[jira] [Updated] (TS-4104) Wrong return value while create a new ticket on ssl_callback_session_ticket()
[
https://issues.apache.org/jira/browse/TS-4104?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Leif Hedstrom updated TS-4104:
--
Summary: Wrong return value while create a new ticket on
ssl_callback_session_ticket() (was: wrong return value while create a new
ticket on ssl_callback_session_ticket())
> Wrong return value while create a new ticket on ssl_callback_session_ticket()
> -
>
> Key: TS-4104
> URL: https://issues.apache.org/jira/browse/TS-4104
> Project: Traffic Server
> Issue Type: Bug
> Components: SSL
>Affects Versions: 6.0.0, 6.1.0
>Reporter: Oknet Xu
>Assignee: Bryan Call
> Fix For: 6.2.0
>
>
> from openssl online document:
> https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_tlsext_ticket_key_cb.html
> The return value of the cb function is used by OpenSSL to determine what
> further processing will occur. The following return values have meaning:
> 2
> This indicates that the ctx and hctx have been set and the session can
> continue on those parameters. Additionally it indicates that the session
> ticket is in a renewal period and should be replaced. The OpenSSL library
> will call cb again with an enc argument of 1 to set the new ticket (see
> RFC5077 3.3 paragraph 2).
> 1
> This indicates that the ctx and hctx have been set and the session can
> continue on those parameters.
> 0
> This indicates that it was not possible to set/retrieve a session ticket and
> the SSL/TLS session will continue by by negotiating a set of cryptographic
> parameters or using the alternate SSL/TLS resumption mechanism, session ids.
> If called with enc equal to 0 the library will call the cb again to get a new
> set of parameters.
> less than 0
> This indicates an error.
> {code}
> 1948 if (enc == 1) {
> 1949 const ssl_ticket_key_t &most_recent_key = keyblock->keys[0];
> 1950 memcpy(keyname, most_recent_key.key_name,
> sizeof(most_recent_key.key_name));
> 1951 RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH);
> 1952 EVP_EncryptInit_ex(cipher_ctx, EVP_aes_128_cbc(), NULL,
> most_recent_key.aes_key, iv);
> 1953 HMAC_Init_ex(hctx, most_recent_key.hmac_secret,
> sizeof(most_recent_key.hmac_secret), evp_md_func, NULL);
> 1954
> 1955 Debug("ssl", "create ticket for a new session.");
> 1956 SSL_INCREMENT_DYN_STAT(ssl_total_tickets_created_stat);
> 1957 return 0;
> 1958 } else if (enc == 0) {
> {code}
> the ssl_callback_session_ticket() should return 1 after create a new ticket
> but 0 here.
> and the traffic.out log for current ATS release:
> {code}
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) create ticket for
> a new session.
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info
> ssl: 0x2b0544006840 where: 8193 ret: 1
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info
> ssl: 0x2b0544006840 where: 8193 ret: 1
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info
> ssl: 0x2b0544006840 where: 8193 ret: 1
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info
> ssl: 0x2b0544006840 where: 8193 ret: 1
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info
> ssl: 0x2b0544006840 where: 32 ret: 1
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info
> ssl: 0x2b0544006840 where: 8194 ret: 1
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) trace=FALSE
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) SSL server
> handshake completed successfully
> {code}
> the traffic.out log if return 1 here:
> {code}
> [Dec 30 12:47:16.838] Server {0x2b6ec9340700} DEBUG: (ssl) create ticket for
> a new session.
> [Dec 30 12:47:16.838] Server {0x2b6ec9340700} DEBUG: (ssl) trace=FALSE
> [Dec 30 12:47:16.838] Server {0x2b6ec9340700} DEBUG: (ssl) SSL server
> handshake completed successfully
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (TS-4104) wrong return value while create a new ticket on ssl_callback_session_ticket()
[
https://issues.apache.org/jira/browse/TS-4104?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Bryan Call updated TS-4104:
---
Affects Version/s: 6.1.0
6.0.0
> wrong return value while create a new ticket on ssl_callback_session_ticket()
> -
>
> Key: TS-4104
> URL: https://issues.apache.org/jira/browse/TS-4104
> Project: Traffic Server
> Issue Type: Bug
> Components: SSL
>Affects Versions: 6.0.0, 6.1.0
>Reporter: Oknet Xu
>Assignee: Bryan Call
> Fix For: 6.2.0
>
>
> from openssl online document:
> https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_tlsext_ticket_key_cb.html
> The return value of the cb function is used by OpenSSL to determine what
> further processing will occur. The following return values have meaning:
> 2
> This indicates that the ctx and hctx have been set and the session can
> continue on those parameters. Additionally it indicates that the session
> ticket is in a renewal period and should be replaced. The OpenSSL library
> will call cb again with an enc argument of 1 to set the new ticket (see
> RFC5077 3.3 paragraph 2).
