[jira] [Commented] (TS-3249) OpenSSL Engine with ATS

Susan Hinrichs (JIRA) Wed, 27 Jan 2016 08:16:35 -0800

    [ 
https://issues.apache.org/jira/browse/TS-3249?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15119683#comment-15119683
 ]


Susan Hinrichs commented on TS-3249:
------------------------------------

I'm looking into this.  I need to do something similar.  Right now, I'm hard 
coding the engine load, but we should be able to do leverage the normal 
registration mechanism.

> OpenSSL Engine with ATS
> -----------------------
>
>                 Key: TS-3249
>                 URL: https://issues.apache.org/jira/browse/TS-3249
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: SSL
>            Reporter: Sassy Natan
>            Assignee: Bryan Call
>             Fix For: 6.2.0
>
>         Attachments: xUntitled.png
>
>
> Hi,
> I'm developing some c++ code to include a new engine support under openssl. 
> If you look into the openssl command you will find something like
> "openssl engine -t -v"
> This will print the know openssl engines your system is currently working 
> with. You can change the default or add a new engine support by configure 
> /etc/ssl/openssl.cnf file depending on your linux version. (I used ubuntu).
> Anyway, my own engine is already working with Apache Web Server (using 
> SSLCryptoDevice), same as Nginx, HXProxy and OpenSSH.
> Testing it with ATS failed.
> I compile the code myself, include the debug information and test it with GDB.
> {code}
> [Dec 18 15:05:37.693] Server {0x7ffff1199700} DEBUG: (ssl) advertising 
> protocol http/1.0
> [Dec 18 15:05:37.693] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info 
> ssl: 0x7fffe0000910 where: 8193 ret: 1
> [Dec 18 15:05:37.693] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info 
> ssl: 0x7fffe0000910 where: 8193 ret: 1
> [Dec 18 15:05:37.700] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info 
> ssl: 0x7fffe0000910 where: 8193 ret: 1
> [Dec 18 15:05:37.700] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info 
> ssl: 0x7fffe0000910 where: 8193 ret: 1
> [Dec 18 15:05:37.700] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info 
> ssl: 0x7fffe0000910 where: 8193 ret: 1
> [Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info 
> ssl: 0x7fffe0000910 where: 8194 ret: -1
> [Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info 
> ssl: 0x7fffe0000910 where: 8194 ret: -1
> [Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: 
> <SSLNetVConnection.cc:574 (sslServerHandShakeEvent)> (ssl) SSL handshake 
> error: SSL_ERROR_WANT_READ (2), errno=11
> [Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) 
> [SSLNextProtocolAccept:mainEvent] event 202 netvc 0x7fffe8017ae0
> [Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info 
> ssl: 0x7fffe0016ba0 where: 16 ret: 1
> [Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info 
> ssl: 0x7fffe0016ba0 where: 8193 ret: 1
> [Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) 
> ssl_servername_callback ssl=0x7fffe0016ba0 ad=112 lookup=0x11df720 
> server=(null) handshake_complete=0
> [Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) 
> ssl_servername_callback found SSL context 0x11e0ad0 for requested name 
> '(null)'
> [Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info 
> ssl: 0x7fffe0016ba0 where: 8193 ret: 1
> [Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info 
> ssl: 0x7fffe0016ba0 where: 8193 ret: 1
> [Dec 18 15:05:37.701] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info 
> ssl: 0x7fffe0016ba0 where: 8193 ret: 1
> [Dec 18 15:05:37.708] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info 
> ssl: 0x7fffe0016ba0 where: 8193 ret: 1
> [Dec 18 15:05:37.708] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info 
> ssl: 0x7fffe0016ba0 where: 8193 ret: 1
> [Dec 18 15:05:37.708] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info 
> ssl: 0x7fffe0016ba0 where: 8193 ret: 1
> [Dec 18 15:05:37.708] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info 
> ssl: 0x7fffe0016ba0 where: 8194 ret: -1
> [Dec 18 15:05:37.708] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info 
> ssl: 0x7fffe0016ba0 where: 8194 ret: -1
> [Dec 18 15:05:37.708] Server {0x7ffff1199700} DEBUG: 
> <SSLNetVConnection.cc:574 (sslServerHandShakeEvent)> (ssl) SSL handshake 
> error: SSL_ERROR_WANT_READ (2), errno=11
> [Dec 18 15:05:37.881] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info 
> ssl: 0x7fffe0000910 where: 16388 ret: 563
> [Dec 18 15:05:37.881] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info 
> ssl: 0x7fffe0000910 where: 8194 ret: 0
> [Dec 18 15:05:37.881] Server {0x7ffff1199700} DEBUG: (ssl) 
> SSL::140737238374144:error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert 
> decrypt error:s3_pkt.c:1260:SSL alert number 51: peer address is 172.16.0.2
> [Dec 18 15:05:37.881] Server {0x7ffff1199700} DEBUG: 
> <SSLNetVConnection.cc:574 (sslServerHandShakeEvent)> (ssl) SSL handshake 
> error: SSL_ERROR_SSL (1), errno=0
> [Dec 18 15:05:37.890] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info 
> ssl: 0x7fffe0016ba0 where: 16388 ret: 563
> [Dec 18 15:05:37.891] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info 
> ssl: 0x7fffe0016ba0 where: 8194 ret: 0
> [Dec 18 15:05:37.891] Server {0x7ffff1199700} DEBUG: (ssl) 
> SSL::140737238374144:error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert 
> decrypt error:s3_pkt.c:1260:SSL alert number 51: peer address is 172.16.0.2
> [Dec 18 15:05:37.891] Server {0x7ffff1199700} DEBUG: 
> <SSLNetVConnection.cc:574 (sslServerHandShakeEvent)> (ssl) SSL handshake 
> error: SSL_ERROR_SSL (1), errno=0
> [Dec 18 15:05:38.066] Server {0x7ffff1199700} DEBUG: (ssl) 
> [SSLNextProtocolAccept:mainEvent] event 202 netvc 0x7fffe8017ae0
> [Dec 18 15:05:38.066] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info 
> ssl: 0x7fffe0016ba0 where: 16 ret: 1
> [Dec 18 15:05:38.066] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info 
> ssl: 0x7fffe0016ba0 where: 8193 ret: 1
> [Dec 18 15:05:38.066] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info 
> ssl: 0x7fffe0016ba0 where: 16392 ret: 598
> [Dec 18 15:05:38.066] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info 
> ssl: 0x7fffe0016ba0 where: 8194 ret: -1
> [Dec 18 15:05:38.066] Server {0x7ffff1199700} DEBUG: (ssl) ssl_callback_info 
> ssl: 0x7fffe0016ba0 where: 8194 ret: -1
> [Dec 18 15:05:38.066] Server {0x7ffff1199700} DEBUG: (ssl) 
> SSL::140737238374144:error:140A1175:SSL 
> routines:SSL_BYTES_TO_CIPHER_LIST:inappropriate fallback:ssl_lib.c:1501: peer 
> address is 172.16.0.2
> [Dec 18 15:05:38.066] Server {0x7ffff1199700} DEBUG: 
> <SSLNetVConnection.cc:574 (sslServerHandShakeEvent)> (ssl) SSL handshake 
> error: SSL_ERROR_SSL (1), errno=0
> n
> {code}
> I was trying to get some help via the IRC channel (see the attach png). any 
> idea what can be done?
> I'm willing to write a patch - but will need some guide lines here....
> Thank You
> Sassy



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (TS-3249) OpenSSL Engine with ATS

Reply via email to