On Fri, Jun 09, 2006 at 07:02:36PM +0200, Kurt Roeckx wrote: > On Fri, Jun 09, 2006 at 12:58:56PM +0200, Howard Chu via RT wrote: >> Howard Chu wrote:
>>> I'm seeing a lot of "bad record mac" errors when receiving a lot of >>> connection requests at once. It sounds the same as this email >>> http://www.redhat.com/archives/rhl-list/2005-May/msg01506.html >>> which unfortunately was never replied to. >>> Surrounding the SSL_accept call with its own mutex seems to resolve the >>> problem. Is that supposed to be necessary? >> Given the lack of response here, we're tracking this now as >> http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4583 >> >> The same problem occurs with 0.9.8b. > There are various bugs open in Debian that might also be related > to this: > http://bugs.debian.org/198746 > http://bugs.debian.org/212410 Please try verifying the bugs using the latest snapshot of your preferred version branch (0.9.7, 0.9.8, or 0.9.9-dev) from ftp://ftp.openssl.org/source and make sure that the affected multi-threaded applications do provide a locking callback by calling CRYPTO_set_locking_callback(). There are some recent changes in OpenSSL that may help avoid the bugs you are observing. Applications are also expected to provide a thread ID callback by calling CRYPTO_set_id_callback(), although the failure to do so should not be a problem on Linux where different threads run with different PIDs, since OpenSSL uses the PID as a default for the thread ID. (OpenSSL requires the thread ID that is an unsigned long. Not all systems may provide this, but in practice, you can work around this problem by casting a pointer of any per-thread object in shared memory space into an unsigned long; e.g., do foo=malloc(1); and then use (unsigned long)(void *)foo as the thread ID. You might want to add "assert(sizeof(void *) <= sizeof(long));" to the program if you use this approach.) ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]