ssl_callback_SSLVerify re-negotiation handshake crash

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--Apple-Mail-7-490408871
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII; format=flowed

Hello,

We are running 2.8.25-1.3.34 with openssl 0.9.7g. When using
client authentication we have crashes in ssl_callback_SSLVerify
relasted calls. Please see backtrace below.

The last entires in the log before the child httpd starts crashing is:

Awaiting re-negotiation handshake

Have anyone seen problems like this before and have a solution ?
If not, we'll go ahead and add more logging and do more debugging of
the problem.

Love


(gdb) bt
#0 CRYPTO_get_ex_data (ad=0xe8, idx=137019688) at ex_data.c:628
#1 0x4035c035 in SSL_get_ex_data (s=0x1, idx=296) at ssl_lib.c:2220
#2 0x4031cf08 in ssl_callback_SSLVerify (ok=1, ctx=0xbfffed20)
at ssl_engine_kernel.c:1507
#3 0x404125ec in internal_verify (ctx=0x87f55e0) at x509_vfy.c:880
#4 0x40411e66 in X509_verify_cert (ctx=0xbfffed20) at x509_vfy.c:306
#5 0x00000002 in ?? ()
(gdb) print *ssl
Cannot access memory at address 0x0
(gdb) print *ctx
$19 = {
ctx = 0x82aa680,
current_method = 0,
cert = 0x87f9740,
untrusted = 0x881e2e8,
purpose = 1,
trust = 2,
check_time = 0,
flags = 0,
other_ctx = 0x0,
verify = 0x40412440 ,
verify_cb = 0x4031cecd ,
get_issuer = 0x40416750 ,
check_issued = 0x40413200 ,
check_revocation = 0x40413270 ,
get_crl = 0x40413410 ,
check_crl = 0x40413460 ,
cert_crl = 0x40413700 ,
cleanup = 0,
depth = 9,
valid = 0,
last_untrusted = 2,
chain = 0x87f55e0,
error_depth = 2,
error = 0,
current_cert = 0x82ac028,
current_issuer = 0x82ac028,
current_crl = 0x0,
ex_data = {
sk = 0x881bd10,
dummy = 142729960
}


--Apple-Mail-7-490408871
content-type: application/pgp-signature; x-mac-type=70674453;
name=PGP.sig
content-description: This is a digitally signed message part
content-disposition: inline; filename=PGP.sig
content-transfer-encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFEMmb7Jyok7cfdyBYRAotHAJ49Dr3vSsxF1GTGwqdWUsLBZmbL5gCf feWm
ka4w8UbHA7vtfgBa7ugMa6U=
=DWK5
-----END PGP SIGNATURE-----

--Apple-Mail-7-490408871--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: ssl_callback_SSLVerify re-negotiation handshake crash

On Tue, Apr 04, 2006, Love Hörnquist =C5strand wrote:

> We are running 2.8.25-1.3.34 with openssl 0.9.7g. When using
> client authentication we have crashes in ssl_callback_SSLVerify
> relasted calls. Please see backtrace below.
>
> The last entires in the log before the child httpd starts crashing is:
>
> Awaiting re-negotiation handshake
>
> Have anyone seen problems like this before and have a solution ?
> If not, we'll go ahead and add more logging and do more debugging of
> the problem.
>
> Love
>
>
> (gdb) bt
> #0 CRYPTO_get_ex_data (ad=3D0xe8, idx=3D137019688) at ex_data.c:628
> #1 0x4035c035 in SSL_get_ex_data (s=3D0x1, idx=3D296) at ssl_lib.c:222=
0
> #2 0x4031cf08 in ssl_callback_SSLVerify (ok=3D1, ctx=3D0xbfffed20)
> at ssl_engine_kernel.c:1507
> #3 0x404125ec in internal_verify (ctx=3D0x87f55e0) at x509_vfy.c:880
> #4 0x40411e66 in X509_verify_cert (ctx=3D0xbfffed20) at x509_vfy.c:306
> #5 0x00000002 in ?? ()

I've checked the source and I it seems like the SSL* returned by
X509_STORE_CTX_get_app_data() at ssl_engine_kernel.c:1506 is the root of
the problem. But I've no clue why it is not a valid one for you... you
have to add more debugs to the code to determine the problem.

