[jira] [Updated] (TS-4104) Wrong return value while create a new ticket on ssl_callback_session_ticket()
[ https://issues.apache.org/jira/browse/TS-4104?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Leif Hedstrom updated TS-4104: -- Summary: Wrong return value while create a new ticket on ssl_callback_session_ticket() (was: wrong return value while create a new ticket on ssl_callback_session_ticket()) > Wrong return value while create a new ticket on ssl_callback_session_ticket() > - > > Key: TS-4104 > URL: https://issues.apache.org/jira/browse/TS-4104 > Project: Traffic Server > Issue Type: Bug > Components: SSL >Affects Versions: 6.0.0, 6.1.0 >Reporter: Oknet Xu >Assignee: Bryan Call > Fix For: 6.2.0 > > > from openssl online document: > https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_tlsext_ticket_key_cb.html > The return value of the cb function is used by OpenSSL to determine what > further processing will occur. The following return values have meaning: > 2 > This indicates that the ctx and hctx have been set and the session can > continue on those parameters. Additionally it indicates that the session > ticket is in a renewal period and should be replaced. The OpenSSL library > will call cb again with an enc argument of 1 to set the new ticket (see > RFC5077 3.3 paragraph 2). > 1 > This indicates that the ctx and hctx have been set and the session can > continue on those parameters. > 0 > This indicates that it was not possible to set/retrieve a session ticket and > the SSL/TLS session will continue by by negotiating a set of cryptographic > parameters or using the alternate SSL/TLS resumption mechanism, session ids. > If called with enc equal to 0 the library will call the cb again to get a new > set of parameters. > less than 0 > This indicates an error. > {code} > 1948 if (enc == 1) { > 1949 const ssl_ticket_key_t &most_recent_key = keyblock->keys[0]; > 1950 memcpy(keyname, most_recent_key.key_name, > sizeof(most_recent_key.key_name)); > 1951 RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH); > 1952 EVP_EncryptInit_ex(cipher_ctx, EVP_aes_128_cbc(), NULL, > most_recent_key.aes_key, iv); > 1953 HMAC_Init_ex(hctx, most_recent_key.hmac_secret, > sizeof(most_recent_key.hmac_secret), evp_md_func, NULL); > 1954 > 1955 Debug("ssl", "create ticket for a new session."); > 1956 SSL_INCREMENT_DYN_STAT(ssl_total_tickets_created_stat); > 1957 return 0; > 1958 } else if (enc == 0) { > {code} > the ssl_callback_session_ticket() should return 1 after create a new ticket > but 0 here. > and the traffic.out log for current ATS release: > {code} > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) create ticket for > a new session. > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info > ssl: 0x2b0544006840 where: 8193 ret: 1 > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info > ssl: 0x2b0544006840 where: 8193 ret: 1 > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info > ssl: 0x2b0544006840 where: 8193 ret: 1 > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info > ssl: 0x2b0544006840 where: 8193 ret: 1 > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info > ssl: 0x2b0544006840 where: 32 ret: 1 > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info > ssl: 0x2b0544006840 where: 8194 ret: 1 > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) trace=FALSE > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) SSL server > handshake completed successfully > {code} > the traffic.out log if return 1 here: > {code} > [Dec 30 12:47:16.838] Server {0x2b6ec9340700} DEBUG: (ssl) create ticket for > a new session. > [Dec 30 12:47:16.838] Server {0x2b6ec9340700} DEBUG: (ssl) trace=FALSE > [Dec 30 12:47:16.838] Server {0x2b6ec9340700} DEBUG: (ssl) SSL server > handshake completed successfully > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (TS-4104) wrong return value while create a new ticket on ssl_callback_session_ticket()
