El vie., 14 feb. 2020 a las 22:59, Laurent Bercot escribió:
>
> Indeed, the client's error message indicates that the handshake did
> not complete. But in that case, that would mean the error is in
> libtls, not s6-tlsd.
If this turns out to be a bug in LibreSSL triggered by the OP's
particular
Do you think that the handshake completes? I'm not sure that execution
is even reaching the stls_run() call; the segfault could have happened
during the tls_handshake() call in stls_s6tlsd() (i.e. while executing
LibreSSL code), and the tls_handshake() call in stls_s6tlsc() would
report a failed
El jue., 13 feb. 2020 a las 6:50, Laurent Bercot escribió:
>
> >So I guess that means there is either a bug in LibreSSL (oh no), or in
> >s6-networking's LibreSSL code?
>
> Probably the latter; given your trace, it seems to be the tunnel code
> not handling it correctly when it receives a EOF
> Could you please try with the latest gits and see if you still
> experience the crash?
Unfortunately, LibreSSL is still crashing for me with the latest gits,
and in the exact same way. I have an strace on hand if you want, though
I don't know if that might reveal very much:
I am unable to reproduce the problem on x86_64 with LibreSSL 3.0.2 and
the latest git heads of the skarnet.org software stack. I haven't tried
with the latest stable releases (the next ones are due soon).
Could you please try with the latest gits and see if you still
experience the crash?
So I guess that means there is either a bug in LibreSSL (oh no), or in
s6-networking's LibreSSL code?
Probably the latter; given your trace, it seems to be the tunnel code
not handling it correctly when it receives a EOF just after the
handshake.
I don't have time to debug it right now, but
Update: just to try it, I rebuilt the current release of s6-networking
against BearSSL, and things are working perfectly…
So I guess that means there is either a bug in LibreSSL (oh no), or in
s6-networking's LibreSSL code?
—ilaia
(Apologies, I accidentally replied directly to Laurent instead of the
mailing list, and only just noticed.)
> Did you build s6-networking against bearssl or libressl, and which
> version are you using?
Sorry, should have mentioned that. libressl, v3.0.2, as provided by Void
Linux
> Can you
s6-tcpserver4d: info: end pid 29407 ip [redacted] signal 11
"signal 11" is a segfault, so you may have found a bug in s6-tlsd, but
I haven't managed to reproduce it.
Did you build s6-networking against bearssl or libressl, and which
version are you using?
Can you please do a "strace -vf -s