Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

SSL_read() returns SSL_ERROR_SYSCALL

900 views
Skip to first unread message

chithuanand

unread,
Jun 8, 2009, 5:40:15 AM6/8/09
to

Hi All,

we are working on a client which runs on windows mobile. This client access
a webservice using gSOAP generated stubs For secure webservice calls,we are
using openssl for
communication.
My problem is that - while transferring data, SSL_read() always fails (after
transferring few KB of data).
The follwoing error is returned -
----------------------------------------------------------------------------------
SSL_read() returns SSL_ERROR_SYSCALL

"error:00000005:lib(0):func(0):DH lib"
-------------------------------------------------------------------------------
This is not consistent across the different methods. The methods which pass
bigger chunks of data in the request consistently fail, and the ones which
pass lesser data consistently pass.

Any help will be much appreciated

--
View this message in context: http://www.nabble.com/SSL_read%28%29-returns-SSL_ERROR_SYSCALL-tp23918379p23918379.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org

Kyle Hamilton

unread,
Jun 8, 2009, 1:46:36 PM6/8/09
to
SSL_ERROR_SYSCALL means that an underlying call to the system failed.
Check errno in that case.

If you're getting the error on larger pieces of data, instead of
smaller pieces of data, it sounds like you're not properly handling
the case where your read buffer isn't large enough, needs to be
extended, and the read continued. Without knowing the value of errno,
it's impossible to guess, though.

-Kyle H

On Sun, Jun 7, 2009 at 10:28 PM, chithuanand<chith...@yahoo.com> wrote:
>
> Hi All,
>

> we are working on a client which runs on windows mobile. This client acce=
ss
> a webservice using gSOAP generated stubs For secure webservice calls,we a=


re
> using openssl for
> communication.

> My problem is that - while transferring data, SSL_read() always fails (af=


ter
> transferring few KB of data).
> The follwoing error is returned -

> -------------------------------------------------------------------------=
---------
> =C2=A0SSL_read() returns SSL_ERROR_SYSCALL


>
> "error:00000005:lib(0):func(0):DH lib"

> -------------------------------------------------------------------------=
------
> This is not consistent across the different methods. The methods which pa=
ss
> bigger chunks of data in the request consistently fail, and the ones whic=
h
> pass lesser data =C2=A0consistently pass.


>
> Any help will be much appreciated
>
> --

> View this message in context: http://www.nabble.com/SSL_read%28%29-return=


s-SSL_ERROR_SYSCALL-tp23918379p23918379.html
> Sent from the OpenSSL - User mailing list archive at Nabble.com.
> ______________________________________________________________________

> OpenSSL Project =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 http://www.openssl.=
org
> User Support Mailing List =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0opens...@openssl.org
> Automated List Manager =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 majo...@openssl.org

Dave Thompson

unread,
Jun 8, 2009, 10:25:00 PM6/8/09
to
> From: owner-ope...@openssl.org On Behalf Of Kyle Hamilton
> Sent: Monday, 08 June, 2009 13:46

> SSL_ERROR_SYSCALL means that an underlying call to the system failed.
> Check errno in that case.

>=20
Or in desktop-Windows=3DWinsock2 WSAGetLastError() .
I don't know if windows mobile(?) is the same.

> If you're getting the error on larger pieces of data, instead=20
> of smaller pieces of data, it sounds like you're not properly=20
> handling the case where your read buffer isn't large enough,=20
> needs to be extended, and the read continued. Without=20


> knowing the value of errno, it's impossible to guess, though.

>=20
> -Kyle H
>=20
> On Sun, Jun 7, 2009 at 10:28 PM,=20


> chithuanand<chith...@yahoo.com> wrote:
> >
> > Hi All,
> >

> > we are working on a client which runs on windows mobile.=20
> This client=20
> > access a webservice using gSOAP generated stubs For secure=20
> webservice=20
> > calls,we are using openssl for communication.
> > My problem is that - while transferring data, SSL_read()=20
> always fails=20
> > (after transferring few KB of data).


