[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [Libevent-users] SSL problems after update to libeven 2.1.8
- To: libevent-users@xxxxxxxxxxxxx
- Subject: Re: [Libevent-users] SSL problems after update to libeven 2.1.8
- From: Azat Khuzhin <a3at.mail@xxxxxxxxx>
- Date: Sun, 4 Feb 2018 22:49:05 +0300
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: libevent-users-outgoing@xxxxxxxx
- Delivered-to: libevent-users@xxxxxxxx
- Delivery-date: Sun, 04 Feb 2018 14:49:14 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=T+ltlLb5CjiPCFfnAlAg9Y9nqy9WD+LE6cYlUvu013E=; b=ey+pgjCF+YniAmdJyQb5KS4ES3qNZVJ0XqxV4pnrFMbYGQY4kZ5HhmDis+e8CkSn0S lmmmm9ZFXbV0u4XWXHmhv/2VrIx5775vqvA0+UQjJM5Q/ipQZhUvkoaVi+LKe2dgT8aT j/PhX/QPsCda9OP2HOoptcPIKyIl8U7iCibOLiYWqcFVQjNmwDPfkAUSKFRH0BgMRrnx vCTIRb940ovSQio0mVYHNr2+7QmHYIQtWsmN2Jn8HcPB67F83HM3vCQh1Jw1s+zPtZBc RVR5txkesqiGfvWapPl1cIVzMt1dIykkM5F5+Kk+obou+DIR72YeDUq/jAKP/1OOZxbX k6jQ==
- In-reply-to: <CAL2dqyP=a2V87zqZhMayrjMg--pf9L-riOxOAfpq6pT2ZB1o7g@mail.gmail.com>
- References: <631C57CE-6BA7-472A-B964-0F3C46BF9E49@mesosphere.io> <20180122202742.GN8106@azat> <CAL2dqyOXMCWcTC+oHrgLy95vOi3aZpnYSzaFMxP6yjn4Tr+uJw@mail.gmail.com> <20180124155336.GO8106@azat> <CAL2dqyP=a2V87zqZhMayrjMg--pf9L-riOxOAfpq6pT2ZB1o7g@mail.gmail.com>
- Reply-to: libevent-users@xxxxxxxxxxxxx
- Sender: owner-libevent-users@xxxxxxxxxxxxx
- User-agent: Mutt/1.9.2 (2017-12-15)
Hi Alexander,
Sorry for the delay,
> So far, yes
Great.
> NOTE: Set LIBPROCESS_SSL_REQUIRE_CERT=1 to require peer certificate
> verification
Hm, maybe something with require-cert (is this SSL_VERIFY_PEER?) ?
> [pid 13305] --- SIGPIPE (Broken pipe) ---
> [pid 13305] libevent_openssl-2.1.so.6->SSL_get_error(0x204e3d0, 0xffffffff,
> -192, 0) = 5
> [pid 13305] libevent_openssl-2.1.so.6->SSL_get_error(0x204e3d0, 0xffffffff,
> 0x140750dd, 0) = 1
> [pid 13291] libevent_openssl-2.1.so.6->SSL_get_error(0x7f95b8000e60,
> 0xffffffff, -192, 0) = 2
> [pid 13305] --- SIGSEGV (Segmentation fault) ---
> [pid 13292] +++ killed by SIGSEGV +++
> [pid 13278] --- SIGCHLD (Child exited) ---
> [pid 13291] libevent_openssl-2.1.so.6->SSL_get_error(0x7f95b8000e60, 0, 11,
> 0) = 5
> ../../../3rdparty/libprocess/src/tests/ssl_tests.cpp:254: Failure
> (socket).failure(): Failed accept: connection error:
> error:00000000:lib(0):func(0):reason(0)
> ```
I don't like SIGPIPE here, seems that under ltrace it got SIGPIPE and
you do not ignore it, am I right [1]? Could you add code to ignore it and
retry again?
[1]: https://github.com/apache/mesos/blob/abd1751aa9a305b0648f4a630acbc84e7d837783/3rdparty/libprocess/src/process.cpp#L1029
I think that something like this before start in bash will do the trick:
trap '' SIGPIPE
Or maybe it will be better if you will remove #ifdef 0/#endif for
print_err() in bufferevent_openssl.c and recompile it with it?
And the best thing that you can do is to produce a sample that I can
compile and dig into, because I think that mesos is not the thing that I
want to compile from sources for this.
> I also verified our use of `BEV_OPT_DEFER_CALLBACKS` and we do not use it
> for listening sockets, so my backtrace should be alright. Connecting
> sockets do use the flag however.
Regards,
Azat.
P.S. you email client again messed up with long lines from ltrace
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with
unsubscribe libevent-users in the body.