[
https://issues.apache.org/jira/browse/TS-4075?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15073524#comment-15073524
]
ASF GitHub Bot commented on TS-4075:
------------------------------------
Github user oknet commented on a diff in the pull request:
https://github.com/apache/trafficserver/pull/374#discussion_r48522460
--- Diff: iocore/net/SSLNetVConnection.cc ---
@@ -1095,6 +1105,12 @@ SSLNetVConnection::sslServerHandShakeEvent(int &err)
}
ssl_error_t ssl_error = SSLAccept(ssl);
+ // if non SNI-Hook set before or SSL Session reuse here:
+ // the sslHandshakeHookState should be HOOKS_CERT after SSLAccept().
+ // thus, set it to HOOKS_DONE directly.
+ if (HANDSHAKE_HOOKS_CERT == sslHandshakeHookState) {
+ sslHandshakeHookState = HANDSHAKE_HOOKS_DONE;
+ }
--- End diff --
please hold this pull request,I found a bug on it,and will release a new
patch.
set HookState to DONE if SSLAccept() only send a Server Hello and without
certificate.
next time, SSLAccept() send certificate to client but the HookState already
set to DONE. the default certificate will be used and no Cert Hooks called. I
will be update patch soon.
sorry ...
> segmentation fault due to reenable in SNI Hook for a closed ssl connection
> --------------------------------------------------------------------------
>
> Key: TS-4075
> URL: https://issues.apache.org/jira/browse/TS-4075
> Project: Traffic Server
> Issue Type: Bug
> Components: Plugins, SSL
> Reporter: Oknet Xu
> Fix For: 6.2.0
>
>
> I'm writing a ssl hook to look up a cert from mysql database.
> the SNI Hook stall at fetch cert from mysql database due to a database dump
> lock every mid night.
> the SSL Client got timeout and closing the connection before SNI Hook
> reenable the connection.
> Segmentation fault due to the TSVConnSSLConnectionGet() can not get a SSLVC
> during reenable the SSLVC.
> {code}
> traffic_server: Segmentation fault (Address not mapped to object [(nil)])
> traffic_server - STACK TRACE:
> /usr/bin/traffic_server(crash_logger_invoke(int, siginfo_t*,
> void*)+0xa2)[0x2b90c9955b22]
> /lib/x86_64-linux-gnu/libpthread.so.0(+0xf8d0)[0x2b90cc1ea8d0]
> /usr/lib/x86_64-linux-gnu/libstdc++.so.6(__dynamic_cast+0x60)[0x2b90cc9c3020]
> /usr/bin/traffic_server(TSVConnSSLConnectionGet+0x1e)[0x2b90c997832e]
> /usr/lib/trafficserver/modules/test-ssl.so(CertRequestContext::reenable()+0x8c)[0x2b90d5fe29dc]
> /usr/lib/trafficserver/modules/test-ssl.so(CertRequestContext::destroy()+0xe5)[0x2b90d5fe2b85]
> /usr/lib/trafficserver/modules/test-ssl.so(CertRequestContext::handler_content(tsapi_vio*)+0x29b)[0x2b90d5fe34db]
> /usr/lib/trafficserver/modules/test-ssl.so(CertRequestContext::handler_read(TSEvent,
> tsapi_vio*)+0x36)[0x2b90d5fe3526]
> /usr/lib/trafficserver/modules/test-ssl.so(CertRequestContext::dispatch(tsapi_cont*,
> TSEvent, void*)+0x95)[0x2b90d5fe35e5]
> /usr/bin/traffic_server(PluginVC::process_read_side(bool)+0x366)[0x2b90c998b0a6]
> /usr/bin/traffic_server(PluginVC::process_write_side(bool)+0x5a9)[0x2b90c998ba49]
> /usr/bin/traffic_server(PluginVC::main_handler(int,
> void*)+0x371)[0x2b90c998e1c1]
> /usr/bin/traffic_server(EThread::process_event(Event*,
> int)+0x90)[0x2b90c9bc8620]
> /usr/bin/traffic_server(EThread::execute()+0x67f)[0x2b90c9bc922f]
> /usr/bin/traffic_server(+0x369a1a)[0x2b90c9bc7a1a]
> /lib/x86_64-linux-gnu/libpthread.so.0(+0x80a4)[0x2b90cc1e30a4]
> /lib/x86_64-linux-gnu/libc.so.6(clone+0x6d)[0x2b90cd26704d]
> traffic_server: using root directory '/usr'
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
