You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Susan Hinrichs (JIRA)" <ji...@apache.org> on 2016/01/27 17:15:39 UTC

[jira] [Assigned] (TS-3249) OpenSSL Engine with ATS

     [ https://issues.apache.org/jira/browse/TS-3249?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Susan Hinrichs reassigned TS-3249:
----------------------------------

    Assignee: Susan Hinrichs  (was: Bryan Call)

> OpenSSL Engine with ATS
> -----------------------
>
>                 Key: TS-3249
>                 URL: https://issues.apache.org/jira/browse/TS-3249
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: SSL
>            Reporter: Sassy Natan
>            Assignee: Susan Hinrichs
>             Fix For: 6.2.0
>
>         Attachments: xUntitled.png
>
>
> Hi,
> I'm developing some c++ code to include a new engine support under openssl. 
> If you look into the openssl command you will find something like
> "openssl engine -t -v"
> This will print the know openssl engines your system is currently working with. You can change the default or add a new engine support by configure /etc/ssl/openssl.cnf file depending on your linux version. (I used ubuntu).
> Anyway, my own engine is already working with Apache Web Server (using SSLCryptoDevice), same as Nginx, HXProxy and OpenSSH.
> Testing it with ATS failed.
> I compile the code myself, include the debug information and test it with GDB.
> {code}
> [Dec 18 15:05:37.693] Server {0x7ffff1199700} DEBUG: (ssl) advertising protocol http/1.0
> [Dec 18 15:05:37.693] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0000910 where: 8193 ret: 1
> [Dec 18 15:05:37.693] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0000910 where: 8193 ret: 1
> [Dec 18 15:05:37.700] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0000910 where: 8193 ret: 1
> [Dec 18 15:05:37.700] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0000910 where: 8193 ret: 1
> [Dec 18 15:05:37.700] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0000910 where: 8193 ret: 1
> [Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0000910 where: 8194 ret: -1
> [Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0000910 where: 8194 ret: -1
> [Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: <SSLNetVConnection.cc:574 (sslServerHandShakeEvent)> (ssl) SSL handshake error: SSL_ERROR_WANT_READ (2), errno=11
> [Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) [SSLNextProtocolAccept:mainEvent] event 202 netvc 0x7fffe8017ae0
> [Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0016ba0 where: 16 ret: 1
> [Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0016ba0 where: 8193 ret: 1
> [Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) ssl_servername_callback ssl=0x7fffe0016ba0 ad=112 lookup=0x11df720 server=(null) handshake_complete=0
> [Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) ssl_servername_callback found SSL context 0x11e0ad0 for requested name '(null)'
> [Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0016ba0 where: 8193 ret: 1
> [Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0016ba0 where: 8193 ret: 1
> [Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0016ba0 where: 8193 ret: 1
> [Dec 18 15:05:37.708] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0016ba0 where: 8193 ret: 1
> [Dec 18 15:05:37.708] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0016ba0 where: 8193 ret: 1
> [Dec 18 15:05:37.708] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0016ba0 where: 8193 ret: 1
> [Dec 18 15:05:37.708] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0016ba0 where: 8194 ret: -1
> [Dec 18 15:05:37.708] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0016ba0 where: 8194 ret: -1
> [Dec 18 15:05:37.708] Server {0x7ffff1199700} DEBUG: <SSLNetVConnection.cc:574 (sslServerHandShakeEvent)> (ssl) SSL handshake error: SSL_ERROR_WANT_READ (2), errno=11
> [Dec 18 15:05:37.881] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0000910 where: 16388 ret: 563
> [Dec 18 15:05:37.881] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0000910 where: 8194 ret: 0
> [Dec 18 15:05:37.881] Server {0x7ffff1199700} DEBUG: (ssl) SSL::140737238374144:error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt error:s3_pkt.c:1260:SSL alert number 51: peer address is 172.16.0.2
> [Dec 18 15:05:37.881] Server {0x7ffff1199700} DEBUG: <SSLNetVConnection.cc:574 (sslServerHandShakeEvent)> (ssl) SSL handshake error: SSL_ERROR_SSL (1), errno=0
> [Dec 18 15:05:37.890] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0016ba0 where: 16388 ret: 563
> [Dec 18 15:05:37.891] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0016ba0 where: 8194 ret: 0
> [Dec 18 15:05:37.891] Server {0x7ffff1199700} DEBUG: (ssl) SSL::140737238374144:error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt error:s3_pkt.c:1260:SSL alert number 51: peer address is 172.16.0.2
> [Dec 18 15:05:37.891] Server {0x7ffff1199700} DEBUG: <SSLNetVConnection.cc:574 (sslServerHandShakeEvent)> (ssl) SSL handshake error: SSL_ERROR_SSL (1), errno=0
> [Dec 18 15:05:38.066] Server {0x7ffff1199700} DEBUG: (ssl) [SSLNextProtocolAccept:mainEvent] event 202 netvc 0x7fffe8017ae0
> [Dec 18 15:05:38.066] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0016ba0 where: 16 ret: 1
> [Dec 18 15:05:38.066] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0016ba0 where: 8193 ret: 1
> [Dec 18 15:05:38.066] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0016ba0 where: 16392 ret: 598
> [Dec 18 15:05:38.066] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0016ba0 where: 8194 ret: -1
> [Dec 18 15:05:38.066] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info ssl: 0x7fffe0016ba0 where: 8194 ret: -1
> [Dec 18 15:05:38.066] Server {0x7ffff1199700} DEBUG: (ssl) SSL::140737238374144:error:140A1175:SSL routines:SSL_BYTES_TO_CIPHER_LIST:inappropriate fallback:ssl_lib.c:1501: peer address is 172.16.0.2
> [Dec 18 15:05:38.066] Server {0x7ffff1199700} DEBUG: <SSLNetVConnection.cc:574 (sslServerHandShakeEvent)> (ssl) SSL handshake error: SSL_ERROR_SSL (1), errno=0
> n
> {code}
> I was trying to get some help via the IRC channel (see the attach png). any idea what can be done?
> I'm willing to write a patch - but will need some guide lines here....
> Thank You
> Sassy



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)