>
> Just an educated guess but looks like it is failing in a call to
> ssl3_GetSessionTicketKeysPKCS11() which calls:
>
> if (PR_CallOnceWithArg(&generate_session_keys_once,
> ssl3_GenerateSessionTicketKeysPKCS11, ss) != PR_SUCCESS)
> return SECFailure;
>
> Unfortunately the symbols are still missing from your build so its hard
> to know why.
Hello,
after I disabled the stripping in my Yocto Environment I got finaly some
debug symbols in my gdb on the target.
according to the gdb output (see below) the SegFault is located in:
nss/lib/ssl/ssl3ext.c:166
static PRStatus
ssl3_GenerateSessionTicketKeysPKCS11(void *data)
{
SECStatus rv;
sslSocket *ss = (sslSocket *)data;
SECKEYPrivateKey *svrPrivKey = ss->serverCerts[kt_rsa].SERVERKEY;
SECKEYPublicKey *svrPubKey = ss->serverCerts[kt_rsa].serverKeyPair->pubKey;
it looks for me that the access to the array goes wrong here (kt_rsa)
I wonder why he tries to access a rsa cert here, instead of some ECC certs.
Should I file a bug for this? if yes where is the right place?
Probably a fix for me is to replace kt_rsa with kt_ecdh here. I'll try
it tomorrow.
Best regards,
Oliver
gdb httpd
GNU gdb (GDB) 7.9.1
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "arm-poky-linux-gnueabi".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from httpd...done.
(gdb) run -X -e debug -k start
Starting program: /usr/sbin/httpd -X -e debug -k start
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/libthread_db.so.1".
[Wed Mar 02 14:44:57.512652 2016] [so:debug] [pid 460] mod_so.c(266): AH01575:
loaded module authn_file_module from /usr/lib/apache2/modules/mod_authn_file.so
[Wed Mar 02 14:44:57.568812 2016] [so:debug] [pid 460] mod_so.c(266): AH01575:
loaded module authn_core_module from /usr/lib/apache2/modules/mod_authn_core.so
[Wed Mar 02 14:44:57.624501 2016] [so:debug] [pid 460] mod_so.c(266): AH01575:
loaded module authz_host_module from /usr/lib/apache2/modules/mod_authz_host.so
[Wed Mar 02 14:44:57.685207 2016] [so:debug] [pid 460] mod_so.c(266): AH01575:
loaded module authz_groupfile_module from
/usr/lib/apache2/modules/mod_authz_groupfile.so
[Wed Mar 02 14:44:57.742440 2016] [so:debug] [pid 460] mod_so.c(266): AH01575:
loaded module authz_user_module from /usr/lib/apache2/modules/mod_authz_user.so
[Wed Mar 02 14:44:57.807374 2016] [so:debug] [pid 460] mod_so.c(266): AH01575:
loaded module authz_core_module from /usr/lib/apache2/modules/mod_authz_core.so
[Wed Mar 02 14:44:57.868316 2016] [so:debug] [pid 460] mod_so.c(266): AH01575:
loaded module access_compat_module from
/usr/lib/apache2/modules/mod_access_compat.so
[Wed Mar 02 14:44:57.932376 2016] [so:debug] [pid 460] mod_so.c(266): AH01575:
loaded module auth_basic_module from /usr/lib/apache2/modules/mod_auth_basic.so
[Wed Mar 02 14:44:58.000811 2016] [so:debug] [pid 460] mod_so.c(266): AH01575:
loaded module socache_shmcb_module from
/usr/lib/apache2/modules/mod_socache_shmcb.so
[Wed Mar 02 14:44:58.069304 2016] [so:debug] [pid 460] mod_so.c(266): AH01575:
loaded module reqtimeout_module from /usr/lib/apache2/modules/mod_reqtimeout.so
[Wed Mar 02 14:44:58.138680 2016] [so:debug] [pid 460] mod_so.c(266): AH01575:
loaded module filter_module from /usr/lib/apache2/modules/mod_filter.so
[Wed Mar 02 14:44:58.247928 2016] [so:debug] [pid 460] mod_so.c(266): AH01575:
loaded module deflate_module from /usr/lib/apache2/modules/mod_deflate.so
[Wed Mar 02 14:44:58.322509 2016] [so:debug] [pid 460] mod_so.c(266): AH01575:
loaded module mime_module from /usr/lib/apache2/modules/mod_mime.so
[Wed Mar 02 14:44:58.408413 2016] [so:debug] [pid 460] mod_so.c(266): AH01575:
loaded module log_config_module from /usr/lib/apache2/modules/mod_log_config.so
[Wed Mar 02 14:44:58.481900 2016] [so:debug] [pid 460] mod_so.c(266): AH01575:
loaded module env_module from /usr/lib/apache2/modules/mod_env.so
[Wed Mar 02 14:44:58.564765 2016] [so:debug] [pid 460] mod_so.c(266): AH01575:
loaded module headers_module from /usr/lib/apache2/modules/mod_headers.so
[Wed Mar 02 14:44:58.643176 2016] [so:debug] [pid 460] mod_so.c(266): AH01575:
loaded module setenvif_module from /usr/lib/apache2/modules/mod_setenvif.so
[Wed Mar 02 14:44:58.723306 2016] [so:debug] [pid 460] mod_so.c(266): AH01575:
loaded module version_module from /usr/lib/apache2/modules/mod_version.so
[Wed Mar 02 14:45:00.884109 2016] [so:debug] [pid 460] mod_so.c(266): AH01575:
loaded module nss_module from /usr/lib/apache2/modules/libmodnss.so
[Wed Mar 02 14:45:00.987275 2016] [so:debug] [pid 460] mod_so.c(266): AH01575:
loaded module mpm_prefork_module from
/usr/lib/apache2/modules/mod_mpm_prefork.so
[Wed Mar 02 14:45:01.079230 2016] [so:debug] [pid 460] mod_so.c(266): AH01575:
loaded module unixd_module from /usr/lib/apache2/modules/mod_unixd.so
[Wed Mar 02 14:45:01.177941 2016] [so:debug] [pid 460] mod_so.c(266): AH01575:
loaded module status_module from /usr/lib/apache2/modules/mod_status.so
[Wed Mar 02 14:45:01.281979 2016] [so:debug] [pid 460] mod_so.c(266): AH01575:
loaded module autoindex_module from /usr/lib/apache2/modules/mod_autoindex.so
[Wed Mar 02 14:45:01.378092 2016] [so:debug] [pid 460] mod_so.c(266): AH01575:
loaded module dir_module from /usr/lib/apache2/modules/mod_dir.so
[Wed Mar 02 14:45:01.476646 2016] [so:debug] [pid 460] mod_so.c(266): AH01575:
loaded module alias_module from /usr/lib/apache2/modules/mod_alias.so
[ 2985.141330] TCP: request_sock_TCP: Possible SYN flooding on port 443.
