On Mon, Sep 08, 2014 at 02:36:20PM -0700, Norm Green wrote: > Thanks Victor. I don't have a handshake recording for these stacks. The > problem occurs intermittently.
Any chance you can capture enough sessions to also nab one (full-size packet capture) that ran into the problem? > I've dumped the SSL state and method objects > for the server and client. Anything else you want to see while the > processes are still alive? > > Here's the SSL state and method from the server: > > (gdb) p *s > $1 = {version = 770, type = 8192, method = 0x7f666a831040 > <TLSv1_1_server_method_data.15190>, rbio = 0x1082990, wbio = 0x1090e80, bbio > = 0x1090e80, rwstate = 3, in_handshake = 1, > handshake_func = 0x7f666a53b962 <ssl3_accept>, server = 1, new_session = > 0, quiet_shutdown = 0, shutdown = 0, state = 8609, rstate = 240, init_buf = > 0x1082ef0, init_msg = 0x1082f14, init_num = 24, > init_off = 0, packet = 0x1088473 "\026\003\002", packet_length = 0, s2 = > 0x0, s3 = 0x10824b0, d1 = 0x0, read_ahead = 0, msg_callback = 0x0, > msg_callback_arg = 0x0, hit = 0, param = 0x1081f30, > cipher_list = 0x0, cipher_list_by_id = 0x0, mac_flags = 0, enc_read_ctx = > 0x1093830, read_hash = 0x1093980, expand = 0x0, enc_write_ctx = 0x0, > write_hash = 0x0, compress = 0x0, cert = 0x1081e00, > sid_ctx_length = 0, sid_ctx = '\000' <repeats 31 times>, session = > 0x1093020, Much of the interesting state is in the session, so also: p s->session[0] > And from the client: > > $1 = {version = 770, type = 4096, method = 0x7f91b3b04a40 > <TLSv1_1_client_method_data.15190>, rbio = 0x2585720, wbio = 0x260c210, bbio > = 0x260c210, rwstate = 3, in_handshake = 1, > handshake_func = 0x7f91b38002df <ssl3_connect>, server = 0, new_session = > 0, quiet_shutdown = 0, shutdown = 2, state = 4576, rstate = 240, init_buf = > 0x260c290, init_msg = 0x2614364, init_num = 0, > init_off = 0, packet = 0x2580093 "\025\003\002", packet_length = 0, s2 = > 0x0, s3 = 0x253d720, d1 = 0x0, read_ahead = 0, msg_callback = 0x0, > msg_callback_arg = 0x0, hit = 0, param = 0x260c3c0, > cipher_list = 0x0, cipher_list_by_id = 0x0, mac_flags = 0, enc_read_ctx = > 0x0, read_hash = 0x0, expand = 0x0, enc_write_ctx = 0x253e590, write_hash = > 0x2612420, compress = 0x0, cert = 0x25855e0, > sid_ctx_length = 0, sid_ctx = '\000' <repeats 31 times>, session = > 0x2619900, Ditto here: p s->session[0] > generate_session_id = 0x0, verify_mode = 0, verify_callback = > 0x0, info_callback = 0x0, error = 0, error_code = 0, > psk_client_callback = 0x0, psk_server_callback = 0x0, ctx = 0x26127a0, > debug = 0, verify_result = 0, ex_data = {sk = 0x0, dummy = 0}, client_CA = > 0x0, references = 1, options = 4, mode = 4, > max_cert_list = 102400, first_packet = 0, client_version = 770, > max_send_fragment = 16384, tlsext_debug_cb = 0x0, tlsext_debug_arg = 0x0, > tlsext_hostname = 0x0, servername_done = 0, tlsext_status_type = -1, > tlsext_status_expected = 0, tlsext_ocsp_ids = 0x0, tlsext_ocsp_exts = 0x0, > tlsext_ocsp_resp = 0x0, tlsext_ocsp_resplen = -1, tlsext_ticket_expected = > 1, tlsext_ecpointformatlist_length = 0, > tlsext_ecpointformatlist = 0x0, tlsext_ellipticcurvelist_length = 0, > tlsext_ellipticcurvelist = 0x0, tlsext_opaque_prf_input = 0x0, > tlsext_opaque_prf_input_len = 0, tlsext_session_ticket = 0x0, > tls_session_ticket_ext_cb = 0x0, tls_session_ticket_ext_cb_arg = 0x0, > tls_session_secret_cb = 0x0, tls_session_secret_cb_arg = 0x0, initial_ctx = > 0x26127a0, next_proto_negotiated = 0x0, > next_proto_negotiated_len = 0 '\000', srtp_profiles = 0x0, srtp_profile = > 0x0, tlsext_heartbeat = 1, tlsext_hb_pending = 0, tlsext_hb_seq = 0, > renegotiate = 0, srp_ctx = {SRP_cb_arg = 0x0, > TLS_ext_srp_username_callback = 0x0, SRP_verify_param_callback = 0x0, > SRP_give_srp_client_pwd_callback = 0x7f91b380a53f > <srp_password_from_info_cb>, login = 0x2509ef0 "qauser3", N = 0x26198d0, > g = 0x257f4e0, s = 0x257f510, B = 0x257f570, A = 0x257f6b0, a = > 0x257f630, b = 0x0, v = 0x0, info = 0x253d188 "junkfish", strength = 1024, > srp_Mask = 1024}} If the string "junkfish" is sensitive, you may want to change passwords... -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org