search for: ssl_handle_error

...a crash. What was going on is this: In ssl-proxy-openssl.c in line 545 in the function ssl_step() the function ssl_handshake() is called. There SSL_accept() is called. If SSL_accept failes - because a client sent an invalid packet or something the server doesn't support or any other reason - ssl_handle_error() will be called. ssl_handle_error() will call ssl_proxy_destroy(). ssl_proxy_destroy() will then call ssl_proxy_flush(). And ssl_proxy_flush will call ssl_step() again. Here we have a loop. Now when SSL_accept() gets called again on the same context this is an invalid state for OpenSSL and it cra...

...fee35ee0 (line ~545) in "ssl-proxy-openssl.c" [6] ssl_proxy_flush(proxy = 0x809ba38) (optimized), at 0xfee3680c (line ~817) in "ssl-proxy-openssl.c" [7] ssl_proxy_destroy(proxy = 0x809ba38) (optimized), at 0xfee3686b (line ~825) in "ssl-proxy-openssl.c" [8] ssl_handle_error(proxy = 0x809ba38, ret = -1, func_name = 0xfee3b2d8 "SSL_accept()") (optimized), at 0xfee35bc0 (line ~465) in "ssl-proxy-openssl.c" [9] ssl_handshake(proxy = 0x809ba38) (optimized), at 0xfee35cc9 (line ~483) in "ssl-proxy-openssl.c" [10] ssl_step(proxy = 0x809...

Connecting to dovecot with ssl3 causes imap-login to die: $ openssl s_client -connect localhost:993 -ssl3 CONNECTED(00000003) 4277630796:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1461:SSL alert number 40 4277630796:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:645: --- no peer certificate available --- No client certificate