> > The follwoing error is returned -

> >=20
> ----------------------------------------------------------------------
> > ------------


> > =A0SSL_read() returns SSL_ERROR_SYSCALL
> >
> > "error:00000005:lib(0):func(0):DH lib"

> >=20
> ----------------------------------------------------------------------
> > --------- This is not consistent across the different methods. The=20
> > methods which pass bigger chunks of data in the request=20
> consistently=20
> > fail, and the ones which pass lesser data =A0consistently pass.

Dave Thompson

unread,
Jun 9, 2009, 8:43:45 PM6/9/09
to
> From: owner-ope...@openssl.org On Behalf Of chithuanand
> Sent: Tuesday, 09 June, 2009 00:13

> The Winsock2 WSAGetLastError() returns 100054, means "Socket
> forcefully shut down by remote host".
>
Precisely 10054 is connection-reset. In TCP "shut down" normally
is used for the normal/graceful shutdown i.e. FIN exchange(s).
"forcefully shut down" clearly means something different,
and the only other prompt possibility is reset/abort using RST,
but it's clearer to say reset.

"by remote host" may be misleading. In the early ARPAnet-like
Internet, resets were always from the remote host. Routers did
other things, like ICMP Net,Host Unreachable, but not reset.
Nowadays, there are lots of things like gateways, proxies,
firewalls, "smart" (too smart for their own good) routers,
etc., that sometimes cause/force a TCP reset. If you're
connecting through some wireless network/carrier, to me
that would definitely be one suspect.

If it is in fact coming from the remote host, reset is often
(not necessarily always) used if the server process fails.
This can mean different things depending on what the server is,
e.g. segfault, GPF, unhandled_exception, whatever.

> Initially we had only one webservice class. This webservice
> class is based on gSOAP generated proxy classes, which will
> in turn use openSSL functions to access a secured
> webservice.All the methods in this class worked perfectly
> till we added one more class, which access another set of
> webservices. The new class contains a set of totally disjoint
> methods,and it should not affect the existing code. The same
> code also works properly in some other networks.
>
Does the server/service report (usually log) anything relevant
to your access/connection/request/whatever? In particular, if
it logs something about "server error" you need to look there.
If it too reports seeing a reset, coming from your direction,
then you need to look for something in the network in between.

If this is a network problem, it may be easier to look for it
using clear data. Do you have the option of connecting to
these servers/services without SSL (or with SSL but using
an eNULL ciphersuite) and if so does it have the same problem?
(Obviously you should do that only with nonconfidential data.
If there is higher-level authentication e.g. password, use
a temporarily assigned and immediately disabled test id, etc.)

> > SSL_ERROR_SYSCALL means that an underlying call to the
> system failed.
> > Check errno in that case.
> >

> Or in desktop-Windows=Winsock2 WSAGetLastError() .


> I don't know if windows mobile(?) is the same.
>

<snip rest>

chithuanand

unread,
Jun 10, 2009, 3:47:20 AM6/10/09
to

Please see my comments inline.


Does the server/service report (usually log) anything relevant
to your access/connection/request/whatever? In particular, if
it logs something about "server error" you need to look there.
If it too reports seeing a reset, coming from your direction,
then you need to look for something in the network in between.

<Chitra> The server application is also within our control only.Hence we
were able to monitor the server also. Its clear from the server logs that
server is getting the request and sending the response. So i dont suspect
the network.

If this is a network problem, it may be easier to look for it
using clear data. Do you have the option of connecting to
these servers/services without SSL (or with SSL but using
an eNULL ciphersuite) and if so does it have the same problem?
(Obviously you should do that only with nonconfidential data.
If there is higher-level authentication e.g. password, use
a temporarily assigned and immediately disabled test id, etc.)

<Chitra> We have tried that also. This problem doesnt happen when we access
the http webservice. This occurs only when we access the service in https
mode. Is there any way we can decrypt the packets and view the packets sent
in https mode.

I am an novice in openSSL and not very sure how to use SSL using eNULL
ciphersuite. Since we are depending on gSOAP generated stubs, and these
stubs use openSSL dlls (ssleay.lib and libeay.lib) for the https webservice
calls. While debugging, we found that the SSL_read() returned this error
(SSL_ERROR_SYSCALL).

