8 c6 17 e3 c5-29 bc 17 f1          
>  
>   ........)...
> SSL_accept:SSLv3 write certificate A
> write to 08162C88 [081722C8] (9 bytes => 9 (0x9))
> 0000 - 16 03 00 00 04 0e                            
>  
>   ......
> 0009 - <SPACES/NULS>
> SSL_accept:SSLv3 write server done A
> SSL_accept:SSLv3 flush data
> read from 08162C88 [08168230] (5 bytes => 0 (0x0))
> SSL_accept:failed in SSLv3 read client certificate A
> ERROR
> shutting down SSL
> CONNECTION CLOSED
> ACCEPT
> 
> 
> 
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Web Hosting - establish your business online
> http://webhosting.yahoo.com
>
______________________________________________________________________
> OpenSSL Project                                
> http://www.openssl.org
> User Support Mailing List                   
> [EMAIL PROTECTED]
> Automated List Manager                          
[EMAIL PROTECTED]


__________________________________________________
Do you Yahoo!?
Yahoo! Web Hosting - establish your business online
http://webhosting.yahoo.com
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to