Prabbu/Marek/Chong I have a SSL server application. It creates threads for each client connection. My server call accept(). After the sock = accept() return, I put SSL on sock, spin-off a thread for that client. All socks share the same 'ctx' in the server. How do I lock SSL object 'ctx' properly in this case ?? Should I generate different 'ctx' for each client, instead of share ?? Please Help.
TD -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Prabhu.S Sent: Thursday, November 02, 2006 9:37 To: openssl-users@openssl.org Subject: Re: Error accepting connections Marek/Chong, Thanks for your reply. As Marek poited out the issue was in the way mutithreading was achieved in server. The locking of SSL context objects 'ctx' was not done properly. The issue is solved now. Chong , I tried using sslv23_server_method but it didn't help . ----- Original Message ----- From: "Marek Marcola" <[EMAIL PROTECTED]> To: <openssl-users@openssl.org> Sent: Wednesday, November 01, 2006 4:33 AM Subject: Re: Error accepting connections > Hello, > > I have a SSL Server application .. In a test scenario 20 clients try > > connecting to the server simultaneously. In most of the test run > > atleast one connection fails. The server logs the following message > > for the failed connection: > > > > ** server.c:809 Error accepting SSL connection > > 14658:error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or > > bad record mac:s3_pkt.c:426: > > > > What is the reason for this inconsistent handshake failures? > > > > I have OpenSSL 0.9.8a . > This error can appear for a few reasons, for example: > - bad packet decryption (errors in key or cbc xor) > - bad decompression > - MAC length in packet greater than packet > - bad or NULL MAC > But in this situation I would suggest checking proper > setting of callback locking functions if your server > is multithreading. Locking is used by OpenSSL in multithreading > environment in this situation should be checked first. > (assuming that I am knowing nothing about your server). > > Best regards, > -- > Marek Marcola <[EMAIL PROTECTED]> > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]