> 1
> This indicates that the ctx and hctx have been set and the session can
> continue on those parameters.
> 0
> This indicates that it was not possible to set/retrieve a session ticket and
> the SSL/TLS session will continue by by negotiating a set of cryptographic
> parameters or using the alternate SSL/TLS resumption mechanism, session ids.
> If called with enc equal to 0 the library will call the cb again to get a new
> set of parameters.
> less than 0
> This indicates an error.
> {code}
> 1948 if (enc == 1) {
> 1949 const ssl_ticket_key_t &most_recent_key = keyblock->keys[0];
> 1950 memcpy(keyname, most_recent_key.key_name,
> sizeof(most_recent_key.key_name));
> 1951 RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH);
> 1952 EVP_EncryptInit_ex(cipher_ctx, EVP_aes_128_cbc(), NULL,
> most_recent_key.aes_key, iv);
> 1953 HMAC_Init_ex(hctx, most_recent_key.hmac_secret,
> sizeof(most_recent_key.hmac_secret), evp_md_func, NULL);
> 1954
> 1955 Debug("ssl", "create ticket for a new session.");
> 1956 SSL_INCREMENT_DYN_STAT(ssl_total_tickets_created_stat);
> 1957 return 0;
> 1958 } else if (enc == 0) {
> {code}
> the ssl_callback_session_ticket() should return 1 after create a new ticket
> but 0 here.
> and the traffic.out log for current ATS release:
> {code}
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) create ticket for
> a new session.
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info
> ssl: 0x2b0544006840 where: 8193 ret: 1
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info
> ssl: 0x2b0544006840 where: 8193 ret: 1
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info
> ssl: 0x2b0544006840 where: 8193 ret: 1
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info
> ssl: 0x2b0544006840 where: 8193 ret: 1
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info
> ssl: 0x2b0544006840 where: 32 ret: 1
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info
> ssl: 0x2b0544006840 where: 8194 ret: 1
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) trace=FALSE
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) SSL server
> handshake completed successfully
> {code}
> the traffic.out log if return 1 here:
> {code}
> [Dec 30 12:47:16.838] Server {0x2b6ec9340700} DEBUG: (ssl) create ticket for
> a new session.
> [Dec 30 12:47:16.838] Server {0x2b6ec9340700} DEBUG: (ssl) trace=FALSE
> [Dec 30 12:47:16.838] Server {0x2b6ec9340700} DEBUG: (ssl) SSL server
> handshake completed successfully
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (TS-4104) wrong return value while create a new ticket on ssl_callback_session_ticket()
[
https://issues.apache.org/jira/browse/TS-4104?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Leif Hedstrom updated TS-4104:
--
Fix Version/s: (was: 6.1.0)
6.2.0
> wrong return value while create a new ticket on ssl_callback_session_ticket()
> -
>
> Key: TS-4104
> URL: https://issues.apache.org/jira/browse/TS-4104
> Project: Traffic Server
> Issue Type: Bug
> Components: SSL
>Reporter: Oknet Xu
> Fix For: 6.2.0
>
>
> from openssl online document:
> https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_tlsext_ticket_key_cb.html
> The return value of the cb function is used by OpenSSL to determine what
> further processing will occur. The following return values have meaning:
> 2
> This indicates that the ctx and hctx have been set and the session can
> continue on those parameters. Additionally it indicates that the session
> ticket is in a renewal period and should be replaced. The OpenSSL library
> will call cb again with an enc argument of 1 to set the new ticket (see
> RFC5077 3.3 paragraph 2).
> 1
> This indicates that the ctx and hctx have been set and the session can
> continue on those parameters.
> 0
> This indicates that it was not possible to set/retrieve a session ticket and
> the SSL/TLS session will continue by by negotiating a set of cryptographic
> parameters or using the alternate SSL/TLS resumption mechanism, session ids.
> If called with enc equal to 0 the library will call the cb again to get a new
> set of parameters.
> less than 0
> This indicates an error.
