Hi Ben,
On Friday, November 23, 2012 10:06:29 AM UTC, Ben Noordhuis wrote:
>
>
> I don't see why a change to the crypto/tls API is necessary. Haraka
> just needs to be a little more flexible here.
>
> By the way, the value of SSL_OP_ALL is 0x80000bff, not 0x80000000
> (2147486719 vs 2147483648). That value in the commit log was just for
> demonstration purposes, it's the smallest value that shows the
> wraparound behavior.
>
Ok - looking at lib/tls.js with fresh eyes this morning; I can see I
misunderstood
how they are set.
I've recompiled my node with your patch to node.h now; I can confirm that
SSL_OP_ALL still does not rectify this error.
I posted to the OpenSSL mailing list last night and got the following reply
from
one of the devs:
--SNIP--
The function EVP_DecryptFinal_ex isn't often used in the TLS code and you
normally wouldn't come across this error so it may not be TLS related. You
might see it related to session tickets but that shouldn't be a fatal
error:
try SSL_OP_NO_TICKET anyway though.
I'd suggest you print out the whole error queue instead of just the top so
it
is clearer where the actual error is occurring. Alternatively a stack trace
under a debugger would be useful.
--SNIP--
I've tried SSL_OP_NO_TICKET and it does not rectify the problem; I also
can't
combine this with SSL_OP_ALL without getting another parameter error as
OR'ing both together yields: -2147463169
I added some more debug and I've got a full node stacktrace where the error
occurs:
Error: 16565968:error:06065064:digital envelope
routines:EVP_DecryptFinal_ex:bad
decrypt:../deps/openssl/openssl/crypto/evp/evp_enc.c:467:
16565968:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
decrypt:../deps/openssl/openssl/crypto/evp/evp_enc.c:467:
at CleartextStream._pusher (tls.js:656:24)
at SlabBuffer.use (tls.js:199:18)
at CleartextStream.CryptoStream._push (tls.js:483:33)
at SecurePair.cycle (tls.js:880:20)
at CleartextStream.CryptoStream.write (tls.js:267:13)
at pluggableStream.write
(/usr/lib/node_modules/Haraka/tls_socket.js:119:34)
at Connection.respond
(/usr/lib/node_modules/Haraka/connection.js:386:21)
at Connection.queue_ok_respond
(/usr/lib/node_modules/Haraka/connection.js:1386:10)
at plugins.run_next_hook.callback
(/usr/lib/node_modules/Haraka/plugins.js:280:39)
at Plugin.exports.hook_queue_ok (queue/discard:24:12)
Is there any way I can grab the full error queue from OpenSSL as requested
by the OpenSSL developer?
Kind regards,
Steve.
--
Job Board: http://jobs.nodejs.org/
Posting guidelines:
https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en