There was another entry in this forum stating the same problem, and they
have mentioned that this is a configuration issue. This can be resolved by
changing the ciphersuite to default. But its not clear where should we
change it , in the server or in the client? You may find the post in this
link

http://marc.info/?l=openssl-users&m=110252442813443&w=2

Thanks
Chitra
--
View this message in context: http://www.nabble.com/SSL_read%28%29-returns-SSL_ERROR_SYSCALL-tp23918379p23955257.html


Sent from the OpenSSL - User mailing list archive at Nabble.com.

chithuanand

unread,
Jun 10, 2009, 10:55:11 AM6/10/09
to

hi,

We have tried settiong the ciphersuite using SSL_CTX_set_cipher_list(), as
eNULL/NULL-MD5/DEFAULT. But we get handshake error. In the server also we
have tried giving the encryption= true and cipherlist to all of the above
settings. eNULL/NULL-MD5 /any null values give handshake error. What am i
missing here?


If this is a network problem, it may be easier to look for it
using clear data. Do you have the option of connecting to
these servers/services without SSL (or with SSL but using
an eNULL ciphersuite) and if so does it have the same problem?
(Obviously you should do that only with nonconfidential data.
If there is higher-level authentication e.g. password, use
a temporarily assigned and immediately disabled test id, etc.)


--
View this message in context: http://www.nabble.com/SSL_read%28%29-returns-SSL_ERROR_SYSCALL-tp23918379p23961104.html

Shaw Graham George

unread,
Jun 10, 2009, 11:10:32 AM6/10/09
to

Is the server IIS?

And do you get all of the response?

Because IIS doesn't necessarily close SSL connections in a tidy manner -
it can give SSL_ERROR_SYSCALL.

G.


-----Original Message-----
From: owner-ope...@openssl.org
[mailto:owner-ope...@openssl.org] On Behalf Of chithuanand
Sent: 10 June 2009 13:22
To: openss...@openssl.org
Subject: RE: SSL_read() returns SSL_ERROR_SYSCALL


hi,

We have tried settiong the ciphersuite using
SSL_CTX_set_cipher_list(), as eNULL/NULL-MD5/DEFAULT. But we get

handshake error. In the server also we have tried giving the =
encryption=3D

chithuanand

unread,
Jun 16, 2009, 9:35:49 AM6/16/09
to

The server is Apache Tomcat . The server logs say that the response is sent.
But at the client, we are not able to read the response. Instead, the
SSL_read() is failing with the error "SSL_ERROR_SYSCALL"

Is the server IIS?

And do you get all of the response?

Because IIS doesn't necessarily close SSL connections in a tidy manner -
it can give SSL_ERROR_SYSCALL.

G.

--
View this message in context: http://www.nabble.com/SSL_read%28%29-returns-SSL_ERROR_SYSCALL-tp23918379p24031564.html

Kyle Hamilton

unread,
Jun 16, 2009, 5:58:11 PM6/16/09
to
It sounds like it's about time to break out Wireshark or another
packet capture utility and see what the actual on-wire traffic is.
Something, somewhere, is unhappy and isn't following the protocols.

-Kyle H

On Mon, Jun 15, 2009 at 2:36 AM, chithuanand<chith...@yahoo.com> wrote:
>
> The server is Apache Tomcat . The server logs say that the response is se=


nt.
> But at the client, we are not able to read the response. Instead, the
> SSL_read() is failing with the error "SSL_ERROR_SYSCALL"
>
>
>
> Is the server IIS?
>
> And do you get all of the response?
>
> Because IIS doesn't necessarily close SSL connections in a tidy manner -
> it can give SSL_ERROR_SYSCALL.
>
> G.
>
>
>
> --

> View this message in context: http://www.nabble.com/SSL_read%28%29-return=


s-SSL_ERROR_SYSCALL-tp23918379p24031564.html
> Sent from the OpenSSL - User mailing list archive at Nabble.com.
> ______________________________________________________________________

> OpenSSL Project =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 http://www.openssl.=
org
> User Support Mailing List =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0opens...@openssl.org
> Automated List Manager =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 majo...@openssl.org
>

0 new messages