[ https://issues.apache.org/jira/browse/TS-4104?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bryan Call updated TS-4104: --- Affects Version/s: 6.1.0 6.0.0 > wrong return value while create a new ticket on ssl_callback_session_ticket() > - > > Key: TS-4104 > URL: https://issues.apache.org/jira/browse/TS-4104 > Project: Traffic Server > Issue Type: Bug > Components: SSL >Affects Versions: 6.0.0, 6.1.0 >Reporter: Oknet Xu >Assignee: Bryan Call > Fix For: 6.2.0 > > > from openssl online document: > https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_tlsext_ticket_key_cb.html > The return value of the cb function is used by OpenSSL to determine what > further processing will occur. The following return values have meaning: > 2 > This indicates that the ctx and hctx have been set and the session can > continue on those parameters. Additionally it indicates that the session > ticket is in a renewal period and should be replaced. The OpenSSL library > will call cb again with an enc argument of 1 to set the new ticket (see > RFC5077 3.3 paragraph 2). > 1 > This indicates that the ctx and hctx have been set and the session can > continue on those parameters. > 0 > This indicates that it was not possible to set/retrieve a session ticket and > the SSL/TLS session will continue by by negotiating a set of cryptographic > parameters or using the alternate SSL/TLS resumption mechanism, session ids. > If called with enc equal to 0 the library will call the cb again to get a new > set of parameters. > less than 0 > This indicates an error. > {code} > 1948 if (enc == 1) { > 1949 const ssl_ticket_key_t &most_recent_key = keyblock->keys[0]; > 1950 memcpy(keyname, most_recent_key.key_name, > sizeof(most_recent_key.key_name)); > 1951 RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH); > 1952 EVP_EncryptInit_ex(cipher_ctx, EVP_aes_128_cbc(), NULL, > most_recent_key.aes_key, iv); > 1953 HMAC_Init_ex(hctx, most_recent_key.hmac_secret, > sizeof(most_recent_key.hmac_secret), evp_md_func, NULL); > 1954 > 1955 Debug("ssl", "create ticket for a new session."); > 1956 SSL_INCREMENT_DYN_STAT(ssl_total_tickets_created_stat); > 1957 return 0; > 1958 } else if (enc == 0) { > {code} > the ssl_callback_session_ticket() should return 1 after create a new ticket > but 0 here. > and the traffic.out log for current ATS release: > {code} > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) create ticket for > a new session. > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info > ssl: 0x2b0544006840 where: 8193 ret: 1 > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info > ssl: 0x2b0544006840 where: 8193 ret: 1 > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info > ssl: 0x2b0544006840 where: 8193 ret: 1 > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info > ssl: 0x2b0544006840 where: 8193 ret: 1 > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info > ssl: 0x2b0544006840 where: 32 ret: 1 > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info > ssl: 0x2b0544006840 where: 8194 ret: 1 > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) trace=FALSE > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) SSL server > handshake completed successfully > {code} > the traffic.out log if return 1 here: > {code} > [Dec 30 12:47:16.838] Server {0x2b6ec9340700} DEBUG: (ssl) create ticket for > a new session. > [Dec 30 12:47:16.838] Server {0x2b6ec9340700} DEBUG: (ssl) trace=FALSE > [Dec 30 12:47:16.838] Server {0x2b6ec9340700} DEBUG: (ssl) SSL server > handshake completed successfully > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (TS-4104) wrong return value while create a new ticket on ssl_callback_session_ticket()
[ https://issues.apache.org/jira/browse/TS-4104?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Leif Hedstrom updated TS-4104: -- Fix Version/s: (was: 6.1.0) 6.2.0 > wrong return value while create a new ticket on ssl_callback_session_ticket() > - > > Key: TS-4104 > URL: https://issues.apache.org/jira/browse/TS-4104 > Project: Traffic Server > Issue Type: Bug > Components: SSL >Reporter: Oknet Xu > Fix For: 6.2.0 > > > from openssl online document: > https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_tlsext_ticket_key_cb.html > The return value of the cb function is used by OpenSSL to determine what > further processing will occur. The following return values have meaning: > 2 > This indicates that the ctx and hctx have been set and the session can > continue on those parameters. Additionally it indicates that the session > ticket is in a renewal period and should be replaced. The OpenSSL library > will call cb again with an enc argument of 1 to set the new ticket (see > RFC5077 3.3 paragraph 2). > 1 > This indicates that the ctx and hctx have been set and the session can > continue on those parameters. > 0 > This indicates that it was not possible to set/retrieve a session ticket and > the SSL/TLS session will continue by by negotiating a set of cryptographic > parameters or using the alternate SSL/TLS resumption mechanism, session ids. > If called with enc equal to 0 the library will call the cb again to get a new > set of parameters. > less than 0 > This indicates an error. > {code} > 1948 if (enc == 1) { > 1949 const ssl_ticket_key_t &most_recent_key = keyblock->keys[0]; > 1950 memcpy(keyname, most_recent_key.key_name, > sizeof(most_recent_key.key_name)); > 1951 RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH); > 1952 EVP_EncryptInit_ex(cipher_ctx, EVP_aes_128_cbc(), NULL, > most_recent_key.aes_key, iv); > 1953 HMAC_Init_ex(hctx, most_recent_key.hmac_secret, > sizeof(most_recent_key.hmac_secret), evp_md_func, NULL); > 1954 > 1955 Debug("ssl", "create ticket for a new session."); > 1956 SSL_INCREMENT_DYN_STAT(ssl_total_tickets_created_stat); > 1957 return 0; > 1958 } else if (enc == 0) { > {code} > the ssl_callback_session_ticket() should return 1 after create a new ticket > but 0 here. > and the traffic.out log for current ATS release: > {code} > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) create ticket for > a new session. > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info > ssl: 0x2b0544006840 where: 8193 ret: 1 > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info > ssl: 0x2b0544006840 where: 8193 ret: 1 > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info > ssl: 0x2b0544006840 where: 8193 ret: 1 > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info > ssl: 0x2b0544006840 where: 8193 ret: 1 > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info > ssl: 0x2b0544006840 where: 32 ret: 1 > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info > ssl: 0x2b0544006840 where: 8194 ret: 1 > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) trace=FALSE > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) SSL server > handshake completed successfully > {code} > the traffic.out log if return 1 here: > {code} > [Dec 30 12:47:16.838] Server {0x2b6ec9340700} DEBUG: (ssl) create ticket for > a new session. > [Dec 30 12:47:16.838] Server {0x2b6ec9340700} DEBUG: (ssl) trace=FALSE > [Dec 30 12:47:16.838] Server {0x2b6ec9340700} DEBUG: (ssl) SSL server > handshake completed successfully > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (TS-4104) wrong return value while create a new ticket on ssl_callback_session_ticket()
[ https://issues.apache.org/jira/browse/TS-4104?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Leif Hedstrom updated TS-4104: -- Fix Version/s: (was: 6.2.0) 6.1.0 > wrong return value while create a new ticket on ssl_callback_session_ticket() > - > > Key: TS-4104 > URL: https://issues.apache.org/jira/browse/TS-4104 > Project: Traffic Server > Issue Type: Bug > Components: SSL >Reporter: Oknet Xu > Fix For: 6.1.0 > > > from openssl online document: > https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_tlsext_ticket_key_cb.html > The return value of the cb function is used by OpenSSL to determine what > further processing will occur. The following return values have meaning: > 2 > This indicates that the ctx and hctx have been set and the session can > continue on those parameters. Additionally it indicates that the session > ticket is in a renewal period and should be replaced. The OpenSSL library > will call cb again with an enc argument of 1 to set the new ticket (see > RFC5077 3.3 paragraph 2). > 1 > This indicates that the ctx and hctx have been set and the session can > continue on those parameters. > 0 > This indicates that it was not possible to set/retrieve a session ticket and > the SSL/TLS session will continue by by negotiating a set of cryptographic > parameters or using the alternate SSL/TLS resumption mechanism, session ids. > If called with enc equal to 0 the library will call the cb again to get a new > set of parameters. > less than 0 > This indicates an error. > {code} > 1948 if (enc == 1) { > 1949 const ssl_ticket_key_t &most_recent_key = keyblock->keys[0]; > 1950 memcpy(keyname, most_recent_key.key_name, > sizeof(most_recent_key.key_name)); > 1951 RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH); > 1952 EVP_EncryptInit_ex(cipher_ctx, EVP_aes_128_cbc(), NULL, > most_recent_key.aes_key, iv); > 1953 HMAC_Init_ex(hctx, most_recent_key.hmac_secret, > sizeof(most_recent_key.hmac_secret), evp_md_func, NULL); > 1954 > 1955 Debug("ssl", "create ticket for a new session."); > 1956 SSL_INCREMENT_DYN_STAT(ssl_total_tickets_created_stat); > 1957 return 0; > 1958 } else if (enc == 0) { > {code} > the ssl_callback_session_ticket() should return 1 after create a new ticket > but 0 here. > and the traffic.out log for current ATS release: > {code} > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) create ticket for > a new session. > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info > ssl: 0x2b0544006840 where: 8193 ret: 1 > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info > ssl: 