Ssl_error_none

Checking for the errno EAGAIN was my attempt to fix this issue... So
  1. Apr 29, 2021 SSLERRORNONE The TLS/SSL I/O operation completed. This result code is returned if and only if ret 0. SSLERRORZERORETURN The TLS/SSL connection has been closed.
  2. SSLERRORZERORETURN The TLS/SSL connection has been closed. If the protocol version is SSL 3.0 or TLS 1.0, this result code is returned only if a closure alert has occurred in the protocol, i.e. If the connection has been closed cleanly.

2006-01-20 15:32 UTC rebe at unit01 dot net Description: - Ftp ssl/tls connection fails after login function. I checked on ftp client program supporting ssl (lftp) and everything works fine there.

you can ignore that check and the problem still persists.

Errno is the usual errno (Just a wrapper for platforms porting
purposes).
The code sets 't' to 0 initially (sorry I forgot that line from the
stripped code I showed below).

If select returns 0 and errno is 0, then you are right it is
technically a timeout and that is exactly what was happening which I
tried to 'fix' it by checking the errno.

Now If I heed your advice and remove the errno check [which was my
original code], then when the problem hits I see that both the client
and the server return 0 from their select in the SSL_ERROR_WANT_READ
code block.

Even if I increase the select timeout to 10 seconds both the client
and the server will timeout on that select line right after they
reported SSL_ERROR_WANT_READ ...

My question is, under what conditions both the server and the client
are waiting on SSL_ERROR_WANT_READ and how to get out of that deadlock
state?

Ssl_error_noneSsl_error_none

Yes my server is multi threaded and although I am sure my design is
not the best it has been serving 1000s of clients on different
platforms sometimes for days without dropping a single connection.
Then just randomly some of my clients [only on Linux and HP platforms]
will report this handshake issue!. Debugging it shows that when this
happens both the client and the server are timing out on the select
line right after the SSL_ERROR_WANT_READ.

> User Support Mailing List [email protected]
> Automated List Manager [email protected]

RETURN VALUES

Define

The following return values can currently occur:

SSL_ERROR_NONE
The TLS/SSL I/O operation completed. This result code is returned if and only if ret > 0.
SSL_ERROR_ZERO_RETURN
Ssl_error_none
The TLS/SSL connection has been closed. If the protocol version is SSL 3.0 or TLS 1.0, this result code is returned only if a closure alert has occurred in the protocol, i.e. if the connection has been closed cleanly. Note that in this case SSL_ERROR_ZERO_RETURN does not necessarily indicate that the underlying transport has been closed.
Ssl_error_none
SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE

The operation did not complete; the same TLS/SSL I/O function should be called again later. If, by then, the underlying BIO has data available for reading (if the result code is SSL_ERROR_WANT_READ) or allows writing data (SSL_ERROR_WANT_WRITE), then some TLS/SSL protocol progress will take place, i.e. at least part of an TLS/SSL record will be read or written. Note that the retry may again lead to a SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE condition. There is no fixed upper limit for the number of iterations that may be necessary until progress becomes visible at application protocol level.

For socket BIOs (e.g. when SSL_set_fd() was used), select() or poll() on the underlying socket can be used to find out when the TLS/SSL I/O function should be retried.

Caveat: Any TLS/SSL I/O function can lead to either of SSL_ERROR_WANT_READ and SSL_ERROR_WANT_WRITE. In particular, SSL_read() or SSL_peek() may want to write data and SSL_write() may want to read data. This is mainly because TLS/SSL handshakes may occur at any time during the protocol (initiated by either the client or the server); SSL_read(), SSL_peek(), and SSL_write() will handle any pending handshakes.

SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT
The operation did not complete; the same TLS/SSL I/O function should be called again later. The underlying BIO was not connected yet to the peer and the call would block in connect()/accept(). The SSL function should be called again when the connection is established. These messages can only appear with a BIO_s_connect() or BIO_s_accept() BIO, respectively. In order to find out, when the connection has been successfully established, on many platforms select() or poll() for writing on the socket file descriptor can be used.

Ssl_error_none

SSL_ERROR_WANT_X509_LOOKUP
The operation did not complete because an application callback set by SSL_CTX_set_client_cert_cb() has asked to be called again. The TLS/SSL I/O function should be called again later. Details depend on the application.

Ssl_error_none Value

SSL_ERROR_SYSCALL
Some I/O error occurred. The OpenSSL error queue may contain more information on the error. If the error queue is empty (i.e. ERR_get_error() returns 0), ret can be used to find out more about the error: If ret 0, an EOF was observed that violates the protocol. If ret -1, the underlying BIO reported an I/O error (for socket I/O on Unix systems, consult errno for details).

Define Ssl_error_none

SSL_ERROR_SSL

Ssl_get_error Ssl_error_none

A failure in the SSL library occurred, usually a protocol error. The OpenSSL error queue contains more information on the error.