Ralf S. Engelschall
rse@engelschall.com
www.engelschall.com

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: ssl_callback_SSLVerify re-negotiation handshake crash

On Mon, May 08, 2006 at 08:58:42AM +0200, Ralf S. Engelschall wrote:
> On Tue, Apr 04, 2006, Love Hörnquist Åstrand wrote:
> > (gdb) bt
> > #0 CRYPTO_get_ex_data (ad=3D0xe8, idx=3D137019688) at ex_data.c:628
> > #1 0x4035c035 in SSL_get_ex_data (s=3D0x1, idx=3D296) at ssl_lib.c:2=
220

Looks like http://issues.apache.org/bugzilla/show_bug.cgi?id=3D32529 - se=
e=20
analysis from comment 11 onwards. This "shouldn't happen", but the=20
workaround http://svn.apache.org/viewcvs?view=3Drev&rev=3D111241 should b=
e=20
safe for mod_ssl 2.8 too AFAIK.

joe
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: ssl_callback_SSLVerify re-negotiation handshake crash

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--Apple-Mail-9--781309501
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=ISO-8859-1; delsp=yes; format=flowed

8 maj 2006 kl. 10.09 skrev Joe Orton:

> On Mon, May 08, 2006 at 08:58:42AM +0200, Ralf S. Engelschall wrote:
>> On Tue, Apr 04, 2006, Love Hörnquist =C5strand wrote:
>>> (gdb) bt
>>> #0 CRYPTO_get_ex_data (ad=3D0xe8, idx=3D137019688) at ex_data.c:628
>>> #1 0x4035c035 in SSL_get_ex_data (s=3D0x1, idx=3D296) at =
ssl_lib.c:2220
>
> Looks like http://issues.apache.org/bugzilla/show_bug.cgi?id=3D32529 =20=

> - see
> analysis from comment 11 onwards. This "shouldn't happen", but the
> workaround http://svn.apache.org/viewcvs?view=3Drev&rev=3D111241 =
should be
> safe for mod_ssl 2.8 too AFAIK.

I'll try the patch and report back if it still causes error after a =20
while, thank for the feedback.

Love



--Apple-Mail-9--781309501
content-type: application/pgp-signature; x-mac-type=70674453;
name=PGP.sig
content-description: This is a digitally signed message part
content-disposition: inline; filename=PGP.sig
content-transfer-encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFEYIiMJyok7cfdyBYRAuFEAKCueoBZa2ZemJFPVsKsarKSEjdJigCf duY2
RcEu9p1GcY9zzCRxoJm4zxg=
=SpKN
-----END PGP SIGNATURE-----

--Apple-Mail-9--781309501--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: ssl_callback_SSLVerify re-negotiation handshake crash

Joe Orton wrote:
> On Mon, May 08, 2006 at 08:58:42AM +0200, Ralf S. Engelschall wrote:
>=20
>>On Tue, Apr 04, 2006, Love Hörnquist Åstrand wrote:
>>
>>>(gdb) bt
>>>#0 CRYPTO_get_ex_data (ad=3D0xe8, idx=3D137019688) at ex_data.c:628
>>>#1 0x4035c035 in SSL_get_ex_data (s=3D0x1, idx=3D296) at ssl_lib.c:22=
20
>=20
> Looks like http://issues.apache.org/bugzilla/show_bug.cgi?id=3D32529 - =
see=20
> analysis from comment 11 onwards. This "shouldn't happen", but the=20
> workaround http://svn.apache.org/viewcvs?view=3Drev&rev=3D111241 should=
be=20
> safe for mod_ssl 2.8 too AFAIK.

Thaat would be cool - FWIW 1.3.35 was effectively scuttled by the new bar=
f
of Include /conf/* amoung some other conf file processing quirks with a p=
atch
that's now reverted...

JimJag plans to T&R 1.3.36 Friday, so release might come Monday. I thoug=
ht
a heads-up would be a nice courtesy, and I'm happy to answer more questio=
ns
about the other patch I proposed, as well. Would be nice to see these bo=
th,
since I've had no reports, no regressions from that scoping patch.
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org