> I'm seeing weird OpenSSL behaviour and I suspect it's a bug in > the library.
It sounds like a typical protocol error. > The problem is that SSL_write() sometimes returns SSL_ERROR_SSL with > errno equal to EAGAIN. This is your problem. You are confusing yourself by checking 'errno'. SSL_write does not set 'errno' to a useful value, so there is no reason to check it. > SSL_write() returned -1 <0 The write operation was not successful, because either an error occurred or action must be taken by the calling process. Call SSL_get_error() with the return value ret to find out the reason. > SSL_get_error() returned 1 > // the above corresponds to SSL_ERROR_SSL ("A failure in the SSL library > occurred, usually a protocol error. The OpenSSL error queue contains > more information on the error.") SSL_ERROR_SSL A failure in the SSL library occurred, usually a protocol error. The OpenSSL error queue contains more information on the error. In other words, the error was not due to a system call as this would result in SSL_ERROR_SYSCALL, so 'errno' isn't going to be useful. > ERR_get_error() returned 67596407 > ERR_error_string() returned error:04077077:rsa routines:RSA_verify:wrong > signature length > > ERR_get_error() returned 218910726 > ERR_error_string() returned error:0D0C5006:asn1 encoding > routines:ASN1_item_verify:EVP lib > > ERR_get_error() returned 0 Well, there you go. The other side sent a signature with the wrong length. > errno is 11 // which corresponds to EAGAIN Nothing told you to consult 'errno'. If you check 'errno' when an error code doesn't tell you to, it will contain random junk. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]