New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/tls: Intermittent errors with OpenSSL client #3796
Labels
Comments
Reproduced with s_client: #!/bin/bash for i in {1..1000} do echo $i | openssl s_client -connect localhost:8080 -quiet done "139758768248480:error:04091077:rsa routines:INT_RSA_VERIFY:wrong signature length:rsa_sign.c:175: 139758768248480:error:1408D07B:SSL routines:SSL3_GET_KEY_EXCHANGE:bad signature:s3_clnt.c:1796:" Normal: 140707248211616:error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1247:SSL alert number 0 depth=0 O = Sniffy, CN = web.sniffy.local verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 O = Sniffy, CN = web.sniffy.local verify error:num=21:unable to verify the first certificate verify return:1 ^Cdepth=0 O = Sniffy, CN = web.sniffy.local verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 O = Sniffy, CN = web.sniffy.local verify error:num=21:unable to verify the first certificate verify return:1 HTTP/1.1 400 Bad Request Intermittent: 140093522732704:error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1247:SSL alert number 0 depth=0 O = Sniffy, CN = web.sniffy.local verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 O = Sniffy, CN = web.sniffy.local verify error:num=21:unable to verify the first certificate verify return:1 139758768248480:error:04091077:rsa routines:INT_RSA_VERIFY:wrong signature length:rsa_sign.c:175: 139758768248480:error:1408D07B:SSL routines:SSL3_GET_KEY_EXCHANGE:bad signature:s3_clnt.c:1796: depth=0 O = Sniffy, CN = web.sniffy.local verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 O = Sniffy, CN = web.sniffy.local verify error:num=21:unable to verify the first certificate verify return:1 HTTP/1.1 400 Bad Request |
Owner changed to @agl. Status changed to Accepted. |
http://golang.org/cl/6352093/ out for review. |
This issue was closed by revision 93ea79e. Status changed to Fixed. |
agl
added a commit
that referenced
this issue
May 11, 2015
««« backport 46ca86e70e96 crypto/rsa: left-pad PKCS#1 v1.5 outputs. OpenSSL requires that RSA signatures be exactly the same byte-length as the modulus. Currently it'll reject ~1/256 of our signatures: those that end up a byte shorter. Fixes #3796. R=golang-dev, edsrzf, r CC=golang-dev https://golang.org/cl/6352093 »»»
This issue was closed.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Attachments:
The text was updated successfully, but these errors were encountered: