[jira] [Commented] (TS-1484) SSL-crashed every now and then with 3.2.0 + SNI-fixes

Wed, 19 Sep 2012 10:39:09 -0700 

    [ 
https://issues.apache.org/jira/browse/TS-1484?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13458882#comment-13458882
 ] 

James Peach commented on TS-1484:
---------------------------------

There is a global default SSL context that is used when we can't find a normal 
context match. That context is almost certainly not going to work, but is there 
to prevent OpenSSL crashes.

The configuration you have in records.config specifies where ATS will look for 
the certificate and key files. You need to use ssl_multicert.config to specify 
which certificates and keys to use. If the above is your only configuration, 
then we are no actually loading any certificates of keys and SSL can't work.
                
> SSL-crashed every now and then with 3.2.0 + SNI-fixes
> -----------------------------------------------------
>
>                 Key: TS-1484
>                 URL: https://issues.apache.org/jira/browse/TS-1484
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: SSL
>    Affects Versions: 3.2.0
>         Environment: RHEL6, x86_64, RHEV Virtual machines, IPv4 and IPv6 
> failover addresses, wildcard SSL-certificates
>            Reporter: Jan-Frode Myklebust
>            Assignee: James Peach
>
> We're running ATS v3.2.0 + patch 9c3bebd88eecf6aee1ce346b67460b8e1787752d to 
> fix support for non-SNI browsers, and every now and (daily I think) then 
> we're getting this crash:
> [Sep 19 03:14:00.147] Server {0x2b2517a7c700} ERROR: SSL ERROR: 
> SSL_ServerHandShake.
> [Sep 19 03:14:00.148] Server {0x2b2517a7c700} ERROR: 
> SSL::8:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown 
> protocol:s23_srvr.c:593:
> NOTE: Traffic Server received Sig 11: Segmentation fault
> /usr/bin/traffic_server - STACK TRACE:
> /lib64/libpthread.so.0(+0xf500)[0x2b2505b84500]
> /usr/lib64/libssl.so.10(SSL_CTX_callback_ctrl+0x5)[0x2b250662f425]
> /usr/bin/traffic_server(_ZN17SSLNetVConnection17sslStartHandShakeEiRi+0xf2)[0x6675a2]
> /usr/bin/traffic_server(_ZN17SSLNetVConnection11net_read_ioEP10NetHandlerP7EThread+0x208)[0x666c78]
> /usr/bin/traffic_server(_ZN10NetHandler12mainNetEventEiP5Event+0x1f2)[0x66e0e2]
> /usr/bin/traffic_server(_ZN7EThread13process_eventEP5Eventi+0xb4)[0x696c94]
> /usr/bin/traffic_server(_ZN7EThread7executeEv+0x4c3)[0x697623]
> /usr/bin/traffic_server[0x695c62]
> /lib64/libpthread.so.0(+0x7851)[0x2b2505b7c851]
> /lib64/libc.so.6(clone+0x6d)[0x2b250800667d]
> [Sep 19 03:14:00.159] Manager {0x7ff63f1b07e0} ERROR: 
> [LocalManager::pollMgmtProcessServer] Server Process terminated due to Sig 
> 11: Segmentation fault

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to