[jira] [Commented] (TS-3216) Add HPKP (Public Key Pinning Extension for HTTP) support

bettydramit (JIRA) Wed, 08 Jul 2015 01:31:19 -0700

    [ 
https://issues.apache.org/jira/browse/TS-3216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14618213#comment-14618213
 ]


bettydramit commented on TS-3216:
---------------------------------

Sorry, for my mistake
When chmod o+x test.csr and enabled proxy.config.ssl.hpkp.enabled 1 in 
records.config
and ssl_multicert.config
dest_ip=* ssl_cert_name=test.crt ssl_key_name=test.key hpkp_enabled=1 
hpkp_max_age=300 hpkp_include_subdomains=1 hpkp_backup_csr_filename=test.csr

It works!
But only worked for Wget
{code}
 Public-Key-Pins: pin-sha256="BRotFk9Bt4Ldy9ab04f6T+84fYi3vPTBOlXvAWwptMU="; 
pin-sha256="BRotFk9Bt4Ldy9ab04f6T+84fYi3vPTBOlXvAWwptMU="; max-age=3000; 
includeSubDomains
{code}

It break when chrome get 
core bt info
{code}
Core was generated by `/usr/bin/traffic_server -M --httpport 
80:fd=7,443:fd=8:ssl'.
Program terminated with signal 11, Segmentation fault.
#0  HttpTransactHeaders::insert_hpkp_header_in_response (s=<value optimized 
out>, header=0x2b4e7c17c840) at HttpTransactHeaders.cc:823
823       const SSLCertContext *cc = ssl_vc->sslCertContext;
Missing separate debuginfos, use: debuginfo-install 
glibc-2.12-1.132.el6_5.2.x86_64 hwloc-1.5-1.el6.x86_64 
libattr-2.4.44-7.el6.x86_64 libcap-2.16-5.5.el6.x86_64 
libgcc-4.4.7-4.el6.x86_64 libstdc++-4.4.7-4.el6.x86_64 
libxml2-2.7.6-14.el6_5.2.x86_64 nss-softokn-freebl-3.14.3-10.el6_5.x86_64 
numactl-2.0.7-8.el6.x86_64 pciutils-libs-3.1.10-2.el6.x86_64 
pcre-7.8-6.el6.x86_64 spdylay-1.2.5-1.el6.x86_64 tcl-8.5.7-6.el6.x86_64 
xz-libs-4.999.9-0.3.beta.20091007git.el6.x86_64 zlib-1.2.3-29.el6.x86_64
(gdb) bt
#0  HttpTransactHeaders::insert_hpkp_header_in_response (s=<value optimized 
out>, header=0x2b4e7c17c840) at HttpTransactHeaders.cc:823
#1  0x00000000005cde57 in HttpTransact::build_response (s=0x2b4e7c17c0f8, 
base_response=0x2b4e7c17c8c0, outgoing_response=0x2b4e7c17c840, 
    outgoing_version=<value optimized out>, status_code=HTTP_STATUS_OK, 
reason_phrase=<value optimized out>) at HttpTransact.cc:7943
#2  0x00000000005d768b in 
HttpTransact::handle_cache_operation_on_forward_server_response 
(s=0x2b4e7c17c0f8) at HttpTransact.cc:4542
#3  0x00000000005e181c in HttpTransact::HandleResponse (s=0x2b4e7c17c0f8) at 
HttpTransact.cc:3328
#4  0x000000000059a0e6 in HttpSM::call_transact_and_set_next_state 
(this=0x2b4e7c17c090, f=<value optimized out>) at HttpSM.cc:6832
#5  0x00000000005ad4cf in HttpSM::handle_api_return (this=0x2b4e7c17c090) at 
HttpSM.cc:1508
#6  0x00000000005b08ff in do_api_callout (this=0x2b4e7c17c090, event=100, 
data=0x2b4e8001b318) at HttpSM.cc:390
#7  HttpSM::state_read_server_response_header (this=0x2b4e7c17c090, event=100, 
data=0x2b4e8001b318) at HttpSM.cc:1846
#8  0x00000000005afe78 in HttpSM::main_handler (this=0x2b4e7c17c090, event=100, 
data=0x2b4e8001b318) at HttpSM.cc:2534
#9  0x000000000073b840 in handleEvent (this=0x2b4e8001b200, event=<value 
optimized out>) at ../../iocore/eventsystem/I_Continuation.h:145
#10 read_signal_and_update (this=0x2b4e8001b200, event=<value optimized out>) 
at UnixNetVConnection.cc:142
#11 UnixNetVConnection::readSignalAndUpdate (this=0x2b4e8001b200, event=<value 
optimized out>) at UnixNetVConnection.cc:972
#12 0x00000000007237e5 in SSLNetVConnection::net_read_io (this=0x2b4e8001b200, 
nh=0x2b4e09f0eb40, lthread=0x2b4e09f0b010)
    at SSLNetVConnection.cc:579
#13 0x0000000000730822 in NetHandler::mainNetEvent (this=0x2b4e09f0eb40, 
event=<value optimized out>, e=<value optimized out>)
    at UnixNet.cc:516
#14 0x000000000075df15 in handleEvent (this=0x2b4e09f0b010, e=0x1fad2d0, 
calling_code=5) at I_Continuation.h:145
#15 EThread::process_event (this=0x2b4e09f0b010, e=0x1fad2d0, calling_code=5) 
at UnixEThread.cc:128
#16 0x000000000075e859 in EThread::execute (this=0x2b4e09f0b010) at 
UnixEThread.cc:252
#17 0x000000000075d35a in spawn_thread_internal (a=0x2204c30) at Thread.cc:85
#18 0x00002b4dff25a9d1 in start_thread () from /lib64/libpthread.so.0
#19 0x00002b4e00ef9b5d in clone () from /lib64/libc.so.6
(gdb) 

{code}

> Add HPKP (Public Key Pinning Extension for HTTP) support
> --------------------------------------------------------
>
>                 Key: TS-3216
>                 URL: https://issues.apache.org/jira/browse/TS-3216
>             Project: Traffic Server
>          Issue Type: New Feature
>          Components: SSL
>            Reporter: Masaori Koshiba
>              Labels: review
>             Fix For: 6.1.0
>
>         Attachments: hpkp-001.patch, hpkp-002.patch, hpkp-003.patch
>
>
> Add "Public Key Pinning Extension for HTTP" Support in Traffic Server.
> RFC 7469 Public Key Pinning Extension for HTTP
> - https://tools.ietf.org/html/rfc7469



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (TS-3216) Add HPKP (Public Key Pinning Extension for HTTP) support

Reply via email to