El vie., 14 feb. 2020 a las 22:59, Laurent Bercot escribió: > > Indeed, the client's error message indicates that the handshake did > not complete. But in that case, that would mean the error is in > libtls, not s6-tlsd.
If this turns out to be a bug in LibreSSL triggered by the OP's particular certificate and key, it will be hard to debug. It could be worth trying to obtain a backtrace with GDB. s6-networking and skalibs would have to be rebuilt with debugging symbols (CFLAGS=-ggdb ./configure $configure-arguments), and debugging symbols for LibreSSL would also have to be installed, which apparently is possible on Void: * https://docs.voidlinux.org/xbps/repositories/official/debug.html Then I'd try launching s6-tlsserver with: $(which export) CERTFILE /etc/letsencrypt/live/$REDACTED/fullchain.pem \ $(which export) KEYFILE /etc/letsencrypt/live/$REDACTED/privkey.pem \ s6-tcpserver 0.0.0.0 443 ./script where 'script' is: #!/bin/execlineb -P # Possibly drop privileges with s6-setuidgid getpid PID importas -u PID PID background -d { redirfd -w 1 gdb-output.txt gdb -batch -ex continue -ex bt s6-tlsd $PID } s6-tlsd exit 0 This should hopefully attach the s6-tlsd process to GDB in batch mode, and when the s6-tlsclient invocation makes it segfault, create a backtrace in file gdb-output.txt. I don't have s6-networking, but this works for me when used with s6-ipcserver and a test program that raises SIGSEGV on purpose: $ cat test-program.c #include <signal.h> #include <unistd.h> void do_it_for_real () { sleep(5); raise(SIGSEGV); } void do_it () { do_it_for_real(); } int main () { do_it(); return 0; } $ s6-ipcserver -v socket ./script & s6-ipcserverd: info: starting s6-ipcserverd: info: status: 0/40 $ s6-ipcclient socket exit 0 s6-ipcserverd: info: allow 1000:1000 pid 556 count 1/40 s6-ipcserverd: info: status: 1/40 s6-ipcserverd: info: end pid 556 uid 1000 signal 11 s6-ipcserverd: info: status: 0/40 $ cat gdb-output.txt 0x00007fe21b52f3a8 in nanosleep () from /lib64/libc.so.6 Program received signal SIGSEGV, Segmentation fault. 0x00007fe21b498ec1 in raise () from /lib64/libc.so.6 #0 0x00007fe21b498ec1 in raise () from /lib64/libc.so.6 #1 0x000056114282316d in do_it_for_real () at test-program.c:6 #2 0x000056114282317e in do_it () at test-program.c:10 #3 0x000056114282318f in main () at test-program.c:14 [Inferior 1 (process 556) detached] Hope that helps, G.