Bug #29593 | Unknown SSL protocol error in connection to ...:18443 (code = 35, os-errno = 0) | ||
---|---|---|---|
Submitted: | 6 Jul 2007 8:47 | Modified: | 9 Jan 2015 14:14 |
Reporter: | Carsten Segieth | Email Updates: | |
Status: | Won't fix | Impact on me: | |
Category: | MySQL Enterprise Monitor: Agent | Severity: | S1 (Critical) |
Version: | 1.2.0.6430 | OS: | IBM AIX |
Assigned to: | Jan Kneschke | CPU Architecture: | Any |
Tags: | build, kay_merlin_immediate, PLATFORM, quan security, SSL |
[6 Jul 2007 8:47]
Carsten Segieth
[12 Jul 2007 11:14]
Jan Kneschke
The bug only occurs with YaSSL is used instead of OpenSSL.
[3 Aug 2007 9:24]
Jan Kneschke
We upgraded libcurl 7.16.4 and yassl to 1.6.8 and the still persists. Either libcurl or YaSSL don't handle EAGAIN correctly: 12783 recvfrom(7, 0x407ffb77, 1, 2, 0, 0) = -1 EAGAIN (Resource temporarily unavailable) 12783 ioctl(7, FIONREAD, [0]) = 0 12783 recvfrom(7, 0x407ffb77, 1, 2, 0, 0) = -1 EAGAIN (Resource temporarily unavailable) 12783 ioctl(7, FIONREAD, [0]) ...
[15 Aug 2007 21:03]
Jan Kneschke
test-app written, but final investigation deferred until after 1.2.0
[2 Oct 2008 18:35]
Gary Whizin
We're actively investigating openSSL support in 2.0
[7 Oct 2008 18:34]
Gary Whizin
OpenSSl support now works in 2.0.0.7071 beta release on most linux platforms (still actively working all all the other platforms)
[29 Oct 2008 10:32]
Jan Kneschke
We enforce TLSv1 now.
[6 Nov 2008 20:24]
Carsten Segieth
2.0.0.7092: both 5.2 and 5.3 32bit installers fail when trying to use SSL (64 bit not yet tested): (debug) network-io.c:165 forcing TLSv1 (debug) network-io.c:74: About to connect() to qa-merlin port 28443 (#0) (debug) network-io.c:74: Trying 10.100.1.158... (debug) network-io.c:74: connected (debug) network-io.c:74: Connected to qa-merlin (10.100.1.158) port 28443 (#0) (debug) network-io.c:74: SSLv3, TLS handshake, Client hello (1): (debug) network-io.c:74: ^A (debug) network-io.c:74: Unknown SSL protocol error in connection to qa-merlin:28443 (debug) network-io.c:74: Closing connection #0 (critical) network-io.c:220: curl_easy_perform('https://pino%40agent:onip%40agent@qa-merlin:28443/heartbeat') failed: Unknown SSL protocol error in connection to qa-merlin:28443 (curl-error = 'SSL connect error' (35)) (message) network-io.c:248: encoding = 0.14 ms, request = 16.29 ms (incl. response 0.00 ms) (message) network-io.c:827: backlog: 1 (message) --> sending heartbeat (1766 bytes) (shutdown = 0) (debug) --> sending: <?xml version="1.0"?>
[11 Nov 2008 12:16]
Kent Boortz
Build of curl (if properly rebuilt in the release builds) include SSL support (I did a rebuild to verify this fact), and so does the agent then as it in the current builds uses the curl SSL support. So either this is a release build mistake that it uses an old curl that was not rebuilt with OpenSSL, or this is a deeper problem with OpenSSL, curl and AIX, something a developer needs to look into.
[22 Nov 2008 23:36]
Kent Boortz
Ran "make report" that does a self test and writes out a report. Unfortunately no problems could be seen, attaching the short summary and complete test log.
[22 Nov 2008 23:37]
Kent Boortz
Short summary of OpenSSL self test
Attachment: openssl-0.9.8i-testlog.txt (text/plain), 515 bytes.
[22 Nov 2008 23:38]
Kent Boortz
Log from OpenSSL self test
Attachment: openssl-0.9.8i-testlog-long.txt.gz (application/x-gzip, text), 15.46 KiB.
[11 Aug 2009 13:48]
Enterprise Tools JIRA Robot
Jan Kneschke writes: The curl lib has been updated to 7.19.5 to provide better error-reporting. Please re-verify that the bug still exists and let's try to narrow down the problem in tandem.
[11 Aug 2009 14:22]
Enterprise Tools JIRA Robot
Keith Russell writes: Patch installed in versions => 2.1.0.1092.
[13 Aug 2009 13:33]
Enterprise Tools JIRA Robot
Jan Kneschke writes: {noformat} 331856: 925747: kwrite(8, 0x00000001102BC710, 88) = 88 331856: 160301\0 S01\0\0 O0301 J82