[Mod_nss-list] NSSSessionTickets causes some segfault in error log

Oliver Graute oliver.graute at gmail.com
Mon Feb 22 14:57:45 UTC 2016 

On 22/02/16, Rob Crittenden wrote:
> Oliver Graute wrote:
> > Hello,
> > 
> > I installed the mod_nss plugin in version 1.0.12 on my apache webserver,
> > TLS on Port 443 is working fine until I enable the new NSSSession ticket
> > feature in my nss.conf with:
> > 
> > #RFC 5077
> > NSSSessionTickets on
> > 
> > then something is broken, I see segfaults in my apache error log:
> > 
> > [Fri Feb 19 10:12:15.338660 2016] [mpm_prefork:notice] [pid 413] AH00163: Apache/2.4.16 (Unix) mod_nss/1.0.12 NSS/3.19.2 Basic ECC PHP/5.5.10 configured -- resuming normal operations
> > [Fri Feb 19 10:12:15.338843 2016] [mpm_prefork:info] [pid 413] AH00164: Server built: Feb 22 2016 12:44:38
> > [Fri Feb 19 10:12:15.339046 2016] [core:notice] [pid 413] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND -D SSL -D PHP5'
> > [Fri Feb 19 10:12:15.339160 2016] [mpm_prefork:debug] [pid 413] prefork.c(995): AH00165: Accept mutex: sysvsem (default: sysvsem)
> > [Fri Feb 19 10:12:15.386483 2016] [:debug] [pid 416] nss_engine_init.c(286): SNI is enabled
> > [Fri Feb 19 10:12:15.386853 2016] [:info] [pid 416] Init: Seeding PRNG with 136 bytes of entropy
> > [Fri Feb 19 10:12:40.374175 2016] [core:notice] [pid 413] AH00052: child pid 416 exit signal Segmentation fault (11)
> > [Fri Feb 19 10:12:41.496820 2016] [:debug] [pid 423] nss_engine_init.c(286): SNI is enabled
> > [Fri Feb 19 10:12:41.497224 2016] [:info] [pid 423] Init: Seeding PRNG with 136 bytes of entropy
> > [Fri Feb 19 10:12:42.388948 2016] [core:notice] [pid 413] AH00052: child pid 423 exit signal Segmentation fault (11)
> > [Fri Feb 19 10:12:43.508779 2016] [:debug] [pid 424] nss_engine_init.c(286): SNI is enabled
> > [Fri Feb 19 10:12:43.509217 2016] [:info] [pid 424] Init: Seeding PRNG with 136 bytes of entropy
> > [Fri Feb 19 10:12:44.404130 2016] [core:notice] [pid 413] AH00052: child pid 424 exit signal Segmentation fault (11)
> > 
> > 
> > and in Chrome Browser I got:
> > 
> > ERR_SSL_VERSION_OR_CIPHER_MISMATCH
> > 
> > I tested also a basic ssl client connection with openssl:
> > 
> > openssl s_client -connect 192.168.1.229:443 -state -debug
> > 
> > SSL_connect:SSLv3 read server certificate A
> > SSL_connect:SSLv3 read server key exchange A
> > SSL_connect:SSLv3 read server done A
> > write to 0x205dec0 [0x206dd50] (75 bytes => 75 (0x4B))
> > 0000 - 16 03 03 00 46 10 00 00-42 41 04 3d c7 93 63 45   ....F...BA.=..cE
> > 0010 - 79 41 11 bc 06 c0 b7 c6-d1 b5 33 d9 86 a6 d5 e9   yA........3.....
> > 0020 - 36 e4 2b ac 0e bc 70 d6-d6 8c a7 a9 3c dd 1b 0c   6.+...p.....<...
> > 0030 - 77 48 20 38 dd 1e c9 a1-05 6c 5c b6 c9 f4 99 f2   wH 8.....l\.....
> > 0040 - 1a 18 ae 81 63 71 65 90-e8 a5 b6                  ....cqe....
> > SSL_connect:SSLv3 write client key exchange A
> > write to 0x205dec0 [0x206dd50] (6 bytes => 6 (0x6))
> > 0000 - 14 03 03 00 01 01                                 ......
> > SSL_connect:SSLv3 write change cipher spec A
> > write to 0x205dec0 [0x206dd50] (45 bytes => 45 (0x2D))
> > 0000 - 16 03 03 00 28 b1 e0 60-8a 2c 97 cf a0 4f 97 ee   ....(..`.,...O..
> > 0010 - cd 8f 05 41 aa 50 a6 73-a3 4c 86 1e 5f 3c 7b 2b   ...A.P.s.L.._<{+
> > 0020 - 2d 7e 6a 68 dc 97 94 9d-91 15 c0 0e 27            -~jh........'
> > SSL_connect:SSLv3 write finished A
> > SSL_connect:SSLv3 flush data
> > read from 0x205dec0 [0x2063f83] (5 bytes => 0 (0x0))
> > SSL_connect:failed in SSLv3 read server session ticket A
> > 140123095688864:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
> > 
> > apache and mod_nss are build from the sources for an embedded yocto environment.
> > 
> > some ideas, whats going on here?
> 
> Can you get a stack trace from the core?

