Sorry for top-posting - still getting used to this webmail:
The only way I can see that the server is "reponsible" for this behaviour is
the certificate you are providing. Has that expired or been invalidated in any
way at the client?
Carl
From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on
behalf of Jeremy Bratton [yer...@gmail.com]
Sent: 08 November 2012 04:58
To: openssl-users@openssl.org
Subject: Re: Getting "OpenSSL: Exit: error in SSLv3 read client certificate A"
when client connects
I now have an ssldump of an incoming connection. I think it shows the client is
closing the connection before the handshake is even complete. Is there any way
the server is responsible for this behavior? Thanks.
New TCP connection #4: xxxxx.com(12900) <-> a.b.c.d(443)
4 1 0.0362 (0.0362) C>S Handshake
ClientHello
Version 3.1
cipher suites
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
compression methods
NULL
4 2 0.0365 (0.0003) S>C Handshake
ServerHello
Version 3.1
session_id[32]=
4c 37 df 98 4e c2 6d 26 28 23 67 4e ab 79 fd 4d
f7 a8 e0 7e d8 47 37 38 c8 cc 06 db 43 f1 e3 a0
cipherSuite TLS_RSA_WITH_RC4_128_MD5
compressionMethod NULL
4 3 0.0365 (0.0000) S>C Handshake
Certificate
4 4 0.0365 (0.0000) S>C Handshake
ServerHelloDone
4 0.0600 (0.0234) C>S TCP FIN
4 0.0602 (0.0002) S>C TCP FIN
On Tue, Nov 6, 2012 at 8:35 AM, Jeremy Bratton <yer...@gmail.com> wrote:
I'm using OpenSSL 0.9.8o 01 Jun 2010 on Debian 6.0.2. Client verification is
disabled.
I've written a SOAP server app that uses SSL. The only client that connects to
it is completely out of my control. Though there have been no changes on either
end that I'm aware of, the client is no longer able to connect to the server. I
can see from the error message that something is going wrong during the SSL
handshake, but I have no idea what (the actual server uses ruby & soap4r). I'm
just getting the error message "SSL_accept SYSCALL returned=5 errno=0
state=SSLv3 read client certificate A"
I set up apache on the server and was able to get a more detailed error message
which is at http://pastebin.com/vvnLi9BQ
Basically, it seems like the client is sending an EOF before the handshake is
complete, but I've been assured that the client is working just as it's always
been. Also this client connects to several other companies' servers and I
believe they're all still working correctly. I'm pretty sure the client is
written in Java in case that matters.
I can connect to the server with a browser just fine.
Is this a common issue? Any suggestions for a fix or work-around? A web search
hasn't turned up much of anything.
Thanks,
Jeremy______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
