# SSL_accept failing



## pradeepreddy (Sep 15, 2010)

Hi,
Iam integrating openssl in my application built with gsoap. 

I am able to establish the connection between server and client with openssl. I have set both server and client authentication as false SOAP_SSL_REQUIRE_CLIENT_AUTHENTICATION and SOAP_SSL_REQUIRE_SERVER_AUTHENTICATION to false.

But SSL_Conect & SSL_accept
are failing with errors:


```
*** error:00002733:lib(0):func(2):reason(1843)
*** SSL_ERROR_SSL
*** SSL_ERROR_SSL
error:1408A0C1:lib(20):func(138):reason(193)
Error 30 fault: SOAP-ENV:Server [no subcode]
Error observed by underlying BIO: No such file or directory
Detail: SSL_accept() failed in soap_ssl_accept()
```

I provided client.pem keyfile, though it is not required as authentication is set to false.

My network configuration settings are:


```
<NetworkConfig>
               <Server Location="https://127.0.0.1:15000" />
               <Client Location="https://127.0.0.1:16000" />
```

Please let me know your thoughts. Thanks in advance.


----------



## pradeepreddy (Sep 15, 2010)

*SSL_connect is failing*

after worked with ssl key and certificate things, the errors are changed.

Below are the SSL setings for server and client side:


```
<ServerConfig isClientAuthenticationRequired="true"  KeyFileName="D://V2.0/Thirdparty//gsoap-2.7//gsoap//samples//ssl//server.pem" 
Password="password" OptionalCacertFile="D://V2.0//Thirdparty//gsoap-2.7//gsoap//samples//ssl//cacert.pem" 
OptionalPath="D://V2.0//Thirdparty//gsoap-2.7//gsoap//samples//ssl" DHFile="" RandFile="" SeverIdentification="sslserver"/>
```


```
<ClientConfig isServerAuthenticationRequired="false"  KeyFileName="D://V2.0/Thirdparty//gsoap-2.7//gsoap//samples//ssl//client.pem" 
Password="password" OptionalCacertFile="D://V2.0//Thirdparty//gsoap-2.7//gsoap//samples//ssl//cacert.pem" 
OptionalPath="D://V2.0//Thirdparty//gsoap-2.7//gsoap//samples//ssl" RandFile=""/>
```

SSL_accept and SSL_Connect are failing with 

```
*** SSL_ERROR_WANT_READ 
*** SSL_ERROR_SYSCALL 
Error 30 fault: SOAP-ENV:Server [no subcode] 
EOF was observed that violates the protocol. The client probably provided inval id authentication information.
Detail: SSL_accept() failed in soap_ssl_accept()
*** error:00002733:lib(0):func(2):reason(1843)
```

I don't understand what is preventing from server to read even after connection is established. The cryptographic parametrs are created with openssl today. So I don't point any mistake in them. Please provide some light. Thanks in advance.


----------



## anomie (Sep 15, 2010)

You've got to use code tags, pal.  That is a jumbled mess you posted. 

This looks like a clue: 

```
*** SSL_ERROR_SYSCALL
Error 30 fault: SOAP-ENV:Server [no subcode]
"EOF was observed that violates the protocol. The client probably provided inval
id authentication information."
```

Bad cert file, perhaps? You might take a close look with hexdump(1) to make sure you didn't accidentally get carriage returns or some other crud in there.


----------



## DutchDaemon (Sep 16, 2010)

pradeepreddy, I've been a moderator for quite some time now, but I have never seen posts like that (category 'unreadable crap that makes me angry'). 

Use the correct tags to post system output (http://forums.freebsd.org/showthread.php?t=8816), use correct punctuation (there's supposed to be a space after a comma, a period, a colon, a semicolon, etc.), and use whitespace and empty lines to create some structure. And please write '*and*' instead of '*&*', because an ampersand has a special meaning which makes your posts very confusing.

Do not post a mess like this again, because it is insulting to the members and will have consequences. Read your welcome email again as to why.


----------



## pradeepreddy (Sep 16, 2010)

*OPENSSL SSL_connect is failing*

Hi,

Apolozies for not following the forum rules and inconvenience caused to you all.

 Anomie, Thanks for your answer. Iam working on windows and I have used [CMD="openssl rsa -in server.pem -check"][/CMD] to ckeck key file  and [CMD="openssl x509 -in root.pem -text -noout"][/CMD] to check certificate. Output of these commands printed the key and certificate in proper format.
Do you have any windows utility in hand to check these files, as these are for testing purpose, I can send you the files.

Please let me know.

Thanks you.


----------



## anomie (Sep 16, 2010)

@pradeepreddy: No, I'd rather you did not send me your SSL cert files.  

There can be issues introduced when you manage cert files (or any ASCII text files, for that matter) on Windows systems, and then transfer them to unix-like systems. The Windows system may append a carriage return (hex 0x00D) at the end of each line. Problem is, unix-like systems only want to see a newline (hex 0x00A), and will see the carriage return as unprintable garbage. As you might imagine, this can break programs that don't expect it. 

Install the converters/unix2dos port using the FreeBSD Handbook instructions. 

Then, run on your cert: 
`% dos2unix your-cert-here`

If bogus (i.e. Windows-injected) characters are your problem, that should solve it.


----------



## pradeepreddy (Sep 16, 2010)

*SSL_connect is failing*

Hi anomie,

I have run the dos2unix on certificate and keyfiles and run my application.
But the same error.

Thanks,
Pradeepreddy


----------



## anomie (Sep 16, 2010)

Hmm, in looking back at post #2 - is this a Windows server you're running this on? Those are (improperly delimited, AFAIK) Windows-style paths in your config. (How does FreeBSD enter the picture?)


----------



## pradeepreddy (Sep 16, 2010)

*SSL_connect is failing*

Hi Anomie,

Yes, I am working on Windows, But I should be porting this in Unix machine at release.
So this is basically a platform independent application.

Thanks,
Pradeep.


----------



## anomie (Sep 16, 2010)

There's something wrong with your client cert (see post #3 again). 

Sorry, I'm a Windows novice, and do not know how to troubleshoot further. My general recommendation is: sanity check your cert and/or regenerate it and try again. 

Your app may be "platform independent", but control characters and all sorts of other subtleties that are very much platform dependent can still bite you!


----------



## DutchDaemon (Sep 16, 2010)

Sorry, but *a)* this is a Windows (environment) problem *b)* this is neither a Windows forum nor a 'platform independent application' forum. This forum deals with the FreeBSD operating system and services/applications that run on it. The fact that this forum has threads dealing with SSL does not mean *all* SSL-related problems can be discussed here. Either find a Windows forum or a generic SSL forum for this type of problem. You're welcome to discuss anything FreeBSD-related here, but this topic is closed now because it obviously is not.


----------

