[DragonFlyBSD - Bug #2258] engine padlock broken in openssl on c
Issue #2258 has been updated by Alex Hornung.
Try running some standalone tests with openssl itself, and also try
loading or unloading padlock.ko (depending on whether you've loaded it
now or not).
Cheers,
Alex
On 11/12/11 20:45, Jan Lentfer via Redmine wrote:
>
> Issue #2258 has been reported by Jan Lentfer.
>
> ----------------------------------------
> Bug #2258: engine padlock broken in openssl on current master
> http://bugs.dragonflybsd.org/issues/2258
>
> Author: Jan Lentfer
> Status: New
> Priority: Normal
> Assignee:
> Category:
> Target version:
>
>
> After Upgrading to v2.13.0.527.g95bf5 openvpn does not work any more
> with "engine padlock" enabled in server.conf.
>
> Seems engine padlock in openssl is broken. If I comment out "engine
> padlock" from server.conf, handshake works fine.
>
> I X-ed out private info in the certificates.
>
>
>
> Dec 11 21:38:10 epia openvpn[99939]: MULTI: multi_create_instance called
> Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 Re-using
> SSL/TLS context
> Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 LZO compression
> initialized
> Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 Control Channel
> MTU parms [ L:1562 D:138 EF:38 EB:0 ET:0 EL:0 ]
> Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 Data Channel
> MTU parms [ L:1562 D:1300 EF:62 EB:135 ET:0 EL:0 AF:3/1 ]
> Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 Fragmentation
> MTU parms [ L:1562 D:1300 EF:61 EB:135 ET:1 EL:0 AF:3/1 ]
> Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 Local Options
> String: 'V4,dev-type tun,link-mtu 1562,tun-mtu 1500,proto
> UDPv4,comp-lzo,mtu-dynamic,cipher AES-128-CBC,auth SHA1,keysize
> 128,key-method 2,tls-server'
> Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 Expected Remote
> Options String: 'V4,dev-type tun,link-mtu 1562,tun-mtu 1500,proto
> UDPv4,comp-lzo,mtu-dynamic,cipher AES-128-CBC,auth SHA1,keysize
> 128,key-method 2,tls-client'
> Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 Local Options
> hash (VER=V4): 'e11a9f86'
> Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 Expected Remote
> Options hash (VER=V4): '0c7fabe0'
> Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 TLS: Initial
> packet from 85.214.83.243:38599, sid=caa12d6f 165ba8e5
> Dec 11 21:38:11 epia openvpn[99939]: 85.214.83.243:38599 VERIFY OK:
> depth=1, /C=XX/ST=XXXXX/L=XXXXX/O=XXXXXXXXXXXXXXXXX
> Dec 11 21:38:11 epia openvpn[99939]: 85.214.83.243:38599 VERIFY OK:
> depth=0,
> /C=XX/ST=XXXXX/L=XXXX/O=XXXXXXXXXXXXXXXXXXXX/CN=XXXXX/emailAddress=XXXXXXXXXXXX
> Dec 11 21:38:11 epia openvpn[99939]: 85.214.83.243:38599 TLS_ERROR: BIO
> read tls_read_plaintext error: error:1408F119:SSL
> routines:SSL3_GET_RECORD:decryption failed or bad record mac
> Dec 11 21:38:11 epia openvpn[99939]: 85.214.83.243:38599 TLS Error: TLS
> object -> incoming plaintext read error
> Dec 11 21:38:11 epia openvpn[99939]: 85.214.83.243:38599 TLS Error: TLS
> handshake failed
> Dec 11 21:38:11 epia openvpn[99939]: 85.214.83.243:38599
> SIGUSR1[soft,tls-error] received, client-instance restarting
>
>
----------------------------------------
Bug #2258: engine padlock broken in openssl on current master
http://bugs.dragonflybsd.org/issues/2258
Author: Jan Lentfer
Status: New
Priority: Normal
Assignee:
Category:
Target version:
After Upgrading to v2.13.0.527.g95bf5 openvpn does not work any more
with "engine padlock" enabled in server.conf.
Seems engine padlock in openssl is broken. If I comment out "engine
padlock" from server.conf, handshake works fine.
I X-ed out private info in the certificates.
Dec 11 21:38:10 epia openvpn[99939]: MULTI: multi_create_instance called
Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 Re-using
SSL/TLS context
Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 LZO compression
initialized
Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 Control Channel
MTU parms [ L:1562 D:138 EF:38 EB:0 ET:0 EL:0 ]
Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 Data Channel
MTU parms [ L:1562 D:1300 EF:62 EB:135 ET:0 EL:0 AF:3/1 ]
Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 Fragmentation
MTU parms [ L:1562 D:1300 EF:61 EB:135 ET:1 EL:0 AF:3/1 ]
Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 Local Options
String: 'V4,dev-type tun,link-mtu 1562,tun-mtu 1500,proto
UDPv4,comp-lzo,mtu-dynamic,cipher AES-128-CBC,auth SHA1,keysize
128,key-method 2,tls-server'
Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 Expected Remote
Options String: 'V4,dev-type tun,link-mtu 1562,tun-mtu 1500,proto
UDPv4,comp-lzo,mtu-dynamic,cipher AES-128-CBC,auth SHA1,keysize
128,key-method 2,tls-client'
Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 Local Options
hash (VER=V4): 'e11a9f86'
Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 Expected Remote
Options hash (VER=V4): '0c7fabe0'
Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 TLS: Initial
packet from 85.214.83.243:38599, sid=caa12d6f 165ba8e5
Dec 11 21:38:11 epia openvpn[99939]: 85.214.83.243:38599 VERIFY OK:
depth=1, /C=XX/ST=XXXXX/L=XXXXX/O=XXXXXXXXXXXXXXXXX
Dec 11 21:38:11 epia openvpn[99939]: 85.214.83.243:38599 VERIFY OK:
depth=0,
/C=XX/ST=XXXXX/L=XXXX/O=XXXXXXXXXXXXXXXXXXXX/CN=XXXXX/emailAddress=XXXXXXXXXXXX
Dec 11 21:38:11 epia openvpn[99939]: 85.214.83.243:38599 TLS_ERROR: BIO
read tls_read_plaintext error: error:1408F119:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac
Dec 11 21:38:11 epia openvpn[99939]: 85.214.83.243:38599 TLS Error: TLS
object -> incoming plaintext read error
Dec 11 21:38:11 epia openvpn[99939]: 85.214.83.243:38599 TLS Error: TLS
handshake failed
Dec 11 21:38:11 epia openvpn[99939]: 85.214.83.243:38599
SIGUSR1[soft,tls-error] received, client-instance restarting
--
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account
討論串 (同標題文章)
完整討論串 (本文為第 2 之 2 篇):