> {code}
> 1948 if (enc == 1) {
> 1949 const ssl_ticket_key_t &most_recent_key = keyblock->keys[0];
> 1950 memcpy(keyname, most_recent_key.key_name,
> sizeof(most_recent_key.key_name));
> 1951 RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH);
> 1952 EVP_EncryptInit_ex(cipher_ctx, EVP_aes_128_cbc(), NULL,
> most_recent_key.aes_key, iv);
> 1953 HMAC_Init_ex(hctx, most_recent_key.hmac_secret,
> sizeof(most_recent_key.hmac_secret), evp_md_func, NULL);
> 1954
> 1955 Debug("ssl", "create ticket for a new session.");
> 1956 SSL_INCREMENT_DYN_STAT(ssl_total_tickets_created_stat);
> 1957 return 0;
> 1958 } else if (enc == 0) {
> {code}
> the ssl_callback_session_ticket() should return 1 after create a new ticket
> but 0 here.
> and the traffic.out log for current ATS release:
> {code}
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) create ticket for
> a new session.
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info
> ssl: 0x2b0544006840 where: 8193 ret: 1
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info
> ssl: 0x2b0544006840 where: 8193 ret: 1
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info
> ssl: 0x2b0544006840 where: 8193 ret: 1
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info
> ssl: 0x2b0544006840 where: 8193 ret: 1
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info
> ssl: 0x2b0544006840 where: 32 ret: 1
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info
> ssl: 0x2b0544006840 where: 8194 ret: 1
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) trace=FALSE
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) SSL server
> handshake completed successfully
> {code}
> the traffic.out log if return 1 here:
> {code}
> [Dec 30 12:47:16.838] Server {0x2b6ec9340700} DEBUG: (ssl) create ticket for
> a new session.
> [Dec 30 12:47:16.838] Server {0x2b6ec9340700} DEBUG: (ssl) trace=FALSE
> [Dec 30 12:47:16.838] Server {0x2b6ec9340700} DEBUG: (ssl) SSL server
> handshake completed successfully
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (TS-4104) wrong return value while create a new ticket on ssl_callback_session_ticket()
[
https://issues.apache.org/jira/browse/TS-4104?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Leif Hedstrom updated TS-4104:
--
Fix Version/s: (was: 6.2.0)
6.1.0
> wrong return value while create a new ticket on ssl_callback_session_ticket()
> -
>
> Key: TS-4104
> URL: https://issues.apache.org/jira/browse/TS-4104
> Project: Traffic Server
> Issue Type: Bug
> Components: SSL
>Reporter: Oknet Xu
> Fix For: 6.1.0
>
>
> from openssl online document:
> https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_tlsext_ticket_key_cb.html
> The return value of the cb function is used by OpenSSL to determine what
> further processing will occur. The following return values have meaning:
> 2
> This indicates that the ctx and hctx have been set and the session can
> continue on those parameters. Additionally it indicates that the session
> ticket is in a renewal period and should be replaced. The OpenSSL library
> will call cb again with an enc argument of 1 to set the new ticket (see
> RFC5077 3.3 paragraph 2).
> 1
> This indicates that the ctx and hctx have been set and the session can
> continue on those parameters.
> 0
> This indicates that it was not possible to set/retrieve a session ticket and
> the SSL/TLS session will continue by by negotiating a set of cryptographic
> parameters or using the alternate SSL/TLS resumption mechanism, session ids.
> If called with enc equal to 0 the library will call the cb again to get a new
> set of parameters.
> less than 0
> This indicates an error.
> {code}
> 1948 if (enc == 1) {
> 1949 const ssl_ticket_key_t &most_recent_key = keyblock->keys[0];
> 1950 memcpy(keyname, most_recent_key.key_name,
> sizeof(most_recent_key.key_name));
> 1951 RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH);
> 1952 EVP_EncryptInit_ex(cipher_ctx, EVP_aes_128_cbc(), NULL,
> most_recent_key.aes_key, iv);
> 1953 HMAC_Init_ex(hctx, most_recent_key.hmac_secret,
> sizeof(most_recent_key.hmac_secret), evp_md_func, NULL);
> 1954
> 1955 Debug("ssl", "create ticket for a new session.");
> 1956 SSL_INCREMENT_DYN_STAT(ssl_total_tickets_created_stat);
> 1957 return 0;
> 1958 } else if (enc == 0) {
> {code}
> the ssl_callback_session_ticket() should return 1 after create a new ticket
> but 0 here.
> and the traffic.out log for current ATS release:
> {code}
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) create ticket for
> a new session.
