[openssl-users] OpenSSL handshake failure in ssl3_get_client_hello() routine

2017-01-25 Thread Senthil Raja Velu 
Hi,
I have a setup where the handshake between openssl server and client fails
at times but not always. And when it does,  the client keeps retrying and
all of trials fail. Only way to recover is to restart the server.

Currently on the server side the openssl version that I have installed is
1.0.1m.

Both server and client are written in C and are in non-blocking mode. I
have added InfoCallBack and printCallBack routines on the server side.

On the server side application, I have set the following options;

pCtx = SSL_CTX_new(SSLv23_server_method());

SSL_CTX_set_options(pCtx, SSL_OP_NO_SSLv2);
SSL_CTX_set_options(pCtx, SSL_OP_NO_SSLv3);
SSL_CTX_set_options(pCtx, SSL_OP_NO_TLSv1);


Now when the failure occurs, I get the following error message on the
server side:

InfoCB
HANDSHAKE_START(time:5093879)  undefined: before/accept initialization

InfoCB
SSL_accept:before/accept initialization

InfoCB
SSL3 alert write:fatal:internal error

PrintCB
error:1408A044:SSL routines:SSL3_GET_CLIENT_HELLO:internal
error:/server/openssl/ssl/s3_srvr.c:1265:

InfoCB
SSL_accept:error in SSLv3 read client hello C

InfoCB
SSL_accept:error in SSLv3 read client hello C


The SSL code path  refers to the
following section of code in ssl3_get_client_hello() routine in s3_srvr.c.

--
/*
 * Check if we want to use external pre-shared secret for this handshake
 * for not reused session only. We need to generate server_random before
 * calling tls_session_secret_cb in order to allow SessionTicket
 * processing to use it in key derivation.
 */
{
unsigned char *pos;
pos = s->s3->server_random;
if (ssl_fill_hello_random(s, 1, pos, SSL3_RANDOM_SIZE) <= 0) {
#ifdef USER_EXTENSIONS
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
#endif // USER_EXTENSIONS
goto f_err;
}
}
--

Note, I have edited the SSL library to include this USER_EXTENSIONS
section, so that I could confirm where exactly this issue is happening in
the library.

Clearly ssl_fill_hello_ramdom() routine is returning -1 or something less
than zero.

I do not hit this issue always.

Any pointers on addressing this issue will be a big help.


Thanks,
Senthil.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Open source network money project

2017-01-25 Thread Kyle Bateman 
I have started a project to develop a new kind of open source money (not 
Bitcoin!). It will be heavily dependent on encryption technology. While 
I do have experience in coding, I am more capable as a system 
designer/architect. I am hoping to find a team of great developers who 
would enjoy working on this project with me.


It is outlined here: gotchoices.org/mychips/software.html
And a repository ready to start filling up with new code: 
https://github.com/gotchoices/MyCHIPs


Anyone interested? There is no reward in it, other than unimaginable 
fame and fortune!


You can reply on the contact page of the gotchoices.org site.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Need openssl.spec for OpenSSL-1.1.0c for redHat Linux 6.5

2017-01-25 Thread Eero Volotinen 
RHEL version is heavily patched. so there is no such a version.

2017-01-25 13:00 GMT+02:00 Asis Kumar Samanta :

>
>
> Could you please provide the openssl.spec for OpenSSL-1.1.0c for redHat
> Linux 6.5 to build the binary rpm??
>
>
> Thank you advance.
>
>
> Regards,
>
>
> Asish
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Need openssl.spec for OpenSSL-1.1.0c for redHat Linux 6.5

2017-01-25 Thread Asis Kumar Samanta 


Could you please provide the openssl.spec for OpenSSL-1.1.0c for redHat Linux 
6.5 to build the binary rpm??


Thank you advance.


Regards,


Asish
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Fwd: [openssl-announce] Forthcoming OpenSSL releases

2017-01-25 Thread Matt Caswell 
In case anyone on these lists missed this on the openssl-announce list:


 Forwarded Message 
Subject: [openssl-announce] Forthcoming OpenSSL releases
Date: Mon, 23 Jan 2017 21:08:50 + (GMT)
From: OpenSSL 
Reply-To: openssl-users@openssl.org
To: openssl-annou...@openssl.org

Forthcoming OpenSSL releases


The OpenSSL project team would like to announce the forthcoming release of
OpenSSL versions 1.0.2k, 1.1.0d.

These releases will be made available on 26th January 2017 between
approximately
1300-1700 UTC.  They will fix several security defects with maximum severity
"moderate".

Please see the following page for further details of severity levels:
https://www.openssl.org/policies/secpolicy.html

Please also note that, as per our previous announcements, support for 1.0.1
ended on 31st December 2016.

Yours

The OpenSSL Project Team
-- 
openssl-announce mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-announce




signature.asc
Description: OpenPGP digital signature
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users