I'm using ssl (openssl-0.9.7m) as part of AXIS C++. I just spent a week trying
to figure out why I couldn't use https (via openssl) to connect on only some of
our systems. After rebuilding our copy of OpenSSL for debug and trapping
through it, I found that ssleay_rand_bytes() was setting the
RAND_R_PRNG_NOT_SEEDED error, then ssleay_rand_pseudo_bytes() (who called
ssleay_rand_bytes was clearing it off the error stack and all I was getting on
my SSL_Connect() was a return code of -1, and an error string of
"00000000:lib(0):func(0):reason(0)". It would really be nice if we could get
the right error.
What am I missing here?
The code basically does:
int ret = SSL_connect( m_sslHandle);
// 1 is fine
// 0 is "not successful but was shut down controlled"
// <0 is "handshake was not successful, because a fatal error occurred"
if( ret <= 0)
{
...
switch( ret)
{
case SSL_ERROR_NONE: // this is not an error
case SSL_ERROR_ZERO_RETURN: // no more data
return;
...
case SSL_ERROR_SSL:
// A failure in the SSL library occurred, usually a protocol error. The
// OpenSSL error queue contains more information on the error.
default:
// openssl/ssl.h says "look at error stack/return value/errno"
{
// A failure in the SSL library occurred, usually a protocol error.
The
// OpenSSL error queue contains more information on the error.
m_Last Error = "OpenSSL error is " + std::string(ret) + "Error
stack:\n";
while ((sslerror = ERR_get_error()) != 0)
{
ERR_error_string(sslerror , error_buffer);
m_Last Error += std::string(error_buffer) + "\n";
}
}
}
Thanks for the help.
Wayne Johnson
Senior Software Engineer
MQSoftware, Inc.
1660 S Highway 100
Minneapolis, MN 55416
(952) 345-8628