I can give you an strace, see below. Other stack tools are currently not
available, because I need to compile them first for my yocto
environment. If you need something special please tell me.

> This is Apache 2.4.x?

yes it is Apache 2.4.16

> Is it failing on a request or on startup?

its failing on every https request.

[Fri Feb 19 11:31:13.701795 2016] [:info] [pid 507] Using nickname localhost - xxxxxxxxx
root at xxx-box:/var/apache2/logs# strace -p 507
Process 507 attached
poll([{fd=26, events=POLLIN}], 1, 20000) = 1 ([{fd=26, revents=POLLIN}])
read(26, "", 8000)                      = 0
gettimeofday({1455877950, 980711}, NULL) = 0
gettimeofday({1455877950, 982582}, NULL) = 0
gettimeofday({1455877950, 984651}, NULL) = 0
write(16, "[Fri Feb 19 11:32:30.984651 2016"..., 131) = 131
shutdown(26, SHUT_WR)                   = 0
poll([{fd=26, events=POLLIN}], 1, 2000) = 1 ([{fd=26, revents=POLLIN|POLLHUP}])
read(26, "", 512)                       = 0
close(26)                               = 0
read(11, 0x7eb28a93, 1)                 = -1 EAGAIN (Resource temporarily unavailable)
gettimeofday({1455877950, 997674}, NULL) = 0
semop(294918, {{0, -1, SEM_UNDO}}, 1)   = 0
poll([{fd=10, events=POLLIN}, {fd=8, events=POLLIN}, {fd=6, events=POLLIN}, {fd=4, events=POLLIN}], 4, 10000) = 1 ([{fd=10, revents=POLLIN}])
accept(10, {sa_family=AF_INET6, sin6_port=htons(35559), inet_pton(AF_INET6, "::ffff:192.168.1.98", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 26
fcntl64(26, F_GETFD)                    = 0
fcntl64(26, F_SETFD, FD_CLOEXEC)        = 0
semop(294918, {{0, 1, SEM_UNDO}}, 1)    = 0
gettimeofday({1455877951, 10882}, NULL) = 0
getsockname(26, {sa_family=AF_INET6, sin6_port=htons(443), inet_pton(AF_INET6, "::ffff:192.168.1.229", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0
gettimeofday({1455877951, 14250}, NULL) = 0
write(16, "[Fri Feb 19 11:32:31.014250 2016"..., 136) = 136
fcntl64(26, F_GETFL)                    = 0x2 (flags O_RDWR)
fcntl64(26, F_SETFL, O_RDWR|O_NONBLOCK) = 0
gettimeofday({1455877951, 21367}, NULL) = 0
gettimeofday({1455877951, 23415}, NULL) = 0
read(26, "\26\3\1\0\332\1\0\0\326\3\3\271\37N\340\342fJ+f\366G\370\2118\200\177qtD\344\274"..., 8000) = 223
gettimeofday({1455877951, 26790}, NULL) = 0
gettimeofday({1455877951, 28739}, NULL) = 0
clock_gettime(CLOCK_MONOTONIC, {2079, 543716789}) = 0
gettimeofday({1455877951, 33213}, NULL) = 0
clock_gettime(CLOCK_MONOTONIC, {2079, 548681372}) = 0
clock_gettime(CLOCK_MONOTONIC, {2079, 550682330}) = 0
clock_gettime(CLOCK_MONOTONIC, {2079, 552976330}) = 0
clock_gettime(CLOCK_MONOTONIC, {2079, 554695539}) = 0
clock_gettime(CLOCK_MONOTONIC, {2079, 557096955}) = 0
clock_gettime(CLOCK_MONOTONIC, {2079, 558818830}) = 0
clock_gettime(CLOCK_MONOTONIC, {2079, 588420997}) = 0
writev(26, [{"\26\3\3\6\221\2\0\0W\3\3\236^\366\311\224IpJ\177\252.7\242\10<Aa\240u\325\262"..., 1686}], 1) = 1686
gettimeofday({1455877951, 81935}, NULL) = 0
read(26, "\26\3\3\0F\20\0\0BA\4%r\366d\207\316\271\374>\216\273\35\17\236@\256g\4\334\356\2"..., 8000) = 126
gettimeofday({1455877951, 83933}, NULL) = 0
gettimeofday({1455877951, 103060}, NULL) = 0
gettimeofday({1455877951, 103782}, NULL) = 0
gettimeofday({1455877951, 104490}, NULL) = 0
gettimeofday({1455877951, 105171}, NULL) = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0} ---
chdir("/usr")                           = 0
rt_sigaction(SIGSEGV, {SIG_DFL, [], SA_RESTORER|SA_INTERRUPT, 0x76dfba90}, {SIG_DFL, [], SA_RESTORER|SA_RESETHAND, 0x76dfba90}, 8) = 0
kill(507, SIGSEGV)                      = 0
sigreturn({mask=[]})                    = 11906264
--- SIGSEGV {si_signo=SIGSEGV, si_code=SI_USER, si_pid=507, si_uid=1} ---
+++ killed by SIGSEGV +++

Best regards,

Oliver

More information about the Mod_nss-list mailing list