On Mon, Sep 08, 2014 at 02:36:20PM -0700, Norm Green wrote:
> Thanks Victor. I don't have a handshake recording for these stacks. The
> problem occurs intermittently.
Any chance you can capture enough sessions to also nab one (full-size
packet capture) that ran into the problem?
> I've dumped the SSL state and method objects
> for the server and client. Anything else you want to see while the
> processes are still alive?
>
> Here's the SSL state and method from the server:
>
> (gdb) p *s
> $1 = {version = 770, type = 8192, method = 0x7f666a831040
> <TLSv1_1_server_method_data.15190>, rbio = 0x1082990, wbio = 0x1090e80, bbio
> = 0x1090e80, rwstate = 3, in_handshake = 1,
> handshake_func = 0x7f666a53b962 <ssl3_accept>, server = 1, new_session =
> 0, quiet_shutdown = 0, shutdown = 0, state = 8609, rstate = 240, init_buf =
> 0x1082ef0, init_msg = 0x1082f14, init_num = 24,
> init_off = 0, packet = 0x1088473 "\026\003\002", packet_length = 0, s2 =
> 0x0, s3 = 0x10824b0, d1 = 0x0, read_ahead = 0, msg_callback = 0x0,
> msg_callback_arg = 0x0, hit = 0, param = 0x1081f30,
> cipher_list = 0x0, cipher_list_by_id = 0x0, mac_flags = 0, enc_read_ctx =
> 0x1093830, read_hash = 0x1093980, expand = 0x0, enc_write_ctx = 0x0,
> write_hash = 0x0, compress = 0x0, cert = 0x1081e00,
> sid_ctx_length = 0, sid_ctx = '\000' <repeats 31 times>, session =
> 0x1093020,
Much of the interesting state is in the session, so also:
p s->session[0]
> And from the client:
>
> $1 = {version = 770, type = 4096, method = 0x7f91b3b04a40
> <TLSv1_1_client_method_data.15190>, rbio = 0x2585720, wbio = 0x260c210, bbio
> = 0x260c210, rwstate = 3, in_handshake = 1,
> handshake_func = 0x7f91b38002df <ssl3_connect>, server = 0, new_session =
> 0, quiet_shutdown = 0, shutdown = 2, state = 4576, rstate = 240, init_buf =
> 0x260c290, init_msg = 0x2614364, init_num = 0,
> init_off = 0, packet = 0x2580093 "\025\003\002", packet_length = 0, s2 =
> 0x0, s3 = 0x253d720, d1 = 0x0, read_ahead = 0, msg_callback = 0x0,
> msg_callback_arg = 0x0, hit = 0, param = 0x260c3c0,
> cipher_list = 0x0, cipher_list_by_id = 0x0, mac_flags = 0, enc_read_ctx =
> 0x0, read_hash = 0x0, expand = 0x0, enc_write_ctx = 0x253e590, write_hash =
> 0x2612420, compress = 0x0, cert = 0x25855e0,
> sid_ctx_length = 0, sid_ctx = '\000' <repeats 31 times>, session =
> 0x2619900,
Ditto here: p s->session[0]
> generate_session_id = 0x0, verify_mode = 0, verify_callback =
> 0x0, info_callback = 0x0, error = 0, error_code = 0,
> psk_client_callback = 0x0, psk_server_callback = 0x0, ctx = 0x26127a0,
> debug = 0, verify_result = 0, ex_data = {sk = 0x0, dummy = 0}, client_CA =
> 0x0, references = 1, options = 4, mode = 4,
> max_cert_list = 102400, first_packet = 0, client_version = 770,
> max_send_fragment = 16384, tlsext_debug_cb = 0x0, tlsext_debug_arg = 0x0,
> tlsext_hostname = 0x0, servername_done = 0, tlsext_status_type = -1,
> tlsext_status_expected = 0, tlsext_ocsp_ids = 0x0, tlsext_ocsp_exts = 0x0,
> tlsext_ocsp_resp = 0x0, tlsext_ocsp_resplen = -1, tlsext_ticket_expected =
> 1, tlsext_ecpointformatlist_length = 0,
> tlsext_ecpointformatlist = 0x0, tlsext_ellipticcurvelist_length = 0,
> tlsext_ellipticcurvelist = 0x0, tlsext_opaque_prf_input = 0x0,
> tlsext_opaque_prf_input_len = 0, tlsext_session_ticket = 0x0,
> tls_session_ticket_ext_cb = 0x0, tls_session_ticket_ext_cb_arg = 0x0,
> tls_session_secret_cb = 0x0, tls_session_secret_cb_arg = 0x0, initial_ctx =
> 0x26127a0, next_proto_negotiated = 0x0,
> next_proto_negotiated_len = 0 '\000', srtp_profiles = 0x0, srtp_profile =
> 0x0, tlsext_heartbeat = 1, tlsext_hb_pending = 0, tlsext_hb_seq = 0,
> renegotiate = 0, srp_ctx = {SRP_cb_arg = 0x0,
> TLS_ext_srp_username_callback = 0x0, SRP_verify_param_callback = 0x0,
> SRP_give_srp_client_pwd_callback = 0x7f91b380a53f
> <srp_password_from_info_cb>, login = 0x2509ef0 "qauser3", N = 0x26198d0,
> g = 0x257f4e0, s = 0x257f510, B = 0x257f570, A = 0x257f6b0, a =
> 0x257f630, b = 0x0, v = 0x0, info = 0x253d188 "junkfish", strength = 1024,
> srp_Mask = 1024}}
If the string "junkfish" is sensitive, you may want to change
passwords...
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