Dropping request. Check SNMP counters.
Program received signal SIGSEGV, Segmentation fault.
ssl3_GenerateSessionTicketKeysPKCS11 (data=0x17b040) at ssl3ext.c:166
166 ssl3ext.c: No such file or directory.
(gdb) backtrace
#0 ssl3_GenerateSessionTicketKeysPKCS11 (data=0x17b040) at ssl3ext.c:166
#1 0x769ac830 in PR_CallOnceWithArg (
once=0x76b5e04c <generate_session_keys_once>,
func=0x76b366d0 <ssl3_GenerateSessionTicketKeysPKCS11>,
arg=arg@entry=0x17b040)
at
/home/graute/5411_IBIS/yocto/build-imx6ulevk/tmp/work/cortexa7hf-vfp-neon-poky-linux-gnueabi/nspr/4.10.8-r1/nspr-4.10.8/nspr/pr/src/misc/prinit.c:804
#2 0x76b359ac in ssl3_GetSessionTicketKeysPKCS11 (ss=ss@entry=0x17b040,
aes_key=0x7effea44, aes_key@entry=0x7effea3c, mac_key=0x7effea48,
mac_key@entry=0x7effea40) at ssl3ext.c:197
#3 0x76b37980 in ssl3_SendNewSessionTicket (ss=ss@entry=0x17b040)
at ssl3ext.c:1132
#4 0x76b2d5bc in ssl3_HandleFinished (hashes=<optimized out>,
length=<optimized out>,
b=0x18284c
")|\217\266\373f\216\206vq?\r\004\254\250\254\301\344\373\037\261}*d\252\027\022\005\035\202\240\340\065v\214\225M\036^p\002!",
ss=0x17b040)
at ssl3con.c:11293
#5 ssl3_HandleHandshakeMessage (ss=ss@entry=0x17b040,
b=0x18284c
")|\217\266\373f\216\206vq?\r\004\254\250\254\301\344\373\037\261}*d\252\027\022\005\035\202\240\340\065v\214\225M\036^p\002!",
length=<optimized out>) at ssl3con.c:11649
#6 0x76b2f914 in ssl3_HandleHandshake (origBuf=0xd, ss=0x17b040)
at ssl3con.c:11723
---Type <return> to continue, or q <return> to quit---
#7 ssl3_HandleRecord (ss=ss@entry=0x17b040, cText=cText@entry=0x7efff7ec,
databuf=0xd, databuf@entry=0x17b2c0) at ssl3con.c:12392
#8 0x76b30be8 in ssl3_GatherCompleteHandshake (ss=0x17b040, flags=0)
at ssl3gthr.c:378
#9 0x76b31764 in ssl_GatherRecord1stHandshake (ss=0x17b040) at sslcon.c:1213
#10 0x76b39d28 in ssl_Do1stHandshake (ss=ss@entry=0x17b040) at sslsecur.c:109
#11 0x76b3afc0 in ssl_SecureRecv (ss=0x17b040, buf=0x187088 "", len=8192,
flags=0) at sslsecur.c:1227
#12 0x76b3ea50 in ssl_Read (fd=<optimized out>, buf=0x187088, len=8192)
at sslsock.c:2397
#13 0x76b6c4e4 in nss_io_input_read (inctx=inctx@entry=0x187068,
buf=buf@entry=0x187088 "", len=len@entry=0x7efff8c4)
at
/home/graute/5411_IBIS/yocto/build-imx6ulevk/tmp/work/cortexa7hf-vfp-neon-poky-linux-gnueabi/modnss/1.0.12-r0/mod_nss-1.0.12/nss_engine_io.c:353
#14 0x76b6d190 in nss_io_input_getline (len=0x7efff8b8, buf=0x187088 "",
inctx=0x187068)
at
/home/graute/5411_IBIS/yocto/build-imx6ulevk/tmp/work/cortexa7hf-vfp-neon-poky-linux-gnueabi/modnss/1.0.12-r0/mod_nss-1.0.12/nss_engine_io.c:460
#15 nss_io_filter_input (f=0x189090, bb=0x18df58, mode=<optimized out>,
block=<optimized out>, readbytes=0)
at
/home/graute/5411_IBIS/yocto/build-imx6ulevk/tmp/work/cortexa7hf-vfp-neon-poky-linux-gnueabi/modnss/1.0.12-r0/mod_nss-1.0.12/nss_engine_io.c:790
#16 0x0002d9a0 in ap_rgetline_core (s=s@entry=0x18d0d0, n=20, read=0x18d0b8,
_______________________________________________
Mod_nss-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/mod_nss-list
