You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@trafficserver.apache.org by oknet <gi...@git.apache.org> on 2015/12/30 08:07:46 UTC
[GitHub] trafficserver pull request: TS-4104: return 1 on a new ticket crea...
GitHub user oknet opened a pull request:
https://github.com/apache/trafficserver/pull/400
TS-4104: return 1 on a new ticket created
ref: https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_tlsext_ticket_key_cb.html
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/oknet/trafficserver patch-3
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/trafficserver/pull/400.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #400
----
commit ed1efb515196fdc1a46b6f9d31827e20344cb2dc
Author: Oknet <xu...@gmail.com>
Date: 2015-12-30T07:07:32Z
TS-4104: return 1 on a new ticket created
ref: https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_tlsext_ticket_key_cb.html
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] trafficserver pull request: TS-4104: return 1 on a new ticket crea...
Posted by oknet <gi...@git.apache.org>.
Github user oknet commented on the pull request:
https://github.com/apache/trafficserver/pull/400#issuecomment-172295039
my baseOS is Debian 7.8,but the openssl upgraded to 1.0.2d with testing
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] trafficserver pull request: TS-4104: return 1 on a new ticket crea...
Posted by bryancall <gi...@git.apache.org>.
Github user bryancall commented on the pull request:
https://github.com/apache/trafficserver/pull/400#issuecomment-170997750
@oknet What log are you referring too? I ran ATS with traffic_server -T ssl and didn't see a difference in the debug messages.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] trafficserver pull request: TS-4104: return 1 on a new ticket crea...
Posted by oknet <gi...@git.apache.org>.
Github user oknet commented on the pull request:
https://github.com/apache/trafficserver/pull/400#issuecomment-171212463
@bryancall the traffic.out log for current ATS release:
[Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) create ticket for a new session.
[Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info ssl: 0x2b0544006840 where: 8193 ret: 1
[Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info ssl: 0x2b0544006840 where: 8193 ret: 1
[Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info ssl: 0x2b0544006840 where: 8193 ret: 1
[Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info ssl: 0x2b0544006840 where: 8193 ret: 1
[Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info ssl: 0x2b0544006840 where: 32 ret: 1
[Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info ssl: 0x2b0544006840 where: 8194 ret: 1
[Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) trace=FALSE
[Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) SSL server handshake completed successfully
the traffic.out log if return 1 here:
[Dec 30 12:47:16.838] Server {0x2b6ec9340700} DEBUG: (ssl) create ticket for a new session.
[Dec 30 12:47:16.838] Server {0x2b6ec9340700} DEBUG: (ssl) trace=FALSE
[Dec 30 12:47:16.838] Server {0x2b6ec9340700} DEBUG: (ssl) SSL server handshake completed successfully
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] trafficserver pull request: TS-4104: return 1 on a new ticket crea...
Posted by repodude <gi...@git.apache.org>.
Github user repodude commented on the pull request:
https://github.com/apache/trafficserver/pull/400#issuecomment-171094648
Were you able to confirm issue and fix with wireshark? Should be easy enough to see if session ticket is generated in both cases. OpenSSL should set enc=1 when either no ticket is presented, so it could be triggered without setting a ticket on a test client. You should then be able to see the new session in ticket as plain text in the handshake.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] trafficserver pull request: TS-4104: return 1 on a new ticket crea...
Posted by bryancall <gi...@git.apache.org>.
Github user bryancall commented on the pull request:
https://github.com/apache/trafficserver/pull/400#issuecomment-169395997
Both HTTPD and NGiNX return a 0 in this case:
https://svn.apache.org/repos/asf/httpd/httpd/tags/2.4.9/modules/ssl/ssl_engine_kernel.c - search for ssl_callback_SessionTicket
https://trac.nginx.org/nginx/browser/nginx/src/event/ngx_event_openssl.c#L2867
However, looking at the documentation it does sound like a 1 should be returned. Does the behavior change when you return a 1?
OpenSSL docs:
https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_tlsext_ticket_key_cb.html
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] trafficserver pull request: TS-4104: return 1 on a new ticket crea...
Posted by asfgit <gi...@git.apache.org>.
Github user asfgit closed the pull request at:
https://github.com/apache/trafficserver/pull/400
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] trafficserver pull request: TS-4104: return 1 on a new ticket crea...
Posted by oknet <gi...@git.apache.org>.
Github user oknet commented on the pull request:
https://github.com/apache/trafficserver/pull/400#issuecomment-169551690
please checking log message in the JIRA Issue TS-4104 for the different between 0 and 1.
according the logs, handshake restart if return 0 or handshake finished if return 1.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] trafficserver pull request: TS-4104: return 1 on a new ticket crea...
Posted by bryancall <gi...@git.apache.org>.
Github user bryancall commented on the pull request:
https://github.com/apache/trafficserver/pull/400#issuecomment-172061089
With and without the return code change I get:
[Jan 15 11:27:31.471] Server {0x7f231793e840} DEBUG: <SSLUtils.cc:1972 (ssl_callback_session_ticket)> (ssl) create ticket for a new session.
[Jan 15 11:27:31.471] Server {0x7f231793e840} DEBUG: <SSLUtils.cc:1617 (ssl_callback_info)> (ssl) ssl_callback_info ssl: 0x165d0c0 where: 8193 ret: 1
[Jan 15 11:27:31.471] Server {0x7f231793e840} DEBUG: <SSLUtils.cc:1617 (ssl_callback_info)> (ssl) ssl_callback_info ssl: 0x165d0c0 where: 8193 ret: 1
[Jan 15 11:27:31.471] Server {0x7f231793e840} DEBUG: <SSLUtils.cc:1617 (ssl_callback_info)> (ssl) ssl_callback_info ssl: 0x165d0c0 where: 8193 ret: 1
[Jan 15 11:27:31.471] Server {0x7f231793e840} DEBUG: <SSLUtils.cc:1617 (ssl_callback_info)> (ssl) ssl_callback_info ssl: 0x165d0c0 where: 8193 ret: 1
[Jan 15 11:27:31.471] Server {0x7f231793e840} DEBUG: <SSLUtils.cc:1617 (ssl_callback_info)> (ssl) ssl_callback_info ssl: 0x165d0c0 where: 32 ret: 1
[Jan 15 11:27:31.471] Server {0x7f231793e840} DEBUG: <SSLUtils.cc:1617 (ssl_callback_info)> (ssl) ssl_callback_info ssl: 0x165d0c0 where: 8194 ret: 1
[Jan 15 11:27:31.471] Server {0x7f231793e840} DEBUG: <SSLNetVConnection.cc:1112 (sslServerHandShakeEvent)> (ssl) trace=FALSE
[Jan 15 11:27:31.471] Server {0x7f231793e840} DEBUG: <SSLNetVConnection.cc:1133 (sslServerHandShakeEvent)> (ssl) SSL server handshake completed successfully
I am running Fedora 23 with updated package and openssl-1.0.2e-3.fc23.x86_64. What OS are you running?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---