On 18/01/15 21:58, Jeffrey Walton wrote:
> On Sun, Jan 18, 2015 at 3:25 PM, Matt Caswell <
ma...@openssl.org> wrote:
>>
>>
>> On 18/01/15 20:13, Jeffrey Walton wrote:
>>> My bad... I think this is the code (from around line 500 in s3_both.c):
>>>
>>> /* s->init_num == 4 */
>>> if ((mt >= 0) && (*p != mt))
>>> {
>>> al=SSL_AD_UNEXPECTED_MESSAGE;
>>> SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
>>> goto f_err;
>>> }
>>>
>>> What would cause this error on a client?
>>>
>>
>> The client has an internal state machine which tells it what message it
>> should expect next from the server based on its current state. Only
>> certain messages are legal at any one time. The variable mt holds the
>> message type of the message it is expecting to receive. The variable p
>> points into the message buffer for the message that it has actually
>> received. If the message sent from the server doesn't match the one the
>> client was expecting then you get this error.
>
> Thanks Matt.
>
> Have you guys (the devs) seen this failure in the field during
> testing? If so, what's a typical configuration to cause it? Or what's
> the offending server message?