SSL_connect returns SSL_ERROR_SYSCALL , errno == ESRCH

Question

(iOS) I am trying to make SSL_connect with site https://​login.11st.​co.kr (I am using open ssl for extracting chains of PEM certificates) :

this is how I make Tcp connect

struct TcpConnectionInfo {
    std::string ipAddress;
    int socketId;
};

static TcpConnectionInfo TcpConnect(const char *host, int port) {
    TcpConnectionInfo resultInfo;
    resultInfo.socketId = kInvalidSocketId;

    // TODO: gethostbyname is depricated, should replace with another
    struct hostent *hp = gethostbyname(host);
    if (hp == NULL) {
        DLog(@"Couldn't resolve host");
        return resultInfo;
    }

    struct sockaddr_in addr;
    memset(&addr, 0, sizeof(addr));
    addr.sin_addr = *(struct in_addr*)hp->h_addr_list[0];
    addr.sin_family = AF_INET;
    addr.sin_port = htons(port);

    int socketId = (int)socket(AF_INET,SOCK_STREAM, IPPROTO_TCP);
    if (socketId < 0) {
        DLog(@"Couldn't create socket");
        return resultInfo;
    }
    int connectResult = connect(socketId, (struct sockaddr *)&addr, sizeof(addr));
    if (connectResult < 0) {
        DLog(@"Couldn't connect socket");
        return resultInfo;
    }

    resultInfo.socketId = socketId;
    resultInfo.ipAddress = inet_ntoa(addr.sin_addr);
    return resultInfo;
}

that's how I am using it:

TcpConnectionInfo connectInfo = TcpConnect(url.c_str(), port);
SSL *ssl = SSL_new(ctx);
BIO *sbio = BIO_new_socket(connectInfo.socketId, BIO_NOCLOSE);
SSL_set_bio(ssl, sbio, sbio);
int sslConnectResult = SSL_connect(ssl);

i get error codes with code:

const int errorCode = SSL_get_error(ssl, sslConnectResult);
DLog(@"SSL Error Code: %d", errorCode);
DLog(@"errno: %d", errno);

and for site https://​login.11st.​co.kr it gives

SSL Error Code: 5 errno: 3

which corresponds to

SSL_ERROR_SYSCALL, ESRCH (No such process)

For other https sites all good. What can it be? I cannot understand this error. How can I solve this? How it depends on processes?

Answer 1

It looks like the server is not responding from my location:

$ echo "GET / HTTP\1.0" | openssl s_client -showcerts -connect login.11st.co.kr:443
CONNECTED(00000003)
^C

---

SSL Error Code: 5 errno: 3
...
SSL_ERROR_SYSCALL, ESRCH (No such process)

This does not quite look right. When you get an error code from OpenSSL, you should be able to print it. The error code is usually a big hexadecimal number:

$ openssl errstr 5
error:00000005:lib(0):func(0):DH lib

Here's one that's more illustrative (i.e., what it usually looks like):

$ openssl errstr 0x2606c043
error:2606C043:engine routines:ENGINE_FREE_UTIL:passed a null parameter

---

BIO *sbio = BIO_new_socket(connectInfo.socketId, BIO_NOCLOSE);
SSL_set_bio(ssl, sbio, sbio);
int sslConnectResult = SSL_connect(ssl);

I usually just fetch the error code immediately after the operation. If the operation succeeds, I don't use the result because its not needed and undefined. If the operation fails, I can use the result because it is defined.

My BIO connect would look like:

unsigned long err;
int res;
...

BIO* web = BIO_new_ssl_connect(ctx);
err = ERR_get_error();
if(web == NULL)
{
    const char* const str = ERR_reason_error_string(err);
    fprintf(stderr, "%s\n", str);
    exit (err);
}

res = BIO_set_conn_hostname(web, HOST_NAME ":" HOST_PORT);
err = ERR_get_error();
if(res != 1)
{
    const char* const str = ERR_reason_error_string(err);
    fprintf(stderr, "%s\n", str);
    exit (err);
}

res = BIO_do_connect(web);
err = ERR_get_error();
if(res != 1)
{
    const char* const str = ERR_reason_error_string(err);
    fprintf(stderr, "%s\n", str);
    exit (err);
}
...

ERR_reason_error_string is the C equivalent to the openssl errstr command.

You can see an example of a BIO-based client at SSL/TLS Client.