[
https://issues.apache.org/jira/browse/TS-3424?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14357340#comment-14357340
]
Brian Geffon commented on TS-3424:
----------------------------------
Given [~shinrich] 's latest patch and the following change to SSL_accept:
{code}
ssl_error_t
SSLAccept(SSL * ssl)
{
+ ERR_clear_error();
int ret = SSL_accept(ssl);
if (ret > 0) {
return SSL_ERROR_NONE;
}
- return SSL_get_error(ssl, ret);
+ int ssl_error = SSL_get_error(ssl, ret);
+
+ if (ssl_error == SSL_ERROR_SSL) {
+ char buf[512];
+ unsigned long e = ERR_get_error();
+ ERR_error_string_n(e, buf, sizeof(buf));
+ Debug("ssl.error.accept", "SSL accept returned %d, ssl_error=%ld,
ERR_get_error=%d (%s)", ret, ssl_error, e, buf);
+ }
+
+ return ssl_error;
}
{code}
I get the following error distribution after only a few minutes running
https://paste.apache.org/j1nc
> SSL error: SSL3_GET_RECORD:decryption failed or bad record mac
> --------------------------------------------------------------
>
> Key: TS-3424
> URL: https://issues.apache.org/jira/browse/TS-3424
> Project: Traffic Server
> Issue Type: Bug
> Components: Core, SSL
> Reporter: Brian Geffon
> Assignee: Brian Geffon
> Fix For: 6.0.0
>
> Attachments: ts-3424-2.diff, ts-3424-3.diff, ts-3424-for-52-2.diff,
> ts-3424-for-52.diff, ts-3424.diff, undo-handshake-buffer.diff
>
>
> Starting with 5.2.x we're seeing SSL_ERROR_SSL type errors in
> {{ssl_read_from_net}}, when calling OpenSSL's {{ERR_error_string_n}} we see
> the error is {{1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad
> record mac}}.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
