You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Sassy Natan (JIRA)" <ji...@apache.org> on 2014/12/18 16:20:13 UTC
[jira] [Created] (TS-3249) OpenSSL Engine with ATS

Sassy Natan created TS-3249:
-------------------------------

             Summary: OpenSSL Engine with ATS
                 Key: TS-3249
                 URL: https://issues.apache.org/jira/browse/TS-3249
             Project: Traffic Server
          Issue Type: Bug
          Components: SSL
            Reporter: Sassy Natan


Hi,

I'm developing some c++ code to include a new engine support under openssl. 
If you look into the openssl command you will find something like
"openssl engine -t -v"

This will print the know openssl engines your system is currently working with. You can change the default or add a new engine support by configure /etc/ssl/openssl.cnf file depending on your linux version. (I used ubuntu).

Anyway, my own engine is already working with Apache Web Server (using SSLCryptoDevice), same as Nginx, HXProxy and OpenSSH.

Testing it with ATS failed.
I compile the code myself, include the debug information and test it with GDB.
{code}
[Dec 18 15:05:37.693] Server {0x7ffff1199700} DEBUG: (ssl) advertising protocol http/1.0
[Dec 18 15:05:37.693] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0000910 where: 8193 ret: 1
[Dec 18 15:05:37.693] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0000910 where: 8193 ret: 1
[Dec 18 15:05:37.700] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0000910 where: 8193 ret: 1
[Dec 18 15:05:37.700] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0000910 where: 8193 ret: 1
[Dec 18 15:05:37.700] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0000910 where: 8193 ret: 1
[Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0000910 where: 8194 ret: -1
[Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0000910 where: 8194 ret: -1
[Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: <SSLNetVConnection.cc:574 (sslServerHandShakeEvent)> (ssl) SSL handshake error: SSL_ERROR_WANT_READ (2), errno=11
[Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) [SSLNextProtocolAccept:mainEvent] event 202 netvc 0x7fffe8017ae0
[Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0016ba0 where: 16 ret: 1
[Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0016ba0 where: 8193 ret: 1
[Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) ssl_servername_callback ssl=0x7fffe0016ba0 ad=112 lookup=0x11df720 server=(null) handshake_complete=0
[Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) ssl_servername_callback found SSL context 0x11e0ad0 for requested name '(null)'
[Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0016ba0 where: 8193 ret: 1
[Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0016ba0 where: 8193 ret: 1
[Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0016ba0 where: 8193 ret: 1
[Dec 18 15:05:37.708] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0016ba0 where: 8193 ret: 1
[Dec 18 15:05:37.708] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0016ba0 where: 8193 ret: 1
[Dec 18 15:05:37.708] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0016ba0 where: 8193 ret: 1
[Dec 18 15:05:37.708] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0016ba0 where: 8194 ret: -1
[Dec 18 15:05:37.708] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0016ba0 where: 8194 ret: -1
[Dec 18 15:05:37.708] Server {0x7ffff1199700} DEBUG: <SSLNetVConnection.cc:574 (sslServerHandShakeEvent)> (ssl) SSL handshake error: SSL_ERROR_WANT_READ (2), errno=11
[Dec 18 15:05:37.881] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0000910 where: 16388 ret: 563
[Dec 18 15:05:37.881] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0000910 where: 8194 ret: 0
[Dec 18 15:05:37.881] Server {0x7ffff1199700} DEBUG: (ssl) SSL::140737238374144:error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt error:s3_pkt.c:1260:SSL alert number 51: peer address is 172.16.0.2
[Dec 18 15:05:37.881] Server {0x7ffff1199700} DEBUG: <SSLNetVConnection.cc:574 (sslServerHandShakeEvent)> (ssl) SSL handshake error: SSL_ERROR_SSL (1), errno=0
[Dec 18 15:05:37.890] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0016ba0 where: 16388 ret: 563
[Dec 18 15:05:37.891] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0016ba0 where: 8194 ret: 0
[Dec 18 15:05:37.891] Server {0x7ffff1199700} DEBUG: (ssl) SSL::140737238374144:error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt error:s3_pkt.c:1260:SSL alert number 51: peer address is 172.16.0.2
[Dec 18 15:05:37.891] Server {0x7ffff1199700} DEBUG: <SSLNetVConnection.cc:574 (sslServerHandShakeEvent)> (ssl) SSL handshake error: SSL_ERROR_SSL (1), errno=0
[Dec 18 15:05:38.066] Server {0x7ffff1199700} DEBUG: (ssl) [SSLNextProtocolAccept:mainEvent] event 202 netvc 0x7fffe8017ae0
[Dec 18 15:05:38.066] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0016ba0 where: 16 ret: 1
[Dec 18 15:05:38.066] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0016ba0 where: 8193 ret: 1
[Dec 18 15:05:38.066] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0016ba0 where: 16392 ret: 598
[Dec 18 15:05:38.066] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0016ba0 where: 8194 ret: -1
[Dec 18 15:05:38.066] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0016ba0 where: 8194 ret: -1
[Dec 18 15:05:38.066] Server {0x7ffff1199700} DEBUG: (ssl) SSL::140737238374144:error:140A1175:SSL routines:SSL_BYTES_TO_CIPHER_LIST:inappropriate fallback:ssl_lib.c:1501: peer address is 172.16.0.2
[Dec 18 15:05:38.066] Server {0x7ffff1199700} DEBUG: <SSLNetVConnection.cc:574 (sslServerHandShakeEvent)> (ssl) SSL handshake error: SSL_ERROR_SSL (1), errno=0
n

{code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)