[sr-dev] massive TLS crashes
Klaus Darilion
klaus.mailinglists at pernau.at
Tue Feb 23 08:40:31 CET 2010
Hi Andrei!
Am 22.02.2010 20:00, schrieb Andrei Pelinescu-Onciul:
> What exactly did you need to do for reproducing it with a snom (any
> settings you think there might be relevant both on the phone and in the
> tls handling in the script)?
I think the script is not relevant. Seems like it crashes immediately
with the first TLS request before entering script.
[1323]: DEBUG: <core> [ip_addr.c:116]: tcpconn_new: new tcp connection:
83.136.33.3
[1323]: DEBUG: <core> [tcp_main.c:1052]: tcpconn_new: on port 2239, type 3
[1323]: DEBUG: <core> [tcp_main.c:1351]: tcpconn_add: hashes:
638:2058:3048, 1
[1323]: DEBUG: <core> [io_wait.h:361]: DBG: io_watch_add(0x8217f60, 27,
2, 0xb60e6390), fd_no=19
[1323]: DEBUG: <core> [io_wait.h:588]: DBG: io_watch_del (0x8217f60, 27,
-1, 0x0) fd_no=20 called
[1323]: DEBUG: <core> [tcp_main.c:3627]: tcp: DBG: sendig to child, events 1
[1323]: DEBUG: <core> [tcp_main.c:3336]: send2child: to tcp child 0
10(1319), 0xb60e6390
[1319]: DEBUG: <core> [tcp_read.c:884]: received n=4 con=0xb60e6390, fd=8
[1319]: DEBUG: tls [tls_server.c:109]: Using TLS domain TLSs<default>
[1323]: : <core> [pass_fd.c:283]: ERROR: receive_fd: EOF on 18
[1323]: DEBUG: <core> [tcp_main.c:3038]: DBG: handle_ser_child: dead
child 10, pid 1319 (shutting down?)
[1323]: DEBUG: <core> [io_wait.h:588]: DBG: io_watch_del (0x8217f60, 18,
-1, 0x0) fd_no=19 called
[1323]: DEBUG: <core> [tcp_main.c:2826]: DBG: handle_tcp_child: dead tcp
child 0 (pid 1319, no 10) (shutting down?)
[1323]: DEBUG: <core> [io_wait.h:588]: DBG: io_watch_del (0x8217f60, 20,
-1, 0x0) fd_no=18 called
[1297]: ALERT: <core> [main.c:722]: child process 1319 exited by a signal 11
Attached is the complete log file from kamailio startup until crash with
first message.
Further I have attached the bt of the generated cores (2 cores were
generated). As you already said this looks like a bug in openssl.
# cat /etc/redhat-release
CentOS release 5.4 (Final)
# rpm -qa|grep ssl
openssl-devel-0.9.8e-12.el5_4.1
openssl-0.9.8e-12.el5_4.1
Strangly, the ciphers announced by SNOM do not indicate Kerberos at all:
SSL Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 63
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 59
Version: TLS 1.0 (0x0301)
Random
Session ID Length: 0
Cipher Suites Length: 20
Cipher Suites (10 suites)
Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
Cipher Suite: TLS_RSA_WITH_NULL_MD5 (0x0001)
Cipher Suite: TLS_RSA_WITH_NULL_SHA (0x0002)
Cipher Suite: TLS_DH_anon_WITH_3DES_EDE_CBC_SHA (0x001b)
Cipher Suite: TLS_DH_anon_WITH_RC4_128_MD5 (0x0018)
Cipher Suite: TLS_RSA_WITH_DES_CBC_SHA (0x0009)
Cipher Suite: TLS_RSA_EXPORT1024_WITH_RC4_56_SHA (0x0064)
Cipher Suite: TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA (0x0062)
Cipher Suite: TLS_DH_anon_WITH_DES_CBC_SHA (0x001a)
Compression Methods Length: 1
Compression Methods (1 method)
Compression Method: null (0)
Attached is also the pcap file of the SNOM phone.
regards
Klaus
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: backtraces.txt
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20100223/aa84918d/attachment-0001.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: kamailio-core.1199+core1259.log
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20100223/aa84918d/attachment-0001.asc>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kamailio-crash-snom320-fw8.2.24.pcap
Type: application/octet-stream
Size: 764 bytes
Desc: not available
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20100223/aa84918d/attachment-0001.obj>
More information about the sr-dev
mailing list