That makes sense to me. It does basically the same thing as what Sep
suggested earlier to disable DH. I'm not sure if there are any
problems with doing so, but looking at that bug report, it looks like
it might be a good idea.
J
Jade Rubick
Director of Development
TRUiST
120 Wall Street, 4th Floor
New York, NY 10005 USA
jrub...@truist.com
+1 503 285 4963
+1 707 671 1333 fax
www.truist.com
The information contained in this email/document is confidential and
may be legally privileged. Access to this email/document by anyone
other than the intended recipient(s) is unauthorized. If you are not
an intended recipient, any disclosure, copying, distribution, or any
action taken or omitted to be taken in reliance to it, is prohibited.
On May 7, 2009, at 3:25 PM, Jeff Hobbs wrote:
If Diffie Helmann is the only real issue here, maybe this should
also be considered and DH removed by default configure.
https://sourceforge.net/tracker/?func=detail&aid=1811445&group_id=13248&atid=313248
Jeff
On 06/05/2009 6:45 PM, Sep Ng wrote:
Hi Jeff,
I'm going to review options on how to progress with this problem with
Jade. I've traced and stepped into TlsInit, and CtxInit functions
and
as far as I can see, the mutex functions we wrote seems to be
working. I wonder if there is some influence by aolserver or what
not. I don't know. It also seems that allow_customize in
CRYPTO_set_mem_functions is getting set to zero for some reason. I'm
not totally sure why that is happening.
At this moment, I don't know what to do.
On May 7, 7:14 am, Jack Schmidt <thejackschm...@gmail.com> wrote:
Hi, Sep here.
I just tried by disabling nsopenssl and it crashes at the same
point. I
suppose this is definitely more related to using aolserver with
tls. I've
included a backtrace and it shows the same point of failure.
We use aolserver 4.0.10, though I'm not sure how relevant it is to
the
discussion. I'll try to check the startup routine of aolserver
and see if I
can find anything.
2009/5/7 Jeff Hobbs <je...@activestate.com>
Is it possible that both nsopenssl and tls are in use, and that
they both
might be initializing openssl in the same process? I'm not sure
if this
would be a support case if so.
On 05/05/2009 6:16 PM, Sep Ng wrote:
Hi Jeff,
I took a closer look at the patch you posted. It seems that the
CRYPTO_set_mem_functions is not succeeding. The default memory
functions that CRYPTO uses are malloc, realloc, and free but
from the
back trace, it looks like ns_malloc, ns_realloc and ns_free are
the
ones being used for some reason. I think I'm running out of ideas
here. It's unclear why CRYPTO_set_mem_function would return 0
instead
of 1, unless it's some bug in my OpenSSL package in Ubuntu.
On May 6, 8:42 am, Jack Schmidt <thejackschm...@gmail.com> wrote:
I've just yanked the debug. This includes the backtrace and
memory frame
info and the local info for most of the frames up until #11
CTX_Init. As
before, the crash happens when DH_free is called.
2009/5/6 Jeff Hobbs <je...@activestate.com>
Of the presented patches, I didn't find one that seemed to
actually
work,
so I wrote one based on those presented. It is attached.
Please test
it in
your environments. I have tested that it passes the basic tls
test
suite
against a threaded Tcl 8.5.7 core build on Linux-x64 (and
verified that
OPENSSL_THREADS was true for this install).
This patch is against tls 1.6 head.
Jeff
On 05/05/2009 3:42 PM, Sep Ng wrote:
I'll try it. I didn't give it much thought at first but
looking at it
again, I think it might prevent the long string of ns_free
and other
calls to free memory after DH_free.
On May 6, 3:43 am, Jeff Hobbs <je...@activestate.com> wrote:
Just starting to look at this, but from the nsopenssl.c I
saw another
interesting function not used by TLS:
if (CRYPTO_set_mem_functions(ns_malloc, ns_realloc, ns_free)
== 0) ...
We could do the same and point to Tcl_Alloc, Tcl_Realloc and
Tcl_Free.
I'm not sure they are necessary, and
CRYPTO_set_mem_debug_functions
isn't used, but it might help debug.
....
--
AOLserver -http://www.aolserver.com/
To Remove yourself from this list, simply send an email to <
lists...@listserv.aol.com> with the
body of "SIGNOFF AOLSERVER" in the email message. You can leave the
Subject: field of your email blank.
--
"A scrum a day keeps the pigs at bay"
--
AOLserver -http://www.aolserver.com/
To Remove yourself from this list, simply send an email to
<lists...@listserv.aol.com> with the
body of "SIGNOFF AOLSERVER" in the email message. You can leave
the Subject: field of your email blank.
bt-without-nsopenssl
17KViewDownload
--
AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to <lists...@listserv.aol.com
> with the
body of "SIGNOFF AOLSERVER" in the email message. You can leave the
Subject: field of your email blank.
--
AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to <lists...@listserv.aol.com
> with the
body of "SIGNOFF AOLSERVER" in the email message. You can leave the
Subject: field of your email blank.
--
AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to
<lists...@listserv.aol.com> with the
body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject:
field of your email blank.