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info
> ssl: 0x2b0544006840 where: 8193 ret: 1
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info
> ssl: 0x2b0544006840 where: 8193 ret: 1
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info
> ssl: 0x2b0544006840 where: 8193 ret: 1
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info
> ssl: 0x2b0544006840 where: 8193 ret: 1
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info
> ssl: 0x2b0544006840 where: 32 ret: 1
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info
> ssl: 0x2b0544006840 where: 8194 ret: 1
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) trace=FALSE
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) SSL server
> handshake completed successfully
> {code}
> the traffic.out log if return 1 here:
> {code}
> [Dec 30 12:47:16.838] Server {0x2b6ec9340700} DEBUG: (ssl) create ticket for
> a new session.
> [Dec 30 12:47:16.838] Server {0x2b6ec9340700} DEBUG: (ssl) trace=FALSE
> [Dec 30 12:47:16.838] Server {0x2b6ec9340700} DEBUG: (ssl) SSL server
> handshake completed successfully
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (TS-4104) wrong return value while create a new ticket on ssl_callback_session_ticket()
[
https://issues.apache.org/jira/browse/TS-4104?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Leif Hedstrom updated TS-4104:
--
Fix Version/s: 6.2.0
> wrong return value while create a new ticket on ssl_callback_session_ticket()
> -
>
> Key: TS-4104
> URL: https://issues.apache.org/jira/browse/TS-4104
> Project: Traffic Server
> Issue Type: Bug
> Components: SSL
>Reporter: Oknet Xu
> Fix For: 6.2.0
>
>
> from openssl online document:
> https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_tlsext_ticket_key_cb.html
> The return value of the cb function is used by OpenSSL to determine what
> further processing will occur. The following return values have meaning:
> 2
> This indicates that the ctx and hctx have been set and the session can
> continue on those parameters. Additionally it indicates that the session
> ticket is in a renewal period and should be replaced. The OpenSSL library
> will call cb again with an enc argument of 1 to set the new ticket (see
> RFC5077 3.3 paragraph 2).
> 1
> This indicates that the ctx and hctx have been set and the session can
> continue on those parameters.
> 0
> This indicates that it was not possible to set/retrieve a session ticket and
> the SSL/TLS session will continue by by negotiating a set of cryptographic
> parameters or using the alternate SSL/TLS resumption mechanism, session ids.
> If called with enc equal to 0 the library will call the cb again to get a new
> set of parameters.
> less than 0
> This indicates an error.
> {code}
> 1948 if (enc == 1) {
> 1949 const ssl_ticket_key_t &most_recent_key = keyblock->keys[0];
> 1950 memcpy(keyname, most_recent_key.key_name,
> sizeof(most_recent_key.key_name));
> 1951 RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH);
> 1952 EVP_EncryptInit_ex(cipher_ctx, EVP_aes_128_cbc(), NULL,
> most_recent_key.aes_key, iv);
> 1953 HMAC_Init_ex(hctx, most_recent_key.hmac_secret,
> sizeof(most_recent_key.hmac_secret), evp_md_func, NULL);
> 1954
> 1955 Debug("ssl", "create ticket for a new session.");
> 1956 SSL_INCREMENT_DYN_STAT(ssl_total_tickets_created_stat);
> 1957 return 0;
> 1958 } else if (enc == 0) {
> {code}
> the ssl_callback_session_ticket() should return 1 after create a new ticket
> but 0 here.
> and the traffic.out log for current ATS release:
> {code}
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) create ticket for
> a new session.
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info
> ssl: 0x2b0544006840 where: 8193 ret: 1
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info
> ssl: 0x2b0544006840 where: 8193 ret: 1
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info
> ssl: 0x2b0544006840 where: 8193 ret: 1
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info
> ssl: 0x2b0544006840 where: 8193 ret: 1
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info
> ssl: 0x2b0544006840 where: 32 ret: 1
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) ssl_callback_info
> ssl: 0x2b0544006840 where: 8194 ret: 1
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) trace=FALSE
> [Dec 28 21:01:12.742] Server {0x2b052fe4b700} DEBUG: (ssl) SSL server
> handshake completed successfully
> {code}
> the traffic.out log if return 1 here:
> {code}
> [Dec 30 12:47:16.838] Server {0x2b6ec9340700} DEBUG: (ssl) create ticket for
> a new session.
> [Dec 30 12:47:16.838] Server {0x2b6ec9340700} DEBUG: (ssl) trace=FALSE
> [Dec 30 12:47:16.838] Server {0x2b6ec9340700} DEBUG: (ssl) SSL server
> handshake completed successfully
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
