[ https://issues.apache.org/jira/browse/TS-3249?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Leif Hedstrom updated TS-3249: ------------------------------ Fix Version/s: sometime > OpenSSL Engine with ATS > ----------------------- > > Key: TS-3249 > URL: https://issues.apache.org/jira/browse/TS-3249 > Project: Traffic Server > Issue Type: Bug > Components: SSL > Reporter: Sassy Natan > Fix For: sometime > > Attachments: xUntitled.png > > > Hi, > I'm developing some c++ code to include a new engine support under openssl. > If you look into the openssl command you will find something like > "openssl engine -t -v" > This will print the know openssl engines your system is currently working > with. You can change the default or add a new engine support by configure > /etc/ssl/openssl.cnf file depending on your linux version. (I used ubuntu). > Anyway, my own engine is already working with Apache Web Server (using > SSLCryptoDevice), same as Nginx, HXProxy and OpenSSH. > Testing it with ATS failed. > I compile the code myself, include the debug information and test it with GDB. > {code} > [Dec 18 15:05:37.693] Server {0x7ffff1199700} DEBUG: (ssl) advertising > protocol http/1.0 > [Dec 18 15:05:37.693] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info > ssl: 0x7fffe0000910 where: 8193 ret: 1 > [Dec 18 15:05:37.693] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info > ssl: 0x7fffe0000910 where: 8193 ret: 1 > [Dec 18 15:05:37.700] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info > ssl: 0x7fffe0000910 where: 8193 ret: 1 > [Dec 18 15:05:37.700] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info > ssl: 0x7fffe0000910 where: 8193 ret: 1 > [Dec 18 15:05:37.700] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info > ssl: 0x7fffe0000910 where: 8193 ret: 1 > [Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info > ssl: 0x7fffe0000910 where: 8194 ret: -1 > [Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info > ssl: 0x7fffe0000910 where: 8194 ret: -1 > [Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: > <SSLNetVConnection.cc:574 (sslServerHandShakeEvent)> (ssl) SSL handshake > error: SSL_ERROR_WANT_READ (2), errno=11 > [Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) > [SSLNextProtocolAccept:mainEvent] event 202 netvc 0x7fffe8017ae0 > [Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info > ssl: 0x7fffe0016ba0 where: 16 ret: 1 > [Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info > ssl: 0x7fffe0016ba0 where: 8193 ret: 1 > [Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) > ssl_servername_callback ssl=0x7fffe0016ba0 ad=112 lookup=0x11df720 > server=(null) handshake_complete=0 > [Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) > ssl_servername_callback found SSL context 0x11e0ad0 for requested name > '(null)' > [Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info > ssl: 0x7fffe0016ba0 where: 8193 ret: 1 > [Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info > ssl: 0x7fffe0016ba0 where: 8193 ret: 1 > [Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info > ssl: 0x7fffe0016ba0 where: 8193 ret: 1 > [Dec 18 15:05:37.708] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info > ssl: 0x7fffe0016ba0 where: 8193 ret: 1 > [Dec 18 15:05:37.708] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info > ssl: 0x7fffe0016ba0 where: 8193 ret: 1 > [Dec 18 15:05:37.708] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info > ssl: 0x7fffe0016ba0 where: 8193 ret: 1 > [Dec 18 15:05:37.708] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info > ssl: 0x7fffe0016ba0 where: 8194 ret: -1 > [Dec 18 15:05:37.708] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info > ssl: 0x7fffe0016ba0 where: 8194 ret: -1 > [Dec 18 15:05:37.708] Server {0x7ffff1199700} DEBUG: > <SSLNetVConnection.cc:574 (sslServerHandShakeEvent)> (ssl) SSL handshake > error: SSL_ERROR_WANT_READ (2), errno=11 > [Dec 18 15:05:37.881] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info > ssl: 0x7fffe0000910 where: 16388 ret: 563 > [Dec 18 15:05:37.881] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info > ssl: 0x7fffe0000910 where: 8194 ret: 0 > [Dec 18 15:05:37.881] Server {0x7ffff1199700} DEBUG: (ssl) > SSL::140737238374144:error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert > decrypt error:s3_pkt.c:1260:SSL alert number 51: peer address is 172.16.0.2 > [Dec 18 15:05:37.881] Server {0x7ffff1199700} DEBUG: > <SSLNetVConnection.cc:574 (sslServerHandShakeEvent)> (ssl) SSL handshake > error: SSL_ERROR_SSL (1), errno=0 > [Dec 18 15:05:37.890] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info > ssl: 0x7fffe0016ba0 where: 16388 ret: 563 > [Dec 18 15:05:37.891] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info > ssl: 0x7fffe0016ba0 where: 8194 ret: 0 > [Dec 18 15:05:37.891] Server {0x7ffff1199700} DEBUG: (ssl) > SSL::140737238374144:error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert > decrypt error:s3_pkt.c:1260:SSL alert number 51: peer address is 172.16.0.2 > [Dec 18 15:05:37.891] Server {0x7ffff1199700} DEBUG: > <SSLNetVConnection.cc:574 (sslServerHandShakeEvent)> (ssl) SSL handshake > error: SSL_ERROR_SSL (1), errno=0 > [Dec 18 15:05:38.066] Server {0x7ffff1199700} DEBUG: (ssl) > [SSLNextProtocolAccept:mainEvent] event 202 netvc 0x7fffe8017ae0 > [Dec 18 15:05:38.066] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info > ssl: 0x7fffe0016ba0 where: 16 ret: 1 > [Dec 18 15:05:38.066] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info > ssl: 0x7fffe0016ba0 where: 8193 ret: 1 > [Dec 18 15:05:38.066] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info > ssl: 0x7fffe0016ba0 where: 16392 ret: 598 > [Dec 18 15:05:38.066] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info > ssl: 0x7fffe0016ba0 where: 8194 ret: -1 > [Dec 18 15:05:38.066] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info > ssl: 0x7fffe0016ba0 where: 8194 ret: -1 > [Dec 18 15:05:38.066] Server {0x7ffff1199700} DEBUG: (ssl) > SSL::140737238374144:error:140A1175:SSL > routines:SSL_BYTES_TO_CIPHER_LIST:inappropriate fallback:ssl_lib.c:1501: peer > address is 172.16.0.2 > [Dec 18 15:05:38.066] Server {0x7ffff1199700} DEBUG: > <SSLNetVConnection.cc:574 (sslServerHandShakeEvent)> (ssl) SSL handshake > error: SSL_ERROR_SSL (1), errno=0 > n > {code} > I was trying to get some help via the IRC channel (see the attach png). any > idea what can be done? > I'm willing to write a patch - but will need some guide lines here.... > Thank You > Sassy -- This message was sent by Atlassian JIRA (v6.3.4#6332)