Description:
Agent's SSL connection does not work. Here the end of the debug log:

2007-07-06 10:39:05: (message) --> sending heartbeat
2007-07-06 10:39:05: (debug) --> sending:
<doc><agentId>6bea59ed-5064-4b48-b6d0-8d1d371a22be</agentId><agentUtc>2007-07-06T08:39:05.736Z</agentUtc><hostname>1.2.0.6409_S_13_rhas4-x86_net-qa1_42</hostname><uuid>f0282fd8-3257-45c2-b779-16658bfc3890</uuid><version>1.2.0.6430</version><shutdown>false</shutdown><tasks/></doc>

2007-07-06 10:39:05: (critical)
curl_easy_perform('https://pino%40agent:onip%40agent@10.100.1.224:18443/merlin/heartbeat')
failed: Unknown SSL protocol error in connection to 10.100.1.224:18443  (code = 35,
os-errno = 0)

How to repeat:
start an agent, e.g. on RH4 or SLES9 using a 'hostname' like this:

[merlind]
hostname = https://pino%40agent:onip%40agent@10.100.1.224:18443/merlin/heartbeat

Suggested fix:
Unknown SSL protocol error in connection to ...:18443 (code = 35, os-errno = 0)

The bug only occurs with YaSSL is used instead of OpenSSL.

We upgraded libcurl 7.16.4 and yassl to 1.6.8 and the still persists.

Either libcurl or YaSSL don't handle EAGAIN correctly:

12783 recvfrom(7, 0x407ffb77, 1, 2, 0, 0) = -1 EAGAIN (Resource temporarily unavailable)
12783 ioctl(7, FIONREAD, [0])           = 0
12783 recvfrom(7, 0x407ffb77, 1, 2, 0, 0) = -1 EAGAIN (Resource temporarily unavailable)
12783 ioctl(7, FIONREAD, [0])  ...

test-app written, but final investigation deferred until after 1.2.0

We're actively investigating openSSL support in 2.0

OpenSSl support now works in 2.0.0.7071 beta release on most linux platforms (still
actively working all all the other platforms)

We enforce TLSv1 now.

2.0.0.7092: both 5.2 and 5.3 32bit installers fail when trying to use SSL (64 bit not yet
tested):

(debug) network-io.c:165 forcing TLSv1
(debug) network-io.c:74: About to connect() to qa-merlin port 28443 (#0)
(debug) network-io.c:74:   Trying 10.100.1.158...
(debug) network-io.c:74: connected
(debug) network-io.c:74: Connected to qa-merlin (10.100.1.158) port 28443 (#0)
(debug) network-io.c:74: SSLv3, TLS handshake, Client hello (1):
(debug) network-io.c:74: ^A
(debug) network-io.c:74: Unknown SSL protocol error in connection to qa-merlin:28443
(debug) network-io.c:74: Closing connection #0
(critical) network-io.c:220:
curl_easy_perform('https://pino%40agent:onip%40agent@qa-merlin:28443/heartbeat') failed:
Unknown SSL protocol error in connection to qa-merlin:28443  (curl-error = 'SSL connect
error' (35))
(message) network-io.c:248: encoding = 0.14 ms, request = 16.29 ms (incl. response 0.00
ms)
(message) network-io.c:827: backlog: 1
(message) --> sending heartbeat (1766 bytes) (shutdown = 0)
(debug) --> sending: <?xml version="1.0"?>

Build of curl (if properly rebuilt in the release builds) include SSL
support (I did a rebuild to verify this fact), and so does the agent
then as it in the current builds uses the curl SSL support.

So either this is a release build mistake that it uses an old
curl that was not rebuilt with OpenSSL, or this is a deeper problem
with OpenSSL, curl and AIX, something a developer needs to
look into.

Ran "make report" that does a self test and writes out
a report. Unfortunately no problems could be seen,
attaching the short summary and complete test log.

Short summary of OpenSSL self test

Attachment: openssl-0.9.8i-testlog.txt (text/plain), 515 bytes.

Log from OpenSSL self test

Attachment: openssl-0.9.8i-testlog-long.txt.gz (application/x-gzip, text), 15.46 KiB.

Jan Kneschke writes: 
The curl lib has been updated to 7.19.5 to provide better error-reporting. Please
re-verify that the bug still exists and let's try to narrow down the problem in tandem.

Keith Russell writes: 
Patch installed in versions => 2.1.0.1092.

Jan Kneschke writes: 
{noformat}
331856: 925747: kwrite(8, 0x00000001102BC710, 88)       = 88
331856:   160301\0 S01\0\0 O0301 J82