You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Bryan Call (JIRA)" <ji...@apache.org> on 2013/12/17 00:14:07 UTC

[jira] [Closed] (TS-2355) ATS 4.0.x crashes when using OpenSSL 1.0.1e

     [ https://issues.apache.org/jira/browse/TS-2355?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Bryan Call closed TS-2355.
--------------------------

    Resolution: Fixed

Patch added to have configuration options to turn on/off TLS 1.1 and 1.2.  By default TLS 1.2 is off, for now.  We will keep track of the openssl ticket and will have to change the default to enable TLS 1.2 later after the issue has been fixed:

openssl ticket:
http://rt.openssl.org/Ticket/Display.html?id=3200

> ATS 4.0.x crashes when using OpenSSL 1.0.1e
> -------------------------------------------
>
>                 Key: TS-2355
>                 URL: https://issues.apache.org/jira/browse/TS-2355
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: SSL
>    Affects Versions: 4.0.1, 4.1.2
>            Reporter: David Carlin
>            Assignee: Bryan Call
>             Fix For: 4.2.0
>
>         Attachments: ts2355.diff, ts2355.diff
>
>
> I upgraded some 4.0.1 and 4.0.2 hosts from OpenSSL 1.0.0 to 1.0.1e which is supposed to be ABI compatible.  I see this crash about 10 times in a given 24 hour period.
> I'm interested in OpenSSL 1.0.1e as there is a CPU usage improvement in my tests, and for TLS 1.2 support.
> I came across this squid bug with a very similar backtrace.  The OpenSSL RT ticket says
> "I have discussed this situation with some Squid developers and we decided - after SSL error 1408F10B calling standard/raw read() instead of SSL_read() for empty socket buffer and this patch stopped crash Squid."
> http://rt.openssl.org/Ticket/Display.html?id=3128&user=guest&pass=guest
> {noformat}
> #0  0x0000003f842e7154 in EVP_DigestFinal_ex () from /usr/lib64/libcrypto.so.10
> #1  0x0000003f84636263 in tls1_final_finish_mac () from /usr/lib64/libssl.so.10
> #2  0x0000003f8462ad62 in ssl3_do_change_cipher_spec () from /usr/lib64/libssl.so.10
> #3  0x0000003f8462c7f7 in ssl3_read_bytes () from /usr/lib64/libssl.so.10
> #4  0x0000003f8462d5e2 in ssl3_get_message () from /usr/lib64/libssl.so.10
> #5  0x0000003f8461da1c in ssl3_get_cert_verify () from /usr/lib64/libssl.so.10
> #6  0x0000003f84621e78 in ssl3_accept () from /usr/lib64/libssl.so.10
> #7  0x00000000006711aa in SSLNetVConnection::sslServerHandShakeEvent (this=0x2aadd0024300,
>     err=@0x2aacab940c5c) at SSLNetVConnection.cc:488
> #8  0x0000000000672b77 in SSLNetVConnection::sslStartHandShake (this=0x2aadd0024300,
>     event=<value optimized out>, err=@0x2aacab940c5c) at SSLNetVConnection.cc:470
> #9  0x0000000000671dd2 in SSLNetVConnection::net_read_io (this=0x2aadd0024300, nh=
>     0x2aacaa02cbf0, lthread=0x2aacaa029010) at SSLNetVConnection.cc:217
> #10 0x000000000067b8c2 in NetHandler::mainNetEvent (this=0x2aacaa02cbf0,
>     event=<value optimized out>, e=<value optimized out>) at UnixNet.cc:386
> #11 0x00000000006a335f in handleEvent (this=0x2aacaa029010, e=0x1230a30, calling_code=5)
>     at I_Continuation.h:146
> #12 EThread::process_event (this=0x2aacaa029010, e=0x1230a30, calling_code=5)
>     at UnixEThread.cc:141
> #13 0x00000000006a3d43 in EThread::execute (this=0x2aacaa029010) at UnixEThread.cc:265
> #14 0x00000000006a21fa in spawn_thread_internal (a=0x143ec30) at Thread.cc:88
> #15 0x00002aaca05b9851 in start_thread () from /lib64/libpthread.so.0
> #16 0x000000324f0e890d in clone () from /lib64/libc.so.6
> {noformat}
> {noformat}
> NOTE: Traffic Server received Sig 11: Segmentation fault
> /home/y/bin/traffic_server - STACK TRACE:
> /lib64/libpthread.so.0(+0x324f40f500)[0x2b523d64e500]
> /usr/lib64/libcrypto.so.10(EVP_DigestFinal_ex+0x24)[0x3f842e7154]
> /usr/lib64/libssl.so.10(tls1_final_finish_mac+0x233)[0x3f84636263]
> /usr/lib64/libssl.so.10(ssl3_do_change_cipher_spec+0x72)[0x3f8462ad62]
> /usr/lib64/libssl.so.10(ssl3_read_bytes+0xb57)[0x3f8462c7f7]
> /usr/lib64/libssl.so.10(ssl3_get_message+0x222)[0x3f8462d5e2]
> /usr/lib64/libssl.so.10(ssl3_get_cert_verify+0x6c)[0x3f8461da1c]
> /usr/lib64/libssl.so.10(ssl3_accept+0x788)[0x3f84621e78]
> /home/y/bin/traffic_server(SSLNetVConnection::sslServerHandShakeEvent(int&)+0x2a)[0x6711aa]
> /home/y/bin/traffic_server(SSLNetVConnection::sslStartHandShake(int, int&)+0x37)[0x672b77]
> /home/y/bin/traffic_server(SSLNetVConnection::net_read_io(NetHandler*, EThread*)+0x1f2)[0x671dd2]
> /home/y/bin/traffic_server(NetHandler::mainNetEvent(int, Event*)+0x1f2)[0x67b8c2]
> /home/y/bin/traffic_server(EThread::process_event(Event*, int)+0x8f)[0x6a335f]
> /home/y/bin/traffic_server(EThread::execute()+0x4a3)[0x6a3d43]
> /home/y/bin/traffic_server[0x6a21fa]
> /lib64/libpthread.so.0(+0x324f407851)[0x2b523d646851]
> /lib64/libc.so.6(clone+0x6d)[0x324f0e890d]
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.1.4#6159)