0x2b0544006840 where: 8193 ret: 1 > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info > ssl: 0x2b0544006840 where: 8193 ret: 1 > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info > ssl: 0x2b0544006840 where: 8193 ret: 1 > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info > ssl: 0x2b0544006840 where: 32 ret: 1 > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info > ssl: 0x2b0544006840 where: 8194 ret: 1 > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) trace=FALSE > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) SSL server > handshake completed successfully > {code} > the traffic.out log if return 1 here: > {code} > [Dec 30 12:47:16.838] Server {0x2b6ec9340700} DEBUG: (ssl) create ticket for > a new session. > [Dec 30 12:47:16.838] Server {0x2b6ec9340700} DEBUG: (ssl) trace=FALSE > [Dec 30 12:47:16.838] Server {0x2b6ec9340700} DEBUG: (ssl) SSL server > handshake completed successfully > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (TS-4104) wrong return value while create a new ticket on ssl_callback_session_ticket()
[ https://issues.apache.org/jira/browse/TS-4104?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Leif Hedstrom updated TS-4104: -- Fix Version/s: 6.2.0 > wrong return value while create a new ticket on ssl_callback_session_ticket() > - > > Key: TS-4104 > URL: https://issues.apache.org/jira/browse/TS-4104 > Project: Traffic Server > Issue Type: Bug > Components: SSL >Reporter: Oknet Xu > Fix For: 6.2.0 > > > from openssl online document: > https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_tlsext_ticket_key_cb.html > The return value of the cb function is used by OpenSSL to determine what > further processing will occur. The following return values have meaning: > 2 > This indicates that the ctx and hctx have been set and the session can > continue on those parameters. Additionally it indicates that the session > ticket is in a renewal period and should be replaced. The OpenSSL library > will call cb again with an enc argument of 1 to set the new ticket (see > RFC5077 3.3 paragraph 2). > 1 > This indicates that the ctx and hctx have been set and the session can > continue on those parameters. > 0 > This indicates that it was not possible to set/retrieve a session ticket and > the SSL/TLS session will continue by by negotiating a set of cryptographic > parameters or using the alternate SSL/TLS resumption mechanism, session ids. > If called with enc equal to 0 the library will call the cb again to get a new > set of parameters. > less than 0 > This indicates an error. > {code} > 1948 if (enc == 1) { > 1949 const ssl_ticket_key_t &most_recent_key = keyblock->keys[0]; > 1950 memcpy(keyname, most_recent_key.key_name, > sizeof(most_recent_key.key_name)); > 1951 RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH); > 1952 EVP_EncryptInit_ex(cipher_ctx, EVP_aes_128_cbc(), NULL, > most_recent_key.aes_key, iv); > 1953 HMAC_Init_ex(hctx, most_recent_key.hmac_secret, > sizeof(most_recent_key.hmac_secret), evp_md_func, NULL); > 1954 > 1955 Debug("ssl", "create ticket for a new session."); > 1956 SSL_INCREMENT_DYN_STAT(ssl_total_tickets_created_stat); > 1957 return 0; > 1958 } else if (enc == 0) { > {code} > the ssl_callback_session_ticket() should return 1 after create a new ticket > but 0 here. > and the traffic.out log for current ATS release: > {code} > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) create ticket for > a new session. > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info > ssl: 0x2b0544006840 where: 8193 ret: 1 > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info > ssl: 0x2b0544006840 where: 8193 ret: 1 > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info > ssl: 0x2b0544006840 where: 8193 ret: 1 > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info > ssl: 0x2b0544006840 where: 8193 ret: 1 > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info > ssl: 0x2b0544006840 where: 32 ret: 1 > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info > ssl: 0x2b0544006840 where: 8194 ret: 1 > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) trace=FALSE > [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) SSL server > handshake completed successfully > {code} > the traffic.out log if return 1 here: > {code} > [Dec 30 12:47:16.838] Server {0x2b6ec9340700} DEBUG: (ssl) create ticket for > a new session. > [Dec 30 12:47:16.838] Server {0x2b6ec9340700} DEBUG: (ssl) trace=FALSE > [Dec 30 12:47:16.838] Server {0x2b6ec9340700} DEBUG: (ssl) SSL server > handshake completed successfully > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)