Issue #4923 has been updated by Martin Bosslet.


Hiroshi Nakamura wrote:
> While investigating #5039, I found that SSL_shutdown() could add something to global error stack in OpenSSL < 0.9.8m, possibly related the OpenSSL 0.9.8m fix Martin posted above. Based on my investigation, that's the reason why 'bad write retry' (error for SSL_write) is raised from SSL_read. I'll handle 'bad write retry' for SSL_read issue at #5039.

Runs smooth now with all OpenSSL versions that previously produced the 'bad write retry'. Great work!

> It explains the error 'bad write retry' we're getting well but it doesn't for the error 'SSL_read:: sslv3 alert bad record mac' so I keep this ticket for the issue 'SSL_read:: sslv3 alert bad record mac'.
> 
> Martin, do you have any thought about the original error? Are you still getting the error? (not 'bad write retry')

I don't know what I did to produce that thing. That night I was able to reproduce it just fine, but I never got it again since then. I just ran make test-all for openssl with the custom Fedora version 50 times, not a single error. 

What should we do, close it? We could still reopen the issue if I somehow manage to reproduce it... 

Since I didn't (and don't) know where to look for it, debugging hasn't led me any further for now - I'm still clueless concerning the origin of the 'bad record mac'.
 
----------------------------------------
Bug #4923: [ext/openssl] test_ssl.rb: test_client_auth fails
http://redmine.ruby-lang.org/issues/4923

Author: Martin Bosslet
Status: Assigned
Priority: Low
Assignee: Martin Bosslet
Category: ext
Target version: 1.9.3
ruby -v: ruby 1.9.3dev (2011-06-13 trunk 32213) [i686-linux]


Hi,

I was finally able to reproduce this with Fedora 15 32 bit, OpenSSL 1.0.0d.

The error occurs only when running make test-all TESTS="openssl",
if I run test_ssl.rb independently the test succeeds.

Here is the output I get:

1) Error:
test_client_auth(OpenSSL::TestSSL):
OpenSSL::SSL::SSLError: SSL_read:: sslv3 alert bad record mac
    /home/martin/Projekte/Ruby/build/.ext/common/openssl/buffering.rb:53:in `sysread'
    /home/martin/Projekte/Ruby/build/.ext/common/openssl/buffering.rb:53:in `fill_rbuff'
    /home/martin/Projekte/Ruby/build/.ext/common/openssl/buffering.rb:200:in `gets'
    /home/martin/Projekte/Ruby/ruby/test/openssl/test_ssl.rb:118:in `block in test_client_auth'
    /home/martin/Projekte/Ruby/ruby/test/openssl/utils.rb:280:in `call'
    /home/martin/Projekte/Ruby/ruby/test/openssl/utils.rb:280:in `start_server'
    /home/martin/Projekte/Ruby/ruby/test/openssl/test_ssl.rb:103:in `test_client_auth'

Related to #4919.

Regards,
Martin



-- 
http://redmine.ruby-lang.org