Re: [Libevent-users] SSL problems after update to libeven 2.1.8

On 24. Jan 2018, at 16:53, Azat Khuzhin <a3at.mail@xxxxxxxxx> wrote:

On Wed, Jan 24, 2018 at 09:55:15AM +0100, Alexander Rojas wrote:
I did the update, the problem changed from the accept to the recv call.
While now it can `accept()` socket connections, the `recv` callback fails.
I need to investigate further here, but it behaves just like the macosx
problem.

And every accept() fails, yes?

So far, yes

#2 0x00007ffff725dc48 in do_handshake (bev_ssl=0x7fffe4001a10) at
bufferevent_openssl.c:1053

Can you print the value of "err" here?

If not (it is optimized out or smth else) maybe you can use ltrace to
get it i.e.
ltrace -f -e SSL_get_error ...

It was definitely optimized out, however with the ltrace this is what I get from the test output:

```

WARNING: Logging before InitGoogleLogging() is written to STDERR

I0129 11:01:11.040802 13278 openssl.cpp:504] CA file path is unspecified! NOTE: Set CA file path with LIBPROCESS_SSL_CA_FILE=<filepath>

I0129 11:01:11.040874 13278 openssl.cpp:509] CA directory path unspecified! NOTE: Set CA directory path with LIBPROCESS_SSL_CA_DIR=<dirpath>

I0129 11:01:11.040904 13278 openssl.cpp:514] Will not verify peer certificate!

NOTE: Set LIBPROCESS_SSL_VERIFY_CERT=1 to enable peer certificate verification

I0129 11:01:11.040935 13278 openssl.cpp:520] Will only verify peer certificate if presented!

NOTE: Set LIBPROCESS_SSL_REQUIRE_CERT=1 to require peer certificate verification

[pid 13292] --- Called exec() ---

WARNING: Logging before InitGoogleLogging() is written to STDERR

I0129 11:01:11.090569 13292 openssl.cpp:504] CA file path is unspecified! NOTE: Set CA file path with LIBPROCESS_SSL_CA_FILE=<filepath>

I0129 11:01:11.090746 13292 openssl.cpp:509] CA directory path unspecified! NOTE: Set CA directory path with LIBPROCESS_SSL_CA_DIR=<dirpath>

I0129 11:01:11.090777 13292 openssl.cpp:514] Will not verify peer certificate!

NOTE: Set LIBPROCESS_SSL_VERIFY_CERT=1 to enable peer certificate verification

I0129 11:01:11.090806 13292 openssl.cpp:520] Will only verify peer certificate if presented!

NOTE: Set LIBPROCESS_SSL_REQUIRE_CERT=1 to require peer certificate verification

[pid 13305] --- SIGPIPE (Broken pipe) ---

[pid 13305] libevent_openssl-2.1.so.6->SSL_get_error(0x204e3d0, 0xffffffff, -192, 0) = 5

[pid 13305] libevent_openssl-2.1.so.6->SSL_get_error(0x204e3d0, 0xffffffff, 0x140750dd, 0) = 1

[pid 13291] libevent_openssl-2.1.so.6->SSL_get_error(0x7f95b8000e60, 0xffffffff, -192, 0) = 2

[pid 13305] --- SIGSEGV (Segmentation fault) ---

[pid 13304] +++ killed by SIGSEGV +++

[pid 13303] +++ killed by SIGSEGV +++

[pid 13302] +++ killed by SIGSEGV +++

[pid 13301] +++ killed by SIGSEGV +++

[pid 13300] +++ killed by SIGSEGV +++

[pid 13299] +++ killed by SIGSEGV +++

[pid 13298] +++ killed by SIGSEGV +++

[pid 13297] +++ killed by SIGSEGV +++

[pid 13296] +++ killed by SIGSEGV +++

[pid 13295] +++ killed by SIGSEGV +++

[pid 13294] +++ killed by SIGSEGV +++

[pid 13293] +++ killed by SIGSEGV +++

[pid 13305] +++ killed by SIGSEGV +++

[pid 13292] +++ killed by SIGSEGV +++

[pid 13278] --- SIGCHLD (Child exited) ---

[pid 13291] libevent_openssl-2.1.so.6->SSL_get_error(0x7f95b8000e60, 0, 11, 0) = 5

../../../3rdparty/libprocess/src/tests/ssl_tests.cpp:254: Failure

(socket).failure(): Failed accept: connection error: error:00000000:lib(0):func(0):reason(0)

```

(I verified and SSL_get_error() should be dynamic symbol, not macro, so
this should helps)

I also verified our use of `BEV_OPT_DEFER_CALLBACKS` and we do not use it for listening sockets, so my backtrace should be alright. Connecting sockets do use the flag however.

Thanks again for your time.

P.S. BTW you client corrupts traces (by wrapping lines)
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with
unsubscribe libevent-users in the body.